So I came across this issue at a customer’s site the other day.

Environment

The customer runs multiple Lync 2013 Front End Servers in an enterprise pool with the backend and monitoring databases being hosted on a SQL 2008R2 Cluster (default instance) that is also used for other applications and, thus, uses mixed authentication mode.

A SQL admin was present during the initial installation of the Lync Pool, and his credentials were used to perform the DB installation.

Problem

So far so good, but when the SQL admin was gone and the Lync Admins (members of RTCUniversalServerAdmins) tried to access the databases with cmdlets like Test-CsDatabase, Update-CsAdderssbook or Install-CsDatabase, they got a nasty little error like:

Command execution failed: Property DefaultSchema is not available for Database '[LcsCDR]'. This property may not exist for this object, or may not be retrievable due to insufficient access rights.

We verified the Logins and permissions on the SQL cluster and everything looked OK, meaning the logins and permissions for all the RTCUniversal… groups were there, just as expected. Still, the error would not go away.

The problem seems to be, that Active Directory groups cannot be used with mixed mode authentication??

Solution?

The only solution we found, was to add the user account of the Lync Admin as a login on the SQL cluster and assign permissions directly to the user. Once the user was granted permissions directly (and not through an AD group membership), the error disappeared and the cmdlets worked just fine. This, by the way, explains why the initial setup worked just fine: The SQL admin, whose account was used during setup, had a login and permissions configured for his AD user.

The solution is OK for a temporary workaround, but is not very feasible for an enterprise deployment. If anyone has a better solution, I’d love to hear from you :)

Cheers,
Tom