Why can’t I complete the initial Lync topology on a new Lync deployment? Is something wrong with topology builder? TLSTarget is incorrecrt or the Sql Store is missing.

Publishing Topology Fails

There are a few reasons why an initial topology may fail to complete. There is one unique first case, I thought may be useful to someone in need.

The scenario is you publish the topology and you get a cannot connect to database error . There may be a few errors possible, but essentially you cant connect to the database. The error goes so far as to say “the existing topology identifies database a\rtc as the Central Management store, but the topology you are trying to publish identifies b\rtc as the central management store.”

The first thing you want to do is go to ADSIEDIT.MSC and  go to the configuration container. Then choose Microsoft->Rtc Service->Topology Settings->go to the properties of the GUID object here. the GUID should be the topology settings. Look for the attribute editor object MSRTCSIP-BackEndServer. this object may already have been set by a previous installation. This is a very difficult item to troubleshoot because you may not have been the person who did the initial install. You wouldn’t necessarily know the setting was there.

The easier way to deal with this is to run get-CSManagementStoreReplicationStatus. this will return the value to compare to verify this is not the correct location. then run Remove-CSManagementConfigurationStoreLocation. That’s it!

Now you can connect when you run the Topology builder. The topolgy builder first run is very important as it adds this AD attribute if it doesn’t already exist. The means that if the topolgy builder had been ruin and the decision was made to wait and install Lync later, this would be the case where you find this problem.

ADSIEDIT to remove  AD objects in lync or at least find them

The location to be familiar with is the RTC service in Active Directory.  The location  is adsiedit.msc then configuration partition->services->rtc service->global settings.  you see this isn’t a friendly place in figure 1

Figure 1.



you really need to use ldp.exe to see the objects any deeper. To really get to where you can see, run start->run->ldp.exe

Choose  (connection) bind as a valid user

go to view-> tree->select the default DN

Go to the same location in LDP the you looked at in ADSIEDIT.msc. (double click in ldp). You will see the same three guids there. However, this one is searchable

Right Click the global settings and click search

Use the filter field to enter (msRTCSIP-TrustedServerFQDN=lync.1domain.com)

and the results will show you the attributes for that object in Adsiedit. if you see the object is not part of Lync you can delete it here as well

Errors in publishing topology like TLSTARGET

So this was an exercise to just figure out how to see the objects and potentially find objects that need to be deleted. However, the skill is used for a far more more useful purpose. The example I have is having Lync installed and the services did not install correctly. the services installed with an old server FQDN attached to the service. the tipoff was in the failed topology publish. the error made reference to the object TlsTarget.


I searched forever and no luck. Ultimately, one of my customers was better at AD then I was. I expressed what I was looking for and he drove the ldp queries. For future reference, the Lync TLS Target is likely a service attribute. we went into LDP at the level of  services and ran the search

  • Base DN – CN=RTC Service,CN=Services,CN=Configuration,DC=domain,DC=com
  •  Filter (objectClass=*)
  •  Scope “Subtree”

The results (on the right pane) should be copied to a notepad. then search for the term of the error. the search in this case was “TLSTarget”, see here:

The Dn for object is -b107dc04—33bd—44b3—a455—57082c76b9f1. Now go look for this object under services:

Also notice the the line where we find the tlstarget  begins with the name of the object attribute- MSRTCSIP-Extensiondata. if we open this attribute, what do we expect to find? The object that would be from the old configuration

you can delete the object from adsiedit.msc or you can do it from ldp. This concludes a lesson on how to get to the AD attibute and how to filer it and delete it as in our TLS target example.

Reference 1

Reference 2


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s