I have stumbled upon this blocker: Set-CsCommonAreaPhone, New-CSCommonAreaPhone and Remove-CsCommonAreaPhone seem to have issues when being run remotely.
If I RDP into the FE, start the Lync Powershell, I can run those commands just fine, but run over a remote session I get the error mentioned in the title.
Other commandlets I'm using remotely (user management, policy management, pins) all work, which seems to indicate that it's not a permission issue (all users I've tried for have CSAdministrator rights as well as RTCUniversalUserAdmin - and I've tried users with and without domain admin rights).
Full errors, e.g. for Remove-CsCommonAreaPhone:
Active Directory operation failed on "CHDEVAD02.nxodev.intra". You cannot retry this operation: "Access is denied
00000005: SecErr: DSID-031522EC, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
"
+ CategoryInfo : InvalidOperation: (CN=testphone 78...nxodev,DC=intra:UserIdParameter) [Remove-CsCommonAr
eaPhone], ADOperationException
+ FullyQualifiedErrorId : ProcessRecord,Microsoft.Rtc.Management.AD.Cmdlets.RemoveOcsCommonAreaPhoneCmdlet
And Set-CsCommonAreaPhone
Active Directory operation failed on "CHDEVAD02.nxodev.intra". You cannot retry this operation: "Insufficient access ri
ghts to perform the operation
00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause is that
the Lync Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security group
s (for example, the Domain Admins group). To manage users in the Domain Admins group, use the Lync Server Management Sh
ell and log on using a Domain Admins account. There are other possible causes. For details, see Lync Server 2010 Help.
+ CategoryInfo : NotSpecified: (:) [Set-CsCommonAreaPhone], ManagementException
+ FullyQualifiedErrorId : Microsoft.Rtc.Management.AD.ManagementException,Microsoft.Rtc.Management.AD.Cmdlets.SetO
csCommonAreaPhoneCmdlet
It also doesn't matter if I log into the remote powershell using the currently logged in user's credentials (
(New-PSSession -ConnectionUri https://chdevocs04.nxodev.intra/ocspowershell/ -Authentication NegotiateWithImplicitCredential) or specify another lync admin's credentials - New-PSSession -ConnectionUri https://chdevocs04.nxodev.intra/ocspowershell/ -Credential $UserCredential).
Any ideas on how I can get those commandlets to work remotely?