Post Skype/Lync Installation SQL tasks Part 1 – Permissions

SQL, the Skype/Lync “Backend” server that can perform many or few functions for Skype depending on Enterprise or Standard type deployments.  Often times it’s left as “can someone else take care of it?”.  Then I get called because someone’s implementation can’t create new meetings, users can’t be added, or any number of oddness starts happening when the RTCXDS database is maxed out.  The other lovely issue is when someone deletes the account that was used to install Skype/Lync, and proper preparations haven’t been made to the SQL permissions and the SA account wasn’t enabled, or the password forgotten…  Real good times.

Permissions

If you do not have a dedicated SQL resource, who typically would be doing this anyway, I suggest setting up a SQL Admin group.  For this demonstration I will create one called “Skype SQL Admin”, for an environment that has two Skype Enterprise Pools, with two pairs of SQL 2012 Mirrored servers with a SQL 2012 Express for Witness.  Some environments I’ve known set up a SQL group for each SQL server, but as these servers are all dedicated to one purpose, one group will suffice.

  1. Create one Universal Security Group, e.g. Skype SQL Admin
  2. Add relevant users to this group, or add CSAdministrators/RTCUniversalServerAdmins groups.
  3. On each Skype SQL server, add the above group to the local Administrators group.  This should allow members of that group to log onto the server, but access to SQL will be very limited, to the point you may only see 3 or 4 logins under Security | Logins.
  4. With an account that does have SysAdmin to the SQL server, open up the SQL Server Management Studio and Connect.  If you look under that same Logins container, you should see 12+ users and groups listed, include several more RTC Universal groups.
  5. Right-click Logins, select New Login.
  6. Click Search
  7. Click Object Types button and check Groups
  8. Click Locations button and select either Entire Directory or the specific domain
  9. Enter Skype SQL Admin, click Check Names, click OK.
  10. In the upper left pane, select the Server Roles page.
  11. Add checkmark to SysAdmin.  Click Ok
  12. Done.  Log in with account that was added to the selected group.

Be sure to discuss any changes with your SQL admins, if you have them, as well as to confirm that there is another account to Sysadmin access the databases.

Leave a Reply

Your email address will not be published. Required fields are marked *