Lync / Skype for business – LS User replicator Event ID 30020


During one of my regular on-site visit to a customer of mine, I ran into a problem with a user cannot sign in to Lync 2013 clients, whenever the user try to login he gets an error message telling him to check his username and password (Login credentials), although the credentials is 100% correct, he could never log in, interesting to say here is that the history of the customer’s infrastructure included an Active directory migration.


When the user try to log in he gets an error to check his username and password, resetting the user’s password did not result in any success.



Collecting sip-stack logs on the client and the server while trying to log in gave me the reason why the frontend is refusing the login credentials

Text: Failed to authorize user credentials

“User Token SID S-1-5-21-xxx-xxx-xx-xxx did not match DB SID S-1-5-21-xxx-xxx-xx-xxx”


shortly after I see a SIP/2.0 403 Forbidden error with

ms-diagnostics: 4004; reason=Credentials provided are not authorized to act as specified from URI; AuthenticatedIdentity = username; source = frontend


so the problem was with the user SID, for some reason when Lync synched the new accounts to its database after the AD migration, it took it with wrong SID, so Lync database had a SID of this users that is not the same like the one from active directory.


checking the user’s object-sid attributes in the Active directory I found even a stranger problem, the account had a 3rd SID that is totally different from the ones reported in the logs 🙂

so like any other Lync specialist will do, I fired the PowerShell and give command to Lync to update the user database, thinking it might be a problem with Synchronization

:\> Update-CsUserDatabase

monitoring the event viewers to see the progress of the synchronization I saw a new error reported

Event ID 30020, source “LS User Replicator”

“User URI is already being used by another valid user in the database….”


so I was like “huh…?! really” checking Lync, only one user have this SIP address, checking Active directory msRTCSIP-PrimaryUserAddress attribute of all users (thanks to PowerShell) found that only him has this SIP address, then what is the problem?

finally I tried the last two options which are using DBanalyze & disabling and enabling the user again for Lync, long story shot, did not fix it also.



  1. Disable and remove the user from Lync server
  2. login to the Frontend and start SQL Management Studio
  3. connect to the RTCLOCAL Instance
  4. run the following query against the RTC database
    • execute dbo.RtcDeleteResource ‘user sip address’
  5. restart the Master Replica replicator & the Replica replicator agent service on the frontend
  6. Enable the user for Lync again and wait a couple of minutes


tried to login and all worked without a problem, even the user contact list was the same 😉

Author: Lyncdude

A Senior Service Engineer with more than 9 years of experience in Microsoft Exchange and Microsoft Lync Server / Skype for Business. Egyptian guy lives and works in Frankfurt - Germany. what is written in this blog is my own opinion and thoughts, not my employer and does not reflect their opinion

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: