A computer that is running Lync Server 2010 may
stop responding with RtcSrv.exe consuming 100 percent of CPU resources in Multi
There are two AD forests. Let’s say Forest-A and Forest-B. We have Lync in Forest-B.
User has AD accounts in both Forest-A and Forest-B. Users in Forest-A login to their
domain with integrated credentials as any one does, but use Forest-B AD user credentials
to login to Lync. There is no trust relationship between the forests. There is a
need to establish the trust between the two forests. Once trust is established,
users notice that the Lync client keeps disconnecting often. Upon troubleshooting,
we found out RtcSrv.exe on Forest-B Lync Front end server was using 100% CPU resources.
Here is the call flow
of user while logging in to Lync client before the trust relationship:
Forest-A user logins to his/her local PC with his/her forest-A domain account, Lync
tries to start up and pass users integrated AD credentials to Lync Server.
Lync Server doesn’t authenticate with this credentials since it doesn’t know about
Forest-A, and will prompt for User credentials.
User provides Forest-B credentials where Lync accepts it and sign in happens successfully.
Here is the call flow
of user while logging in to Lync client after trust relationship established between
the AD forests:
Forest-A user logins to his/her local PC with Forest-A domain account, Lync tries
to start up and use integrated user credentials to Lync Server.
Since its trusted forest, Lync Server forwards integrated account info to Forest-B
Forest-B DC knows its trusted partner and will query Forest-A DC where Forest-A
DC validates its identity.
Even though it’s a valid AD account, it’s not authorized or Lync as it is not enabled
for this account.
User will prompt for credentials where the user will enter Forest-B credentials
to login to Lync.
As this authentication
process putting lot of load on Front-end serve, the RtcSrv.exe takes up all the
CPU resource. Hence users keep getting disconnected form the Lync client.
Make user to provide
logon credentials to Lync rather than using integrated windows Credentials. You
can configure this using Lync ADM template.
"0 = Windows credentials
are sent. Lync authenticates the user based on the same credentials used to log
on to Windows. (Default).
1 = Windows credentials
are not sent. User is required to provide logon credentials to Lync."
Lync ADM template download and documentation:
Please do send an email to firstname.lastname@example.org in case
you observe the mentioned problem differently, or should have any follow up on this
By: Jit Reddy