When scanning a Lync Front-end service, it may fail to run a User Authentication test. This can be due to bad credentials being used for the Test account configured.
This article describes how to validate user credentials outside of GSX Monitor using PowerShell commands or cmdlets.
Symptoms
- Front-end service is down: User Authentication test failed.
- User Authentication: 403, Forbidden.
How to Troubleshoot the Issue
The probable cause of this error is that the password used in the configuration contains a typing error. Once you have entered the passwords again to ensure they are correct, you can use PowerShell to get a more detailed error message.
To monitor Microsoft Lync servers, GSX Monitor is relying on PowerShell test commands that simulate user activity by creating synthetic transactions. In this article, we are going to create a verbose error message to understand why the 403 authentication error is generated.
The user credentials configured in Lync server Connectivity tab 
can be validated outside GSX Monitor by issuing the following commands from the server running GSX Monitor:
- Open the session to Lync Remote PowerShell Endpoint using a Lync admin account:
$admincred = Get-Credential domainname\adminuser
$sessionoption = New-PSSessionOption -SkipCACheck -SkipCNCheck –SkipRevocationCheck
$session= New-PSSession -ConnectionUri https://yourlyncFQDN/OcsPowershell -Credential $admincred -SessionOption $sessionoption
Enter-PSSession $session
-
Issue the test-authentication command using the account configured as Test User 1:
$usercred = Get-Credential domainname\testuser
Test-CsClientAuthentication -TargetFqdn lyncfrontendfqdn -UserSipAddress "sip:testusersipaddress" -UserCredential $usercred
Command should pass successfully.
Once you have credentials that can run the above commands with no errors, transfer this information into the relevant part of GSX Monitor where domain\testuser is the Test User 1.