Removed Lync 2010 Edge Server from domain, caused warnings (event 12295)

Question

A customer removed their Lync Edge Server from the local domain (following best practices - it was in the domain before but they knew theis was wrong). When they did, everything worked fine, but there is a warning every hour about truing to validate the service account:

Active Directory operation failed while verifying validity of service account password

Active Directory operation failed with error code: 0x80070005 (Access is denied. ) Cause: The service account may not have required privileges to access Active Directory. Resolution: Check domain controller/global catalog server connectivity and whether the service account has sufficient privileges to access the Active Directory. If the problem persists, contact Product Support Services.

I am not sure what service account is being referred to here as Lync runs everything under Network Service (unlike OCS before it).

Ideas?

EDIT: We tore down the Lync components via bootstrapper /scorch and put everything back, and we are STILL seeing the problem. We'd rather not have to rebuild the machine from bare metal.

Answer 1

I opened a case with Microsoft on this (112052153849537) and we found fairly quickly that AD still had a computer account for the Edge server that was enabled and had child objects. We deleted the computer object, and the warnings stopped.

We (myself or the engineer) can't explain what the code path must be like for this to matter, but it did. He's going to look into it some on his end and see if we can get a root cause answer, and if that happens I'll add an update, but I'm not holding my breath as break/fix doesn't officially offer root cause analysis.

My personal guess is that the Edge server is doing an LDAP query for a machine with its own name, then tries to check for something against the query result. The query is allowed anonymously but nothing after that is. Just a guess.