In January we were staging our new servers in preparation of upgrading our UCCE from 8.5 to 10.5. Our A side is located in Jacksonville Florida and our B side is located in Irvine California. We had our A side servers online about a month before the B side. We were able to install ICM and access the web setup URL on the A side without issues. When we got the B side servers online we could not access the web setup URL. The logs showed the account we were trying to log in with could not be found. We tried using the cisco domain manager tool. The tool could see our current AD structure but if you searched for an end user it could not find them. We worked with our AD group to verify the servers could connect to the domain controllers using the Microsoft LDP tool. We were able to connect to the domain controller and search for the user that the cisco tools could not find. We opened a TAC case and several weeks later they got the developers involved. No one could tell us how these cisco tools interacted with the domain controllers and there were no logs produced by the cisco applications that could help us to troubleshoot the issue. Our AD group was going to engage Microsoft and noticed that we had not ran Microsoft updates on the servers since they were installed. They said Microsoft would not help us unless the servers were updated. After we updated the servers the issue went away. No one could explain to us why this resolved the issue.
Last Friday we were trying to login to the Unified CCE Administration web page as an administrator so we could add some attributes for precision queues. We received the error ---Invalid Username and/or Password. I know this URL uses the same kind of authentication we had issues with before so I tried the web setup URL and the domain manager tool from every server at our A and B side locations. None of them can connect with the web setup tool. We receive the error---Authentication error. There is a problem accessing the authentication service. Contact your system administrator. The domain manager tool cannot locate users on our domain so it appears we are having the same issue again. I worked with my AD group and verified we can connect with all the Microsoft tools. I have a TAC case open but we are not making much progress. I added a test server to our domain and updated with the latest Microsoft patches and am still having the same issue.
screenshots of errors attached
We faced the same issue when we are doing the same upgrade
The login will work after sometime, also sometimes in different browser or in specific versions, TAC is not able to help us in this as the issue was diverted towards Microsoft AD and was a cycle
It was happening frequently where sometimes we are not able to login to AW server through RDP
FInally without any clue tried rebooting both the AD & DNS servers
There after once the system become stable it doesnt happenend anymore
Note: Not able to find the root cause and not sure domain-manager error
Just to share things to you
Thanks for the info Hari. We have not had any issues logging into the servers. We have tried three different browsers to access the CCE Administration page. Im not sure if we are running into the same issue. It worked perfect for 8 months and now nothing works.
Initially the CCE web login issue started post migration (Intermittent), later the server login issue occured
Once we faced the server login issue, we decided to rebuilt the server (as there is no other options or support docs available and also due to time crunch)
After rebuild no other issue
First make sure Tomcat service is running in services.msc
And login into local user and under server manager go to local user and groups
Under groups – Add <Instance_ICM_CONFUG and SETUP)
It will work – we tried same thing in my setup
Actually, i have the same problem with 10.5 and 11.5 setup. Apache is for the websetup page to load correctly, you need to make sure your "cisco_icm_setup" and "cisco_icm_config"in the local group "uccesetup" "ucceconfig" that was created after the setup ran. ALSO, most important, is to have the UPN of the setup user match your ICM domain suffix. At last, make sure "cisco_icm_setup" and "cisco_icm_config"and there is also a "facility_instance_service" domain group, that needs to be in the local administrator's group of the computer. After all these, the setup will load. Hope this helps.