I am hitting an unusual issue with password resets on Cisco Unity Connection. 8.6
We have a list of folks who perform the routine password resets that are often required of end users.
I am seeing an issue that is intermittant (I love that word), I know all those TAC folks just LOVE it too. About once in blue moon, we will get a user who needs a password reset, BUT the folks assigned to the" Cisco Knows more about what its customers need than they do", predefined, "Help Desk Administrator" Role, are not able to reset the user's password. It requires someone who is assigned to a higher Role.
I am hopeful that someone has seen this before and can provide some guidance, if not I will have to call tAc.
Sorry to hear your frustration. However "Help Desk Administrator" Role should provide ability to reset passwords, can you explain what is not working?
How are the administrators going about resetting the password? and what is not working? Perhaps I am missing something else here?
Randomly, users will call in, and the folks that reset the passwords who are assigned to the Help Desk Administrator role, are unable to reset these users. Once a System Administrator resets the password, the Desk Administrator folks can reset it. So, again it is random, and rare. BUT it happens enough, that we see 3 to 7 of these a month. There is nothing different between the user account that has the issue and other users. It is not always the same user, and again, when someone with a higher role resets the password, it returns to normal and the Help Desk Administrator folks are again able to reset the password... It seems more like some kind of Database/Permissions issue for rare accounts that have something causing them to be inaccessible by those assigned to the Desktop Administrator role.
I found that the issue was with users who had the Greeting Administrators role assigned; the Help Desk Admin users weren't able to change the passwords for those with this privilege. I opened a TAC case in which they confirmed that this is expected behavior (for both Help Desk Administrators AND the User Administrators role) and advised me to open an enhancement request, which I didn't do.
From my take on it, the "Greeting Administrators" are seen as administrative accounts, whereas the help desk admin and user admin roles are intended to modify end users. If someone has a better theory, I'm open to it...
I worked around it by adding a new account for one of the admins, and assigning it the System Administrator role; anyone who has this issue contacts him and he knows how to fix it. That's obviously a very scary solution, but it's what we had to do.