Unity CXN logins "disconnected" after an SBR with Sub

asilvera4 · ‎03-20-2019

I moved a legacy UC 8 cluster to new UCS devices prior to upgrading to 11.5. Publisher came up and worked perfectly normally for calls and admin access. I installed the v3 keys and pre update 1.5 cop while the Subscriber was building. After Sub was brought on line and keys and cop installed the cluster was in a Split Brain Resolution for well over an hour, and then the show cuc cluster status output looked perfectly normal.

I made a test call to voicemail and reached my recorded greeting as normal, I was able to log in via TUI as normal. Just as I thought all was well, I logged in to the cuadmin with my LDAP account credentials. I was able to log in, but as soon as I tried to make any changes I got an error on top of the configuration menu tree of "access denied". When accessing the ciscopca page it read that my user did not have a mailbox. The Unified Services page indicated that admin account built at installation was locked out or altered.

As I was over my outage window at the time, I shut down both of the new virtual machines and spun up just the original Pub on the old hardware. This is working as before, although obviously with the error that the communication to the Sub is broken. Because they are shut down I cannot really pull information or making any changes currently. I thought it worth a long shot to see if anyone has seen this same condition of user accounts both working and also kind of not really working. It's like the mailboxes still existed, but they weren't tied to the LDAP accounts; although I could half-way log in to the cuadmin page with my own account.

Ratheesh Kumar · ‎03-20-2019

Hi there

Just wondering this might help you

Error Message: “Sign-In Status – Account Has Been Locked.”

When users encounter the error message “Sign-in status – account has been locked,” it is possible that the user exceeded the number of failed sign-in attempts that is allowed. (This limit is set on the System Settings > Authentication Rules page in Cisco Unity Connection Administration.) It may also be possible that the user forgot his or her credentials, or an unauthorized user attempted to gain access.

Use the following task list to determine the source of the problem and correct it.

To confirm that the account is locked, in Cisco Unity Connection Administration, go to the Users > Edit Password Settings page for the individual user, and select Web Application from the Choose Password menu. Under Web Applications Password Settings, you can verify the status of the user credentials to determine whether the password was locked by an administrator, there were failed sign-in attempts, or the password was locked after an excessive number of failed sign-in attempts.

To unlock the user account, in Cisco Unity Connection Administration, go to the Users > Edit Password Settings page for the individual user, and select Web Application from the Choose Password menu. Under Web Applications Password Settings, select Unlock Password.

When the default application administration account is locked, for example, because the password has expired or because of too many unsuccessful sign in attempts, no application administration account is allowed to sign in to Cisco Unified Serviceability. (You specify the account name and password for the default application administration account during installation, and you create and administer additional application administration accounts in Cisco Unity Connection Administration.) To unlock the account, change the password using the utils cuc reset password CLI command. Changing the password also unlocks the account. (If an account has been hacked, you do not want to unlock it without also changing the password.)

https://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unity-connection/68400-unity-conn-password-recovery.html#unlock

Hope this Helps

Cheers
Rath!
***Please rate helpful posts***