cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
818
Views
20
Helpful
7
Replies

Cisco Unity Configuration: assistance requried

sagar.sarker
Level 1
Level 1

Hello,


We have CUCM 7.0 in our environment and we want to implement Cisco Unity 7.0 with this. I have been following Installation Guide for Cisco Unity in a Unified Messaging Configuration with Microsoft Exchange and got stuck at the point of checking permission with permission wizard. I have created 4 accounts as per the document. But I cant give appropiate permission to the accounts. Attached is the permission wizard report. please anyone go through it and let me know what permission shall i give to the accounts.


Any help in this regard is highly appreciable.


Regards,

Sagar

7 Replies 7

Brad Magnani
Cisco Employee
Cisco Employee

Hi Sagar,

Make sure that you're running the Permissions Wizard as the UnityInstall account, which should be a member of the Domain Administrators group.  It sounds like the account you're logged into the server with while running PW may not have enough privileges to set the permissions required.

Hope that helps,

Brad

j.sillers
Level 5
Level 5

I can't view the report right now off my iPhone but my experience is that the Svc and Message Store accounts do not have the same rights but the mistake people make is thinking that full admin rights for all accounts is the solution when in fact tje Message store account should not have full admin rights. It's an MS Exchange requirement and many an Exchange admin have told me 'duh' when I tell them my problem.

Sent from Cisco Technical Support iPhone App

1.  The UnityInstall account does not explicitly require Domain Admin rights.  Rather, the account you run the PW as needs to be a Domain Admin.  You will choose the Installation Account during the PW and it will set the appropriate permissions; however, it can only do this if you login with a Domain Admin account.  If you want to use UnityInstall as that account, then you'd set that group membership in advance and then login with that account.

2.  The Exchange permissions that are special are for the UnityInstall and the UnityDirSvc accounts.  They need to be Exchange Administrator or Exchange Organization Administrator based on the version of Exchange you are running.

Hailey

Please rate helpful posts!

Hi Hailey,


Thanks for your helpful information. Please correct me if i'm wrong.


I am going to run the PW to check the permissions for all the accounts that are already in place. Now if i'm not wrong, if I try to run the PW with unityinstall account, which is a domain admin account and used for set permission, it will set the permission for other accounts (dir service & messege service store account) as required. Will it set the Exchange privilleges required for the accounts?


In my scenerio, AD has got different child domain entries and so in Exchange. Shall I need to consider something special in this case?


Regards,

Sagar

If your UnityInstall account is a Domain Admin then you should be able to set most permissions with the wizard.  However, it's not uncommon to have to set a couple things manually - for example, read/list on Deleted Objects OU(s) for UnityDirSvc.  As for Exchange rights, some things like Send As/Receive As are set by PW.  However, you are likely referring to the Exchange Admin rights required for UnityInstall and UnityDirSvc which are not set by PW.  You have to manually delegate Exchange admin rights which is noted in the output of the PW logs and in any report if you were to run one.  This is done either via Exchange System tools / management console.  For child containers in the domain where you need to import users from, you specify those containers individually while running the wizard or you can set import for the root of the domain.  For Exchange, you will also specify specific storage groups that Unity can access while running the wizard as well.

Hailey

Please rate helpful posts!

Hi David,


Thanks for your help regarding this.


I need a help from you. I have created four user ID for unity as below-


InstallationUnityInstall
AdministrationUnityAdmin
Account that Cisco Unity directory services log on as (directory   services account)UnityDirSvc
Account that Cisco Unity message store services log on as   (message store services account)UnityMsgStoreSvc


Now can you please let me know what kind of domain & exchange previllege is required for these accounts?


Regards,

Sagar

In a UM install, all 4 service accounts need Domain User and its typically best to grant Local Admin rights on Unity itself for those accounts as well. UnityInstall and UnityDirSvc should be Exchange Organization Administrator and you must manually delegate those rights. All other permissions can be set by Permissions Wizard. There are some troubleshooting docs that may instruct you to grant elevated privileges to UnityInstall but this is to address specific issues if they are encountered.

Hailey

Please rate helpful posts!