SA authentication second level fail

Unanswered Question
Jul 19th, 2007

Unity 4.2.1 VM only with Exhcnage 2003 on separate Win 2003 server. This morning unity running, but not taking any calls either IP or via the Dialogic line card. Rebooted server and Unity now takes calls but not one of the Admin accounts can access the SA. We get the user id/ password / domain prompt, and then we get a second box asking which account name to use. At this point we either get an error about not being able to authenticate, or an account locked message. Real helpful note about contacting the sys admin for help. I am the sys admin and I haven't got a clue as to why Unity decided today to lock out all the admins.

Lee

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
navinger Thu, 07/19/2007 - 10:09

Hi,

Not sure what to tell you about why Unity stopped taking calls.

Getting prompted to authenticate again sounds like an IE setting, but I don't recall ever seeing an account locked message. Might want to check the IE options though, but IE will hang if you try to change options while Unity is running.

1. Log on to the Unity server and stop Unity.

2. Open IE.

3. Click Tools > Internet Options.

4. Click the Security tab.

5. If you've added the SA web to the Trusted Sites, click Trusted Sites. Otherwise, click Local Intranet.

6. Click Custom Level, and scroll down to the end. Under User Authentication, make sure that "Prompt for user name and password" is *not* selected. You need "Automatic logon with current user name and password" selected.

These IE settings are stored on a per-user basis.

Nancy

navinger Thu, 07/19/2007 - 10:34

Hi,

Another thought about getting prompted a second time... Any chance you could have run grantunityaccess using the account that you are logged onto the server as? I do recall now being prompted a second time when there was more than one Unity subscriber account associated with the domain account that I'm logged on to the server as. The SA prompts for logon in this case because it can't tell what subscriber account you're trying to log on as.

Open up a command prompt window, change to the \commserver directory, and run:

grantunityaccess /l

That's lower case L. That should provide a list of domain account/subscriber account associations. Enter

grantunityaccess /?

To get help. You might want to delete one or more of those associations.

Also take a look at the following section in the Unity SA Guide:

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_administration_guide_chapter09186a0080449bda.html#wp1124642

Scroll down a bit in that section and there's good info on grantunityaccess.

Nancy

k6lw Thu, 07/19/2007 - 10:34

I have cisco TAC fumbling around trying to figure out what is going on. System has been running without any problems since March and today it croaks. The server is taking and recording calls, but it won't allow any one to administer it using any browser, IE6, IE7, Opera 9, etc...

Actions

This Discussion