Permissions Wizard not adding message store rights

Unanswered Question
Feb 5th, 2008

I'm adding a new message store to a Unity 4.0.5 system. Currently the system uses an off box Win2k/Exch2k server. I'm adding a Win2003/Exch2003 server and will be moving all the mailboxes. I've installed the latest permissions wizard from ciscounitytools and when I run it, it completes without error but when I look at the security tab on the new message store, I can see it is not adding the msgstoresvc account's rights (send as, receive, etc)... I've run the wizard multiple times with the same results. The detailed results log says its adding these rights to the new message store successfully but it isn't.

If I add the rights manually everything works but I'm a little concerned that something might be amiss in my environment.

Has anyone seen this before?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tommer Catlin Tue, 02/05/2008 - 14:39

sounds like the account you are using to run the permissions does not have enough rights to grant the permissions.

The other problem could be is AD replication. If your domain is large or a large number accounts, it could take a little time for the accounts to be updated. Typically, it's 15 minutes for replication to take effect. (small domains too!)

I would run the permissions, let it sit, then refresh the OU with the accounts and check the permissions.

You also could have some kind of Domain Security policy blocking this. But it's hard to say without knowing your enviroment.


Jaime Valencia Mon, 02/11/2008 - 21:02

i agree on the fact that the issue might be permissions, take a quick look at this link and make sure the account you're using to run PW has the right permissions:

# Log on to the Cisco Unity server by using an account that:

* Is a member of the Domain Admins group in the domain in which the Cisco Unity server is being installed, or that has permissions equivalent to the default permissions for the Domain Admins group.

* Is either an Exchange Full Administrator or a member of the Domain Admins group in the domain that contains all of the domains from which you want to import Cisco Unity subscribers.

Caution! If you try to run Permissions Wizard using an account that has less than the default permissions for a Domain Admin, Permissions Wizard may not be able to set all of the permissions required by the installation account and the services accounts. If Permissions Wizard cannot set all of the required permissions, either the Cisco Unity installation will fail, or Cisco Unity will not run properly after it has been installed.

also make sure you have checked the 'Allow Inheritable Permissions from Parent to Propagate to This Object' check box on the Security tab for the user




This Discussion