unitymsgstore account lockout | any problems

Unanswered Question
Mar 13th, 2008
User Badges:


Customer group policy is to lock out account after three bad login attempts.

If the unity server is up and running and unitymsgstore accounts gets locked out for some reason,

will there be any issues.

Unity 4.2 with FO 2003



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pklos Fri, 03/14/2008 - 04:34
User Badges:
  • Silver, 250 points or more


It's good to set "password never expires" for service users.




ranpierce Fri, 03/14/2008 - 07:02
User Badges:
  • Silver, 250 points or more

==YES== there would be big issues. that is one of the service accounts and it would not be able to log on. The other is that accout has permissions to the mailstore.


Ginger Dillon Mon, 03/17/2008 - 13:58
User Badges:
  • Blue, 1500 points or more

Hi -

Another thing that will cause you pain is the password getting changed by group policy for the special Unity accounts, unitydirsvc and unitymsgstoresvc. If that happens, you will need to rerun Service wizard and Message Store Configuration wizard to get Unity operational again. Better to keep the Unity servers and accounts out of an OU that gets group policies applied without you knowing or getting a chance to test beforehand.

Regards, Ginger

a.cruea1980 Tue, 03/18/2008 - 10:18
User Badges:
  • Bronze, 100 points or more

From personal experience, I can wholeheartedly agree with Ginger on this: keep the Unity servers away from any GPOs you don't control, period.

I've had a UnityMSGStore account get locked out, and when that happens, just count voice mail as toast. Not to mention, that account will stay locked out, because Unity will hammer away at it and reset the "time until unlock" timer on the account.

Bottom line, don't set the Unity, or CallManager accounts for that matter, to any sort of lockout policy. An unscrupulous user or fat-fingering admin could create a DoS situation very, very quickly.

mmali Wed, 03/19/2008 - 00:05
User Badges:

Thanks for the reply guys,

What is Cisco's recommendation on securing Unity accounts?

If we set group policy for three bad attempt lock out account, if the account gets locked out then we will have problem unity talking to exchange.

If we set it no group policy then its a security issue.

Is there any CCO document on this topic?



Chuck Reid Sun, 04/06/2008 - 11:28
User Badges:


I think we are running into this problem, The other day after a Unity reboot, the services would not start. I had to click on several services, select logon tab, set new password and then the services would start. Where might I look to see where the services might be affected by a policy, I am not a windows exchange guy by any means, so if you can give me a few details where to look, I would be very grateful.



Jaime Valencia Sun, 04/06/2008 - 13:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,


first of all you need to understand that several core services run over the accounts discussed.

Appendix: Cisco Unity 4.x Services


in case one of those is disabled, blocked, whatever, the services won't start so unity will be down or won't work properly

actually this is not from windows or exchange point of view, but from AD. The AD is the place where this accounts are stored and where they might be subject to group policies so i strongly recommend to get in touch with your AD admin and tell him that he needs to keep the unity accounts free of policies that could block them, lock them after 3 wrong logins, ask for pwd change after x amount of time, etc.



if this helps, please rate


This Discussion