02-04-2009 05:59 AM - edited 03-18-2019 10:25 PM
Hi,
I have problem with access to Unity administration webpage.
Cisco advice http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00801651f9.shtml#unity_iis
didn't helped.
Because I have no rights to domain controller I am not sure what to check.
Can someone advice to what domain group user have to be attached? Maybe some special raight have to be granted??
Please advice
02-04-2009 09:51 AM
Unity 3.x is no longer supported by TAC. I don't know if 3.x has this option in the tools depot but there is a grant unity access tool in 4.x and above that would allow you to tell Unity to allow an account access to SAweb.
Tray
02-05-2009 05:32 AM
Unity 3.1 contain program grantunityaccess.exe
I have one problem, I am not sure what excactly parameter -s is?
Because finally I receive
"Failed getting subscriber's object ID from database."
C:\CommServer>grantunityaccess
[GrantUnityAccess.exe] Version 1.0
This program adds a user's SID to Unity's internal collection of
recognized SIDs and associates it with a local subscriber.
If you are migrating users from NT4 using the Active Directory
Migration Tool or any other user migration tool that supports
SidHistory, use of this program is not necessary as Unity
recognizes the SidHistory user attribute.
Usage:
GrantUnityAccess -u [
or
GrantUnityAccess -l
-u NT Username
-s Subscriber Alias
-l List associations that have been made by this tool
-d Delete association(s) that was created by this tool
Example1: To associate the NT4 user NT4DOMAIN\Administrator with
the Unity subscriber 'EAdministrator', type:
GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator
Example2: To undo the association created in Example1, type:
GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator -d
This program must be run on the Unity box, whose domain must trust
the NT user's domain.
02-05-2009 07:20 AM
Like the instructions mention -s is the subscriber alias that already has administrative access to SAweb on Unity ie)Eadministrator.
GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator
is giving SAweb access to Administrator account on your domain NT4DOMAIN. If your subscriber alias that you want to have access to Unity has a Windows account alias of dszymkowicz on the Unity in xyz domain, then you would do the same script with your alias like so...
GrantUnityAccess -u XYZ\dszymkowicz -s
Eadministrator
After that, you should be able to access SAweb if you are the user dszymkowicz.
Make sense?
Tray
02-05-2009 07:36 AM
OK,
I tried this before. No result. But was informed it was done.
I tried oposite by pointing myself as -s and SAweb user as -u.
It works now.
02-05-2009 09:03 AM
Awesome! If we helped you out, please rate!
Thanks!
Tray
02-06-2009 02:37 AM
One important thing.
I haven't been installed Unity, so I don' t know all details.
How to check names of EAdministrator?
This is a key. I checked more than 10 unity clusters and sometime this is EAdmin, Esubscriber, EAdmin3434534 (e.x.)
Because I have temporary access to user with highest rights.
02-06-2009 08:10 AM
Hi -
Early Unity installs installed both an EAdmin account and Esubscriber account. The Esubscriber was eventually removed. The very first install of Unity in an AD forest will be EAdmin. For subsequent installs of other Unity servers in the same forest, even if different domains, the alias Eadmin is already taken and must be unique, thereby the Eadmin accounts you see with EAdminxxxxx.
Ginger
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: