Unity 3.1(5) access issue

Unanswered Question
Feb 4th, 2009

Hi,

I have problem with access to Unity administration webpage.

Cisco advice http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00801651f9.shtml#unity_iis

didn't helped.

Because I have no rights to domain controller I am not sure what to check.

Can someone advice to what domain group user have to be attached? Maybe some special raight have to be granted??

Please advice

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tray Stoutmeyer Wed, 02/04/2009 - 09:51

Unity 3.x is no longer supported by TAC. I don't know if 3.x has this option in the tools depot but there is a grant unity access tool in 4.x and above that would allow you to tell Unity to allow an account access to SAweb.

Tray

dszymkowicz Thu, 02/05/2009 - 05:32

Unity 3.1 contain program grantunityaccess.exe

I have one problem, I am not sure what excactly parameter -s is?

Because finally I receive

"Failed getting subscriber's object ID from database."

C:\CommServer>grantunityaccess

[GrantUnityAccess.exe] Version 1.0

This program adds a user's SID to Unity's internal collection of

recognized SIDs and associates it with a local subscriber.

If you are migrating users from NT4 using the Active Directory

Migration Tool or any other user migration tool that supports

SidHistory, use of this program is not necessary as Unity

recognizes the SidHistory user attribute.

Usage:

GrantUnityAccess -u [\] -s [-d]

or

GrantUnityAccess -l

-u NT Username

-s Subscriber Alias

-l List associations that have been made by this tool

-d Delete association(s) that was created by this tool

Example1: To associate the NT4 user NT4DOMAIN\Administrator with

the Unity subscriber 'EAdministrator', type:

GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator

Example2: To undo the association created in Example1, type:

GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator -d

This program must be run on the Unity box, whose domain must trust

the NT user's domain.

Tray Stoutmeyer Thu, 02/05/2009 - 07:20

Like the instructions mention -s is the subscriber alias that already has administrative access to SAweb on Unity ie)Eadministrator.

GrantUnityAccess -u NT4DOMAIN\Administrator -s EAdministrator

is giving SAweb access to Administrator account on your domain NT4DOMAIN. If your subscriber alias that you want to have access to Unity has a Windows account alias of dszymkowicz on the Unity in xyz domain, then you would do the same script with your alias like so...

GrantUnityAccess -u XYZ\dszymkowicz -s

Eadministrator

After that, you should be able to access SAweb if you are the user dszymkowicz.

Make sense?

Tray

dszymkowicz Thu, 02/05/2009 - 07:36

OK,

I tried this before. No result. But was informed it was done.

I tried oposite by pointing myself as -s and SAweb user as -u.

It works now.

dszymkowicz Fri, 02/06/2009 - 02:37

One important thing.

I haven't been installed Unity, so I don' t know all details.

How to check names of EAdministrator?

This is a key. I checked more than 10 unity clusters and sometime this is EAdmin, Esubscriber, EAdmin3434534 (e.x.)

Because I have temporary access to user with highest rights.

Ginger Dillon Fri, 02/06/2009 - 08:10

Hi -

Early Unity installs installed both an EAdmin account and Esubscriber account. The Esubscriber was eventually removed. The very first install of Unity in an AD forest will be EAdmin. For subsequent installs of other Unity servers in the same forest, even if different domains, the alias Eadmin is already taken and must be unique, thereby the Eadmin accounts you see with EAdminxxxxx.

Ginger

Actions

This Discussion