Solved: Unity Connection admin permissions / privileges

dwaters · ‎10-22-2012

On Cisco Unity Connection version 7.0.2.10000-38 an administrator has accidently removed privileges from there selves; this has resulted in loss of access to administer the system. When logging in the message “Not Authorized” is displayed and we don’t get any further.

Please note: I dont have another Web admin user to login as.

I can access the CLi however I’m unable to find a method to reset permissions.

'utils reset_ui_administrator_password' and 'utils reset_ui_administrator_username' I don’t think will be much help.

davrojas · ‎10-23-2012

Hello Daniel,

"

Are you not able to login to Admin page using the Administrator account ?

A. Create another Admin account

1. Create a user with No mailbox
===================================
run cuc dbquery unitydirdb execute procedure csp_UserCreate(ptemplateObjectId=(select objectid from vw_Usertemplate where displayname='Administrator Template'),palias='<alias which you want>')

2. Assign "System Administrator" Role to the user
==================================================
run cuc dbquery unitydirdb execute procedure csp_PolicyCreate (pRoleObjectId=(SELECT objectid FROM vw_role WHERE rolename='System Administrator'), pUserObjectId=(SELECT objectid FROM vw_globaluser WHERE alias=''));

3. Reset the Password of the user
===================================
utils cuc reset password <alias you created above>

4. Try login and then reset the cucadministrator password from CUCA.

"

Credit is for A.M.Mahesh Babu !

Regards,

David Peck

View solution in original post

davrojas · ‎10-23-2012

Here an example during lab recreation:

admin:run cuc dbquery unitydirdb execute procedure csp_UserCreate(ptemplateObjectId=(select objectid from vw_Usertemplate where displayname='Administrator Template'),palias='davidcliscript')

pmailboxid pobjectid

---------- ------------------------------------

null 1c05947c-2e14-4e52-82ae-308d12da39e3

admin:run cuc dbquery unitydirdb execute procedure csp_PolicyCreate (pRoleObjectId=(SELECT objectid FROM vw_role WHERE rolename='System Administrator'), pUserObjectId=(SELECT objectid FROM vw_globaluser WHERE alias='davidcliscript'))

pobjectid

------------------------------------

476457e0-f834-4138-93ff-4458709cc1ef

admin:show account

Account = Administrator, Privilege = 4

Account = test, Privilege = 1

admin:utils cuc reset password davidcliscript

Enter password:

Re-enter password:

davidcliscript

10/23/2012 08:50:30.486 : Update SUCCEEDED

If by any reason you want to find out if some other non-subscriber accounts exist, you can run:

admin:run cuc dbquery unitydirdb select alias from vw_usernonsubscriber

alias
----------------
administrator
unityconnection

Regards,

David Peck

View solution in original post

Bradford Magnani · ‎10-22-2012

Hi Daniel,

I think you're actually looking for

utils reset_application_ui_administrator_name

utils reset_application_ui_administrator_password

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/7_1_3/cli_ref_713.html#wp113347

Brad

dwaters · ‎10-23-2012

admin:utils reset_ui_administrator_password

New password:

Confirm new password:

-------------------- utils reset_ui_administrator_password --------------------

Reset user interface password

CUCAdministrator

Read Credential for CUCAdministrator failed.

10/23/2012 09:35:30.645 : Update FAILED: code = 1, AUTHORIZATION FAILURE

Bah!

dwaters · ‎10-23-2012

admin:utils cuc reset password CUCAdministrator

Enter password:

Re-enter password:

CUCAdministrator

Read Credential for CUCAdministrator failed.

10/23/2012 09:40:54.789 : Update FAILED: code = 1, AUTHORIZATION FAILURE

2012-10-23 09:40:54,798 ERROR [Thread-149] cli.cmdUtilsCucResetPassword - Command failed: 1: stderr=''; stdout='CUCAdministrator

Read Credential for CUCAdministrator failed.

10/23/2012 09:40:54.789 : Update FAILED: code = 1, AUTHORIZATION FAILURE

'

admin:

That command also fails.

davrojas · ‎10-23-2012

Hello Daniel,

"

Are you not able to login to Admin page using the Administrator account ?

A. Create another Admin account

1. Create a user with No mailbox
===================================
run cuc dbquery unitydirdb execute procedure csp_UserCreate(ptemplateObjectId=(select objectid from vw_Usertemplate where displayname='Administrator Template'),palias='<alias which you want>')

2. Assign "System Administrator" Role to the user
==================================================
run cuc dbquery unitydirdb execute procedure csp_PolicyCreate (pRoleObjectId=(SELECT objectid FROM vw_role WHERE rolename='System Administrator'), pUserObjectId=(SELECT objectid FROM vw_globaluser WHERE alias=''));

3. Reset the Password of the user
===================================
utils cuc reset password <alias you created above>

4. Try login and then reset the cucadministrator password from CUCA.

"

Credit is for A.M.Mahesh Babu !

Regards,

David Peck

davrojas · ‎10-23-2012

Here an example during lab recreation:

admin:run cuc dbquery unitydirdb execute procedure csp_UserCreate(ptemplateObjectId=(select objectid from vw_Usertemplate where displayname='Administrator Template'),palias='davidcliscript')

pmailboxid pobjectid

---------- ------------------------------------

null 1c05947c-2e14-4e52-82ae-308d12da39e3

admin:run cuc dbquery unitydirdb execute procedure csp_PolicyCreate (pRoleObjectId=(SELECT objectid FROM vw_role WHERE rolename='System Administrator'), pUserObjectId=(SELECT objectid FROM vw_globaluser WHERE alias='davidcliscript'))

pobjectid

------------------------------------

476457e0-f834-4138-93ff-4458709cc1ef

admin:show account

Account = Administrator, Privilege = 4

Account = test, Privilege = 1

admin:utils cuc reset password davidcliscript

Enter password:

Re-enter password:

davidcliscript

10/23/2012 08:50:30.486 : Update SUCCEEDED

If by any reason you want to find out if some other non-subscriber accounts exist, you can run:

admin:run cuc dbquery unitydirdb select alias from vw_usernonsubscriber

alias
----------------
administrator
unityconnection

Regards,

David Peck

Tech Admin · ‎01-17-2014

Does this work on CUCM too?