I'm getting this error "Invalid user ID or password"
I checked the websetup log and I think that the following is the cause.
"User administrator is not a member of Local Administrators group"
However, I checked the user administrator, it's already in the administrator/domain administrator group. Im currently logging in as domain administrator.
I never had this problem before when I was using Windows Server 2003.
Please advice on where I did wrong. Thanks.
Okay a few questions... maybe it'll help paint a clearer picture
Were you able to run domain manager and add a Cisco root (Cisco_ICM), Facility, and Instance? If so, continue reading, if not, then you have a bigger problem.
When you went through domain manager, did you use this account to run it? If so, can you verify that the user is part of the Cisco_ICM_Setup security group? If you open AD Users and Computers and click on the Cisco_ICM OU, you should see a security group called Cisco_ICM_Setup. If the user account is not in there, add it and then logout and log back in. While you're at it, add the Domain Admins group to the Cisco_ICM_Setup group. Once the addition is done, you can go back into domain manager on your ucce server, and select your Cisco root (Cisco_ICM) and click on Setup then click Members... verify that whatever group and/or users that you added are in fact populated in that list.
I know you mentioned that you tried <domain>\Administrator, however, did you try the fully qualified domain name or the netbios name or both? For instance, my FQDN could be omardeen.com but my netbios name could be omar. If you are not sure about the netbios name, you can run nbtstat -n from command prompt to retrieve it.
The last ditch effort you can make if the two above do not work is to completely delegate control to the Cisco_ICM OU to the domain admin security group and/or to the user that you are using. Right click the Cisco_ICM OU in AD Users and Computers and select Delegate Control and add who you need to add. Once the delegation is done, you can go back into domain manager on your ucce server, and select your Cisco root (Cisco_ICM) and click on Setup then click Members... verify that whatever group and/or users that you added are in fact populated in that list.
Thanks for your kind response.
Yes, I can run domain manager to create the instance etc.
I went through domain manager with domain\administrator. I tried adding Cisco_ICM_Setup security group into domain\administrator still does not work. The Cisco_ICM_Setup security group is already under domain admins. I checked the Cisco root setup member, the above groups are there.
My FQDN is ciscoclass.com, NETBIOS is ciscoclass. Im using ciscoclass\administrator all the while. I tried the FQDN, still the same does not work.
I tried your final solution, I checked the setup in cisco root, the users are there, but it's still the same, i could not login. I am still getting the same error.
There is one other thing you can do - thanks to Chad Stachowicz for this idea
Go into Active Directory Users and Computers, find the server that you're trying to get web setup to work on (so it's either the rogger, aw-hds, or a sprawler). Right click on the server, go to the delegation tab and you should see some radial options. More than likely, the first one is selected "Do not trust this computer for delegation"... select the second option of "Trust this computer for delegation to any server (Kerberos only). Click OK to get out of that window and log into the server that you just delegated to trust... reboot it... log back in and go through web setup once more. I attached a picture of what you should see - hopefully you can actually make that change.
One other thing... what is your domain functional level? Within Active Directory, if you right click the domain node and go to properties, it should tell you the domain and forest functional level. Are they both Windows Server 2008 R2?
I tried the delegation part, still the same.
As for domain functional level, it was 2003 previously, I changed it to Windows Server 2008 R2, did a reboot, still the same.
I'm fresh out of ideas my friend - this is certainly a strange problem. Is blowing the box away and completely starting over an option? If so, you got nothing to lose at this point.
I've started over quite a few times, still the same.
I think we are looking into the same post. https://supportforums.cisco.com/discussion/11271801/ucce-852-install-w2008-r2-sp1-2008-dc-problems
I tried Geoff and Chad's solution which I reverted the DC to an earlier snapshot when only DC and DNS were created, delegate the sprawler machine to "Trust this computer for delegation (Kerberos)", did a domain manager setup, and magically I was able to login into the web setup.
It's funny why it only works this way.
Anyway, thanks alot for helping, appreciated it :)