Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ICM - Windows Server 2008 cannot login to web setup

Hello guys,

 

I'm getting this error "Invalid user ID or password"

I checked the websetup log and I think that the following is the cause.

 "User administrator is not a member of Local Administrators group"

However, I checked the user administrator, it's already in the administrator/domain administrator group. Im currently logging in as domain administrator.

I never had this problem before when I was using Windows Server 2003.

 

Please advice on where I did wrong. Thanks.

Everyone's tags (1)
10 REPLIES
Silver

You're logging in as

You're logging in as Administrator or <domain>\Administrator ? 

New Member

I tried both, its not working

I tried both, its not working.

Silver

Can you post the web setup

Can you post the web setup log file from the time that you tried it?

C:\icm\log\Websetup.log

 

New Member

Please find attached log.

Please find attached log.

Silver

Okay a few questions... maybe

Okay a few questions... maybe it'll help paint a clearer picture

Were you able to run domain manager and add a Cisco root (Cisco_ICM), Facility, and Instance? If so, continue reading, if not, then you have a bigger problem. 

When you went through domain manager, did you use this account to run it? If so, can you verify that the user is part of the Cisco_ICM_Setup security group? If you open AD Users and Computers and click on the Cisco_ICM OU, you should see a security group called Cisco_ICM_Setup. If the user account is not in there, add it and then logout and log back in. While you're at it, add the Domain Admins group to the Cisco_ICM_Setup group. Once the addition is done, you can go back into domain manager on your ucce server, and select your Cisco root (Cisco_ICM) and click on Setup then click Members... verify that whatever group and/or users that you added are in fact populated in that list. 

I know you mentioned that you tried <domain>\Administrator, however, did you try the fully qualified domain name or the netbios name or both? For instance, my FQDN could be omardeen.com but my netbios name could be omar. If you are not sure about the netbios name, you can run nbtstat -n from command prompt to retrieve it. 

The last ditch effort you can make if the two above do not work is to completely delegate control to the Cisco_ICM OU to the domain admin security group and/or to the user that you are using. Right click the Cisco_ICM OU in AD Users and Computers and select Delegate Control and add who you need to add. Once the delegation is done, you can go back into domain manager on your ucce server, and select your Cisco root (Cisco_ICM) and click on Setup then click Members... verify that whatever group and/or users that you added are in fact populated in that list. 

 

 

New Member

Thanks for your kind response

Thanks for your kind response.

Yes, I can run domain manager to create the instance etc.

I went through domain manager with domain\administrator. I tried adding Cisco_ICM_Setup security group into domain\administrator still does not work. The Cisco_ICM_Setup security group is already under domain admins. I checked the Cisco root setup member, the above groups are there.

My FQDN is ciscoclass.com, NETBIOS is ciscoclass. Im using ciscoclass\administrator all the while. I tried the FQDN, still the same does not work.

I tried your final solution, I checked the setup in cisco root, the users are there, but it's still the same, i could not login. I am still getting the same error.

 

 

Silver

There is one other thing you

There is one other thing you can do - thanks to Chad Stachowicz for this idea

Go into Active Directory Users and Computers, find the server that you're trying to get web setup to work on (so it's either the rogger, aw-hds, or a sprawler). Right click on the server, go to the delegation tab and you should see some radial options. More than likely, the first one is selected "Do not trust this computer for delegation"... select the second option of "Trust this computer for delegation to any server (Kerberos only). Click OK to get out of that window and log into the server that you just delegated to trust... reboot it... log back in and go through web setup once more. I attached a picture of what you should see - hopefully you can actually make that change. 

One other thing... what is your domain functional level? Within Active Directory, if you right click the domain node and go to properties, it should tell you the domain and forest functional level. Are they both Windows Server 2008 R2?

New Member

I tried the delegation part,

I tried the delegation part, still the same.

As for domain functional level, it was 2003 previously, I changed it to Windows Server 2008 R2, did a reboot, still the same.

Silver

I'm fresh out of ideas my

I'm fresh out of ideas my friend - this is certainly a strange problem. Is blowing the box away and completely starting over an option? If so, you got nothing to lose at this point.

 

New Member

I've started over quite a few

I've started over quite a few times, still the same.

I think we are looking into the same post. https://supportforums.cisco.com/discussion/11271801/ucce-852-install-w2008-r2-sp1-2008-dc-problems

I tried Geoff and Chad's solution which I reverted the DC to an earlier snapshot when only DC and DNS were created, delegate the sprawler machine to "Trust this computer for delegation (Kerberos)", did a domain manager setup, and magically I was able to login into the web setup. 

It's funny why it only works this way.

Anyway, thanks alot for helping, appreciated it :)

337
Views
0
Helpful
10
Replies