Re: Active Directory Integration

stisinai · ‎10-17-2001

I am currently running CM version 3.1(2) on a test system and I am trying to install the directory plug-in. I get it to install correctly and am able to see all the users and search through them. My problem is that I cannot update anything on the user page like Pin number and I cannot associate any devices with the user. I receiver the error "could not update user - 2100 access denied" I have searched the forum fairly well and haven't seen any solutions to it. Has anyone encountered this problem and do you know what you did to fix it?

Thanks in advance for any help

dconstantino · ‎10-17-2001

Have you looked up this error on Micrsoft's site. Look through the event viewer logs and the DB logs.

stisinai · ‎10-18-2001

Thanks for your reply. I checked the Win2k logs and there was nothing in there that shouldn't be. I also just checked on microsoft's web site and couldn't find anything which might pertain to the problem.

dgoodwin · ‎10-18-2001

You are running into a bug. The DDTS number is CSCdu38177. You won't be able to view it in the Bug tool because it was found by development. It will be fixed in CallManager 3.1(3).

The workaround in the meantime is to change a registry entry. The branch is:

HKLM\SOFTWARE\Cisco Systems, Inc.\Directory Configuration

The key to modify on the right is called "DIRACCESS" and the value should be set to true instead of the default false.

When you have done that, you will probably have to open Services, right click IIS Admin, and then choose Restart.

Note that this would only occur if you are using the external directory, not with DC Directory.

stisinai · ‎10-18-2001

I actually have already done that. It was listed as a step in the article found at:

cisco.com/univercd/cc/td/doc/product/voice/c_callmg/3_0/install/ad_3011.htm

Unfortunately, it did not solve my problem. I had originally tried the AD integration with CM version 3.0.10 and had trouble and decided to wait a while. I think I need to try cleaning out the Schema and starting from scratch.

I do have another question: In the configuration for the plugin, it asks for the Cisco Directory Configuration DN. My default comes in as "ou=cisco, dc=corp, dc=webadt, dc=com" where my local domain is corp.webadt.com. If the OU Cisco does not exist in active directory before I start the program it will not install. So my question is: Is this where the it is supposed to point to, or should it be pointing somewhere else?

dgoodwin · ‎10-18-2001

Yes, that is the DN you should be pointing to. It sounds indeed like you may have some kind of schema mismatch or something related.

stisinai · ‎10-19-2001

When you go to re-install the plugin, it asks if you want to keep your existing schema files or not. What does it do to the schema if you say that you don't want to keep the existing ones?

And, when you go to the registry to make the change for diraccess, there is another key called schemaversion. My value is set to oldoid - is this correct or is this a pointer to what the real problem is?

Thanks again for all your help

Steve

dgoodwin · ‎10-19-2001

When it asks you that question, you always want to say "no" to the option about keeping the existing schema. If you have ever said "yes" then we may have a problem. Can you please say whether or not you have ever said "yes" to that?

stisinai · ‎10-19-2001

The first time I installed it I said "no" to keeping the existing files. The second time I said "yes" and the next couple times I have tried both.