Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
7
Replies

AVCsMgr service will not start on new 3.1 build

achillesva
Level 1
Level 1

‎12-04-2002 05:46 AM - edited ‎03-12-2019 09:48 PM

I am building a new Unity 3.1 box on a Cisco MCS platform. I have followed the install doc. *to the letter*.

I have used one account for service/install/admin. This account is named service_unity. I originally was forbidden to make the account a member of Enterprise admins, so I went the more granular permissions road as outlined in section 2-66 of the install doc.

Unity installed fine, but when I ran the config. wizard, the AVCsMgr service wouldn't start. I ran Syscheck and was told that I had to rerun setup, with service_unity as a member of domain admins. I did so, but AVCsMgr still will not start.

Now Syscheck is giving me the following errors, both from Test Suite: Doh.

The first one is "Trying to find the Doh" with comments: "Unexpected Error Occured in e:\views\Unity3.1.2.41\un_Doh2\SysCheck\DohTests\GetTheDoh.cpp, line: 45, hr = : HRESULT 0x80004005"

The second is "Check call routing rules" with comments: "Unexpected Error Occured in e:\views\Unity3.1.2.41\un_Doh2\SysCheck\DohTests\GetTheDoh.cpp, line: 45, hr = : HRESULT 0x80004005"

Any ideas?

Labels:
0 Helpful
7 Replies 7

oliviers
Cisco Employee
Cisco Employee

‎12-04-2002 08:00 AM

When the AvCsMgr doesn't start, there's probably some errors in the event log. Can you post those? Is this E2K? If the account that is running the AvCsMgr is a member of the Domain Admins group, that's actually going to cause problems.

0 Helpful

mmiktus
Level 1
Level 1
In response to oliviers

‎12-11-2002 01:53 PM

How does the Domain Admins group cause a problem?

I am doing the same thing in the lab here. New install of 3.1.5 Exchange 2000 Off Box. AvCsMgr will not start at all causing unity install to fail.

What's up?

Stats:

Installation done by user that has Enterprise, domain, admin & schema rights & is delegated to administer EX2K.

Dell 1400

CCM 3.2 2c Sp F

Exchange 2k Enterprise Off-box same exchange site

0 Helpful

oliviers
Cisco Employee
Cisco Employee
In response to mmiktus

‎12-11-2002 03:45 PM

Domain Admins membership will cause a problem because by default, that group has an explicit deny on all people's mailboxes. You can see if this is the case by opening the AD Users and Computers, and enabling the advanced view. The go to a user in question and select the Exchange Advanced tab. There will be a mailbox rights command button. If you select that, you should see the rights.

Since EnterpriseAdmins is a superset of DomainAdmins, you'll see the same problem there as well.

0 Helpful

mmiktus
Level 1
Level 1
In response to oliviers

‎12-11-2002 05:07 PM

so, mon capitan, what's the fix? the installation account Unity was installed under was ( basically ) God as far as my domain was concerned. Not really sure where to go from here.

Suggestions, comments & criticisms are all welcomed.

Thanks

M

0 Helpful

lindborg
Cisco Employee
Cisco Employee
In response to mmiktus

‎12-11-2002 05:36 PM

Welcome to the wonderful world of AD permissions! Good times...

The best way to approach this is to use two accounts - one for directory rights and one for messaging rights. The latest version of the Permissions Wizard that ships with 4.0(1) does this for you automatically (we require this format in 4.0(1) since we ran into so many problems just like this one). It will run fine on any version of Unity 3.x or later and you can snag it here:

http://www.ciscounitytools.com/App_Maven4x.htm

Select two accounts to use for these rolls, run the permissions wizard and it'll give them all the rights necessary (you need to be logged in as your "god" account for this of course). You can, in fact, use your "god" account for the directory rights as well.

It'll assign all the rights necessary to the accounts but wont change your service account assignements in the SCM so you'll need to assign the directory rights account to the AvDSAD and AVDSGlobalCatalog services. Assign the messaging rights account to the AvCSGateway, AvCsMgr, AvGaenSvr, AvMsgStoreMonitorSvr (assuming you're at 3.1(5) and later) and AvUMRSyncSvr. The rest of the AVxxx services can just be associated with the system.

This gets around all those fun explicit denies applied at the group level that take the message store access out at the knees.

0 Helpful

mmiktus
Level 1
Level 1
In response to lindborg

‎12-12-2002 06:12 AM

as always, my sincerest thanks.

I will do this today & let you know the outcome. Strange thing tho. When i left last night, Unity was down. when i came in this morning, it was up. no one touched it since last night. odd that it would just come to life like that. thoughts?

0 Helpful

mmiktus
Level 1
Level 1
In response to mmiktus

‎12-12-2002 06:59 AM

it worked. thanks guys.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents