Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Error Logging in remotely.

Getting this error on one of 4 systems. What causes this?(**** are replacing domain name)

Access denied

Your Windows Domain Account [****\x_serv] is not associated with a Unity Subscriber.

You cannot access the Unity System Administration web pages.

Please see your system administrator for more details.

1 REPLY
Cisco Employee

Re: Error Logging in remotely.

When the user hits the SA web page on Unity, IIS makes sure you’re authenticated on the domain – if you are the SID is passed through to the SA pages – if not you’ll see a challenge and response dialog asking you to provide a login name/domain/password to authenticate (you can force this all the time with IE settings). Once a token is established, it’s passed off to the Unity SA page which , in turn, looks the account up in the SQL database. If that SID is found in the subscriber table it proceeds to check your COS for access rights. If not, it’ll check the SID history table to see if that token is mapped to a user on the local Unity server - this is used for help desk applications where single domain accounts need admin access to multiple machines and can’t, obviously, be subscribers on all of them. The GrantUnityAccess tool can be used to create these links between domain accounts and local subscribers with SA access (or not as the case may be).

If you’re getting the “is not associated with a subscriber” message then the SID is not being found in the local subscriber table or the SID History table. Either that or the IIS on the box is in a funky state and needs to be bounced – I see this from time to time for whatever reason. We rely on IIS to handle the authentication for us and if it’s cranky, we’re cranky.

If you’re logged into the Unity domain as a subscriber that should have SA access and you’re getting that message, see if bouncing the IIS services does the trick (in the case of E2K, unfortunately, this means bouncing everything). Don’t make extra mappings with GrantUnityAccess to try and get around this (it wont work and when you do clear the problem you’ll have multiple redundant mappings which is annoying to deal with).

It could also be a DNS issue – I’ve seen that from time to time… the authentication process has to be able to contact the DNS server for that domain to verify your credentials and if it can’t you’ll get that message as well.

93
Views
0
Helpful
1
Replies