Okay, so we are running CM4.02sr2c, so the MLA is built-in. We tried the suggestion of changing the SQL MLAEnable parameter to F (without restarting SQL) on the Publisher, then stopping and restarting the IIS and WWW services. We logged into the CMAdmin using the local Windows Administrator account (which has full local administrator rights). We then went to Users->Acess Rights->Configure MLA Parameters and got the following error:

Error Please use a valid username or password.

This is a fresh install for a BARS migration from IBM to HP. We have not yet restored any data because we need the password for the CCMAdministrator account.

With this said:

1) What would cause the local windows administrator to not be a valid user for the CMAdmin MLA page?

2) Does a local windows CCMAdministrator account to exist on the Publisher (currently it does not)?

3) Where specifically in the CCAdmin MLA configuration is the setting to change the CCMAdministrator password once we successfully log in with the Windows local Admin account?

Thanks

To update, I followed your instructions and got the password rest prompts for CCMAdministrator. Here's where it gets odd. Clicking update the CMAdmin page stated that it successfully updated the password, and that the Web browser and IIS services needed to be restarted. After doing these things, the CCMAdministrator user password still did not. So we dug into the registry on the CM pub and found that there was no password entry for the key!

So we ran the passwordutils utility and generated the encrypted password and cut and pasted it into the registry. BAM! We were now able to access the CMWebadmin using the CCMAdminsitrator account.

But wait! It gets even more strange.....

Next we ran the 4.1.3 upgrade CD which completed with no errors. After rebooting the server, we attempted to log into the CMWebadmin with CCMAdministrator and could not. We checked the registry key again for the encrypted CCMAdministrator and it was gone! We again copied the encrypted password from the passwordutils application into the registry but it did not work this time. :(

Any thoughts on this odd problem?

Thx

Thanks, we are in our maintenance window at the moment but I will check it when I can. I think it is possible that when you reinstalled the Directory Configuration Plugin, somehow the password registry entry gets erased for CCMAdministrator. This also is the case for CCMSysuser and IPMASysuser. I'll let you know when I try this again.

Okay, the description in AD for the CCMAdministrator was CiscoPrivateUser, so this account was not showing when I did a search under User Global Directory for CCMAmin. Once I changed the description in AD and reran the search, I was able to see the CCMAdministrator user, however, there is no option to reset the User Password (or any user p/w within CM). Could this be because the DIRACCESS value in the Directory Configuration Key in the registry is set to false?

Thanks for your continued assistance, this is a tough one for us.

Okay we finally got it! Here's the answers: When you uninstall/reinstall the Directory Configuration Utiliy, it wipes out the encrypted password for CCMUser, CCMAdministrator, and IPMAUser. We had to run the passwordutility program in DOS to make an encrypted password, then paste it into the registry. Our TAC engr had us try the PasswordChanger Utility, but it would not work and here is why: Our OU= and CN= and DC= were not the default. Instead of CCM users in AD being in the Users container(default), they were in a container called "Departments" which the PasswordChanger Utility did not pick up because it uses the preconfigured OU, CN, and DC values.

Once we changed the OU, CN, and DC locations on the CM, the users successfully authentcated via LDAP to AD and we were able to log in to the CM as CCMAdminstrator, and fixed other problems!

Ugggh the problems you run into when you inherit systems with no documentation.

I hope this helps others