Jeff..

I'm getting an error message sometimes with the grantunityaccess tool..and I know a user exists in the Domain...here it is:

"Failed getting subscriber's object ID from database"

..when I look in the respective log, I get this..

Tue Feb 25 15:07:25.119 Entering Initialize \ConnectorClientBase.cpp

(line 48)

Tue Feb 25 15:07:26.400 Exiting Initialize \ConnectorClientBase.cpp

(line 89)

Tue Feb 25 15:07:26.400 Entering GetSimpleFilter \ConnectorClientBase.cpp (line 412) Tue Feb 25 15:07:26.416 Exiting GetSimpleFilter \ConnectorClientBase.cpp (line 428)

Tue Feb 25 15:07:26.416 Entering GetRowSet \ConnectorClientBase.cpp

(line 105)

Tue Feb 25 15:07:26.416 Exiting GetRowSet \ConnectorClientBase.cpp

(line 121)

Tue Feb 25 15:07:26.416 Entering GetOneRow \ConnectorClientBase.cpp

(line 127)

Tue Feb 25 15:07:26.431 spRowset->Item(0) reports no more rows. Exiting

function. \ConnectorClientBase.cpp

Tue Feb 25 15:07:26.431 Failed getting rowset for subscriber Exiting

Function. 0x8004010f \GrantAccess.cp

What do you think is going on here?

That means the alias of the _subscriber_ (not the domain account) is missing - MAke sure you're passing the alias of a valid subscriber in that you are trying to map that domain account to - you can check this in Query Analyzer (or you can get the new CUDLE tool which has it's own query builder built in off www.CiscoUnityTools.com) by entering this:

Select * from Subscriber where alias='myalias'

If a row comes back you're good - if not, you're not passing a valid alias in.

I don't to replace TAC with you, so just tell me when to leave you alone.

I used CUDLE, found the subscirber in there. Ran the queriy in the Query Analyzer, and get error:

"Invalid object name 'Subscriber'.

I'm pretty sure the alias is in there. Not sure what to do.

Query Analyzer probably threw that error because you hadn't selected UnityDB as your active database in the drop down list up top (I do this all the time).

If you found it in CUDLE, it's there. Which Alias are you using, by the way? Can you try a different one for grins? Does the row that matches that alias have a proper SubscriberObjectID column filled in? How about a DirectoryID column?

The SubscriberObjectID is proper as far as I can see..in that it is there and looks like the ones that worked. Same with the DirectoryID.

I compared it to another row that worked with the grantunityaccess tool and it is comparable in all fields

I restarted Unity, and restarted the whole box. Still no change.

Where to I go from here?

Wierd, one of the 4 that couldn't be added, was just added, but the other 3 still won't add. Not sure if that one was originally a typo. I'm using this syntax which is working for the other 50:

grantunityaccess -u "username" -s "alias"

Notice no domain. It also works with the domain.

Please advise.

Here is the sucess log.

E:\CommServer\logs>type GrantUAccess_3e5ce2fb.txt

Wed Feb 26 09:53:31.93 Entering Initialize \ConnectorClientBase.cpp (line 48)

Wed Feb 26 09:53:32.374 Exiting Initialize \ConnectorClientBase.cpp (line 89)

Wed Feb 26 09:53:32.374 Entering GetSimpleFilter \ConnectorClientBase.cpp (line 412)

Wed Feb 26 09:53:32.374 Exiting GetSimpleFilter \ConnectorClientBase.cpp (line 428)

Wed Feb 26 09:53:32.374 Entering GetRowSet \ConnectorClientBase.cpp (line 105)

Wed Feb 26 09:53:32.374 Exiting GetRowSet \ConnectorClientBase.cpp (line 121)

Wed Feb 26 09:53:32.374 Entering GetOneRow \ConnectorClientBase.cpp (line 127)

Wed Feb 26 09:53:32.406 Exiting GetOneRow \ConnectorClientBase.cpp (line 143)

Wed Feb 26 09:53:32.406 GetDC returning '\\dalcdrdc01.Parsons.com' (dwErr = 0) \GrantAccess.cpp (line 136)

Wed Feb 26 09:53:32.406 Using local DC \\dalcdrdc01.Parsons.com \GrantAccess.cpp (line 155)

Wed Feb 26 09:53:32.406 GetDC returning '\\dalcdrdc01.Parsons.com' (dwErr = 0) \GrantAccess.cpp (line 136)

Wed Feb 26 09:53:32.406 Using user's domain DC \\dalcdrdc01.Parsons.com \GrantAccess.cpp (line 165)

Are there any unusual characters in the aliases that don't work? Spaces, apostraphes, accents, etc.?

no unusual characters.

Very weird...

The interesting thing about your logs is this line:

Tue Feb 25 15:07:26.431 Failed getting rowset for subscriber Exiting Function. 0x8004010f \GrantAccess.cpp

"Subscriber" is supposed to be followed by the alias of the subscriber that was passed in through the -s argument, but it's blank at that point. So GUA is looking in SQL for a guy with a blank alias and, of course, not finding one.

I can reproduce this like so:

grantunityaccess -u "MyAdAccount"

or like this:

grantunityaccess -s "" -u "MyAdAccount"

Not sure what's going on... I'd play around with the -s parameter though. It's bailing out before it does anything with the -u.

--jk

OK..I may have solved this...There are stil 3 more I can't add using the grantunityaccess command. I deleted one of the 3 out of Unity and it added!.

I don't have access to the Exchange Admin today, so (please verify) I probably have 2 mailboxes for that person, don't I. If this is the case, how do I tell which of the two is the valid one?

I tried doing this with the other two, but after deleting them, Unity gives me an error that "an object with this name alread exists" when I try to add them back. I searched in the SQL queuy, and they were deleted. Is this Exchange they are referring to? I'll get access to Exchange tomorrow and nuke them out of there.

I've run DB Walker and cleaned things up also.

By the way, all these users I'm dealing with right now were imported from a CSV file against a subscriber template, if that matters.

Sounds like you might have run into an AD replication delay there when you tried to re-add... it can take a while for deletes to bounce around to all the servers, depending on how complicated your topology is.

Back to the GUA issue, can you check the logs of the guys that are still failing? See if this line still in there:

Tue Feb 25 15:07:26.431 Failed getting rowset for subscriber Exiting Function. 0x8004010f \GrantAccess.cpp

or if the subscriber's alias (-s) is in there somewhere. It should look like:

Tue Feb 25 15:07:26.431 Failed getting rowset for subscriber Exiting Function. 0x8004010f \GrantAccess.cpp

--jk

We are not integratged with AD and the box is in its own exch org and site, the box is just joined into the domain.

Yes..I get that line, but it looks like this

"failed getting rowset for Subscriber Exiting Function. 0x8004010f \GrantAccess.cpp"

Notice that there is a blank space for subscriber!

I tried deleting the Exchange account (after nuking it Unity) and no help.

I simply don't know what to do..

I can try to reproduce this in-house if you like... can you post the three command line GUA commands that fail, exactly as you're entering them (alias and NT account and all), plus a couple that succeed? E-mail them to me or Jeff if you're not comfortable posting them publicly.

The output log from "GrantUnityAccess -list" might also be useful.

Thanks--jk