Ok... I'm dealing with a Unity 4.0(3) server installed with UM in a site with E2k on a W2k3 AD.
The site has a single forest with multiple OUs. We have the Unity server up and delivering mail perfectly. The client has since decided that for security purposes, he needs to split up the GAL for each OU so one cannot see the other. Everything right now in the default GAL.
So, when the client removed everything from the default GAL and split it up, Exchange was happy, but this made our happy Unity server very upset.
Is there any way to accomadate what we are trying to do? Perhaps we have to remove all the subscribers, modify the GAL and reimport everyone?
Are users that Unity has tagged as subscribers then spread out over multiple OUs here I take it?
Unity should be able to see users anywhere in the forrest so long as we've been given rights to do that, even across domains. The address list views shouldn't have any direct effect on that. So long as Unity has been given rights at a container level sufficiently high in the org to encompass all the OUs that contain subscribers (i.e. even to the root of the domain or in multiple domains) you should be able to import subscribers and the like.
I'm not entirely sure what is meant by they "split up the GAL for each OU" - what, exactly, is entailed in this operation? What is it, exactly, that Unity is upset about? Does it not start? Can it not access everyone's mailboxes (but some it can)? What errors crop up in the application event log for any or all of the above?
I agree that Unity should be able to see everything... Since we already have these subscribers setup in Unity, moving their location in the GAL I think confused Unity.
The EV message is source: CiscoUnity_UMR
Category: UMR THREAD ERROR
Event ID: 137
Attempts to deliver UMR messages have failed due to Unity configuration or connectivity issues with the Partner mail server.
Unity stills runs, but it queues the messages as if Exchange was down. We tried restarting Unity and performing a reboot of the server with the same results. To the best of my knowledge, it happened to everyone.
I believe the Exchange Admin was trying to removing everyone from the default GAL, and create separate GALs for the 3 groups. As a work around, he put everyone back into the default GAL and created Address Lists for the groups. He feels that this is less secure than having separate GALs.
Unity doesn't get confused about where a subscriber is in the directory. We track the users by GUID in the GC. So unless we don't have the correct permissions or GC synching is broken it can't really get confused.
Are you sure the customer did nothing more than move the subscriber from one OU to another? Is sounds to me like maybe they did that and moved them from one mailbox store to another and Unity doesnt have the needed permissions.
Anyway, since we aren't sure what caused this I would rerun the Permissions Wizard since odd are that this is permissions related. You might need to do a full re-sync with the GC in Doh Prop Test too after permissions are set correctly.
These are the paths to get to each CCX logs through CLI. They may be helpful if you are having issues accessing RTMT or downloading logs through it.
If you want to download them you have to prefix "file get " and you can add one of the options (re...