Not quite sure what you mean. I did go to the unity server and start System Admin. Same behaviour. In IE, I went to Tools > Internet Options > Security > local intranet > Custom Settings and selected Prompt for user name and password. I tried my Exchange Admin account as well as my subscriber account. No luck. I also tried logging into Win2K as local administrator and Exchange Administrator and repeated above. Same behaviour.

well, that error means it's failing before we event get to the COS check... the token we're gettign back is not finding a mail user in Exchange properly most likely. Most often this has to do with credentials not matching due to a domain boundary or a proxy server getting in the way or the like. If you've manually logged in on the local Unity server and provided the domain\login and password of a subscriber and it's STILL showing you that message, that's pretty odd indeed. I'd expect you to at least get the "your class of service doesn't allow access..." message.

Is the Example Administrator still in the system? Can you associate your NT account you log into the local Unity server with to that Exchange account? Wait 10 minutes and then try to log in with that guy again... if it's still coming up with the "you're not a subscriber" thing, something is going haywire further up stream from us (I'd start to suspect something like a proxy server or a DNS issue lurking under the covers).


Jeff Lindborg
Unity Technical Lead/Answer Monkey
Cisco Systems
lindborg@cisco.com
http://www.AnswerMonkey.net (new page for Unity support tools and scripts)

Example administrator Exchange account was still in Exchange. Associated it with my exchange admin account and still can't log in. There is no proxy or firewall between the Unity and Exchange mail server. They're on the same subnet and part of the same domain.

Norm Cook
Gibson Petroleum Company Limited

well... DNS is the last issue I can think of off the top of my head. Unity needs to contact the DNS server whenever someone authenticates and if there's an issue there the login will fail. typically you'd see errors in the event log when this happened.

Beyond that all I can suggest is to try and investigate what changed in your environment about a week ago... Unity doesn't have a time out so we didn't just kick in a restrictive SA access on you out of the blue. Something changed somewhere external to us, it's just a matter of tracking it down.


Jeff Lindborg
Unity Technical Lead/Answer Monkey
Cisco Systems
lindborg@cisco.com
http://www.AnswerMonkey.net (new page for Unity support tools and scripts)

DNS appears to function normally. What in particular does Unity need to access the DNS server for when logging into the web admin on the actual unity server? Maybe there's a specific DNS record it's looking for? Is it using the FQDN? If not, the DNS domain on Unity was set incorrectly, but it hasn't changed in the past year, so that's probably not the problem anyway. I can't reboot during the day to correct the domain name, but will attempt to do so this weekend.

Norm Cook
Gibson Petroleum Company Limited

I am getting the same error at my customer. They did make some changes to DNS and moved some servers around. Unity does seem to be able to get to everything with DNS. The error in the event log associated with this issue is:

Gateway: The call to Directory::FindByDomainAndName failed with [0x800706BA] for the NT account: [Doman\EXADMIN]

and:

Gateway: Error [0x800706BA] retrieving mailboxes associated with NT account : [Domain\EXADMIN]

Thanks

Would changing my NT PDC's IP address & Computer Name affect this? That did change.

Norm Cook
Gibson Petroleum Company Limited

One more piece of info that may or not be useful...
When using a Netscape browser (not on Unity server), I get:

HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services


Norm Cook
Gibson Petroleum Company Limited

interesting... anyone go into IIS and lock down some rights or has a virus checker gone in, intrusion detection software gone on, anything like that?

pop open the IIS admin and check to be sure the SAWeb page has rights to execute scripts (I see this removed from time to time for security reasons). Also, on the Directory Security tab make sure the Authenitcation methods ONLY has "Integrated Windows authentication" checked... if that's remvoed or if Anonymous Access is checked you'll have grief authenticating to our pages (although you'd get a different error I think).


Jeff Lindborg
Unity Technical Lead/Answer Monkey
Cisco Systems
lindborg@cisco.com
http://www.AnswerMonkey.net (new page for Unity support tools and scripts)

More info.
Just tried for the first time to install VMO client 3.0(1.20) on a Win XP Pro machine with Office 2K. Error when trying to playback through IP handset indicates that logged in account is not associated with a subscriber. Sounds like similar issue. Older 2.4.6 VMO client works under installed Win98/2000 desktops...

Norm Cook
Gibson Petroleum Company Limited