I am trying to install Unity 4.0(5) in a lab environment for testing, and have run into a problem with the permissions wizard. When I try running it, I get "The Cisco Unity Permissions Wizard has failed to create an organizational unit in the domain ..."
This is all a fresh install, each on there own virtual server...
DC - Windows 2003 Server Standard
Exchange 2003 w/SP1 on Windows 2003 Server Standard
Unity - Windows 2003 Server Standard
I have added the UnityInstall, UnityAdmin, UnityDirSvc, and UnityMsgStoreSvc accounts, and have placed UnityInstall in domain admins, and have granted it full administration in Exchange. I have also run ADSchemaSetup successfully. I have run CUSPA on the Unity server and fullfilled all of the requirements. I have also patched the Unity server with only what is listed on the Post-install 4.0(5) CD.
Please check for this file that reports the status information as permissions wizard is running - pwresults.log. It should be in your c:\documents and settings\\local settings\temp directory. Another good one to check is the PWDiag.log. You can post the information here. The part of the code it is running, when you see the error is:
The unitydirsvc account is the one that creates the Unity OU and Locations OU. It requires:
1. Applied onto this object and all child objects
- Create CiscoEcsbuUMLocation objects
2. Applied onto CiscoEcsbuUMLocation objects
- Full control
Lastly, you can post what the Unity server says by running GPRESULT at the command line. Run this when you are logged on with the account you are using to run permissions wizard, which should be Domain Admin.
I actually just downloaded the newest from ciscounitytools.com, and it's giving the same error.
I don't understand what could be wrong with this. This happens right after hitting the next button on the first window. This is even prior to providing the permissions wizard with the account it should use.
make sure you have the correct context for where the OU is supposed to be created. If you have any strange configuration in AD, this could happen. The directory services acct also needs to be delegated some type of control (depending on where you want user admin to occur. Make sure the user that you are using doesnt have some kind of conflicting AD (or GPO) permissions that are unable to create users or OU's on your DC.
This is a fresh install of AD, and everything is default. I went to the extent of going into AD, and delegating the unityinstall account full rights including creating OU's.
The unityinstall account was already a domain admin, so I'm not sure why this would be an issue anyway. I tried running Permissions Wizard from the Exchange server as the domain Administrator, and had the same problem there as well.
You mentioned you tried to run permissions wizard from the Exchange server. Do you mean Exchange is on separate server? If so, your Exchange server may also be the DC/GC and that could mean your Unity server DC was not enabled as a global catalog server. I would check that too. Make sure inheritance isn't getting blocked from somewhere higher in the AD structure on your test Unity server. Unity wants to create the Unity OU, from where it installs the Location information. That is the OU I suspect you are having problems with. And just to make sure there aren't any Default Domain policies in affect that could be affecting your install, I would run gpresult on your Unity server to see what policies are being applied.
Please check for this file that reports the status information as permissions wizard is running - pwresults.log. It should be in your c:\documents and settings\\local settings\temp directory. Another good one to check is the PWDiag.log. You can post the information here. The part of the code it is running, when you see the error is:
The unitydirsvc account is the one that creates the Unity OU and Locations OU. It requires:
1. Applied onto this object and all child objects
- Create CiscoEcsbuUMLocation objects
2. Applied onto CiscoEcsbuUMLocation objects
- Full control
Lastly, you can post what the Unity server says by running GPRESULT at the command line. Run this when you are logged on with the account you are using to run permissions wizard, which should be Domain Admin.
