Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

SA for one user only - You are not authorized to view this page

unity 4.05 - when in the SA, none of the support folks can view one specific unity account, when I try to view the properties for this user specifically, I get an HTTP 403 Error - Forbidden. States I do not have permission to view the directory or page. Funny thing is that I can open and view/edit any other user on this server. I have checked the advanced AD properties for this user and do not see anything out of the ordinary - has anyone run into this before or any suggestion as to what Im seeing (or not seeing)? thanks. User is working fine.

  • Unified Communications Applications
4 REPLIES
New Member

Re: SA for one user only - You are not authorized to view this p

I have noticed in the event logs that the CSA is preventing access to this user in the SA - when I stop the CSA, I can view this users properties in the SA - how can I get around this without having to disable the CSA and why would it prevent access to this user who is in the same OU as all the other users, nothing special about thier AD account. I have even deleted the user from Unity, and re-imported successfully but still experience this issue with just this one user.

New Member

Re: SA for one user only - You are not authorized to view this p

Were you able to resolve this issue? I am having the same problem in Unity 4.1.

Thanks,

Duane Brennan

Re: SA for one user only - You are not authorized to view this p

We have a large enviroment here and there a "couple cooks" in the AD kitchen from time to time. When we deployed Unity, I created a voicemail only domain and had the META guys push me a copy of their AD to my AD so I can keep the account names, first last, alias, etc. This has been great. Except when this scenario happens what you are talking about.

Security had a problem with an account in the production AD. They deleted the account and recreated it. META, pushed me a disabled flag on the account leaving me trying to figure out why I cannot view the profile of this person in Unity.

Sure enough, the account was recreated with a new alias, different SID in AD. Unity did not like that so much and pretty much made the account unusable. A good way to test is to go your Unity VM messenging store and see if you can log into through OWA to see if the account works:

http://mail.unitymessengingserver/exchange/alias

login with domain\unitymsgstrsvc (since it has rights to all mailboxes)

The account may look fine in AD and it's not disabled, but if you look at the Exchange Advance properties, you will probably see the security properties of "Self" and that's it. The account has lost all permissions. You can try and manually add them back in, but you are better off just starting over.

I always tend to ask the subscriber questions like "have you had any problems logging into your workstation or email? Have you called the help desk lately regarding your login account to AD" This usually puts a red flag up for us that the account has been altered someway from the AD guys and pushed to us, which broke the Unity account connection.

95 percent of the time, this all works fine. AD Admins are not supposed to delete accounts in AD at all. Lazy admins delete accounts, good ones figure out why it does not work.

anyways.. maybe this long winded story will help point you in the right direction

Re: SA for one user only - You are not authorized to view this p

Hi -

Another thing that may cause this - the user's account has had inheritance disabled (or the box has gotten unchecked) which would block the permissions needed.

Ginger

218
Views
0
Helpful
4
Replies