I am having problems with Unity user applications, speficially related to calling up the Media Master controls in either ViewMail for Outlook of Unity PCA.
It appears to be DCOM related, since the authentication of users in AD is happening, but when you go to play a message (using TRAP), users are prompted to enter their AD credentials.
The user enters their correct credentials, but then just get re-prompted to enter them again.
In PCA, the user can log in, but then receive an error indicating that the Voice Server is unavailable.
During these failures, the System Event Event Log on the Unity Server racks up a couple of DCOM errors:
For PCA: The machine wide limit settings do not grant Remote Access permission for COM Server applications to the user NT AUTHORITY\ANONYMOUS LOGON SID (S-1-5-7).
For ViewMail: The machine wide limit settings do not grant Remote Activation permission for COM Server applications to the user DOMAIN\Username SID (S-1-5-21-182728277-828849442-1105138716-16585). This security permission can be modified using the Component Services administrative tool.
I have added my individual account, the Domain Users group, the Everyone group, and ANONYMOUS LOGON to DCOM with full access and activation rights.
Still, I receive these errors. However, if I add any user account to the Domain Admins group, everything works fine.
First dcom has to be enablebled on both the server and the client.
Do you have Windows Server 2003 SP1? If so there are issues with vmo. We can get through them though.
I had to do both of these docs after I appled sp1 to the Unity server.
Thanks for the input, but I've done both of these.
The second article related to DCOM security I first did verbatim, and then a little differently just to be sure to hit ALL services.
Instead of customizing the individual services, I ended up adding the rights in the default DCOM COM Security Settings (Edit Default, Edit Limits).
This essentially does the same thing, because all of the DCOM services by default are set to inherit the security from the defaults that are set up under the Main Properties page in Component Services.
In any case, it's not working no matter what I seem to do...unless I add a user account to the Domain Admins group. That is the only thing so far that works, and it's NOT an option, obviously!
I'm wondering if it may be a underlying problem with a MS Security patch or some such thing.
I have a TAC case opened up and hope to get more information (and a fix) soon.
I'll let you know what happens.
I think I know what it is. What exactly is your set up?
Can you send a GUSI? You can x out the server name and other sensitive information. I need to know versions.
rlp (I used to work for Cisco Avvid TAC)
Well, I just got off of the phone with a couple of developers, and they figured it out.
The DCOM Settings were basically being overridden by some old GPO information...when I first installed this system, we ran into all kinds of trouble with permissions being reset, etc.
Since then, the Unity system was removed from getting any GPOs applied, but this may have been remnants of the old GPO that were still in the Local Security Policy.
Basically, re-doing the DCOM rights after removing the DCOM settings from the Local Policy fixed everything.
Thanks for your responsed and input. I really appreciate it.
I would still like to hear your thoughts...the more information the better when trying to troubleshoot Unified Communications.
The Unity version is 4.2(1)...I will attach the CUSI after I check/edit it...probably later tonight.
Ah the old GPO........ one of the reasons I wanted to know your system. Here I thought it was a new system. GUSI probably wouldn't tell me that anyway.
Here is some information that i got from a SA issue that fixed a vmo issue.
The account must be a member of the domain admins group (if Unity is a domain
or the local administrators group (if Unity is a member server) in the Unity server
or at a minimum have the right to log on locally to the Unity server.
They must also have a COS with rights.
(Our system is a member server and I don't want everyone in the local admins group of their workstation so I gave them log on locally and it worked to the Unity server and it worked.)
I am getting the same problem. SP1 for 2003 is causing VMO DCOM related errors.i too have been through all the documents relating to this, but still have the problem. I was not sure where in the GPO / local policy I should start checking and changing?
Hi, you are probably right, this is a DCOM error!
Go to the commserver\utilities\PermissionsWizard directory on your Unity server.
Run the application and upgrade to the newest version of permissions software.
Go through all the regular settings when specifying the permissions until you get to the last option with the check box âGrant DCOM Rights and Enable the Media Master Controlâ check box.
Tick it and it should resolve your problem!
Please rate this if successful......