Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unity "Domain controller cannot be contacted, delete is not allowed"

Hi all,

I have an issue with Unity 5.0. We run a small cluster (DC and a member server). The member server has always (in the past) been the active node, thus i would login to the web\sa GUI on that server to administer subscribers etc.

After attempting to patch the servers last week (and having to postpone the MS patching with the Cisco Wizard because i couldnt disable the Unity services) i have noticed that i cannot administer any subscribers on the member servers GUI. I had to restart the servers during the attempted patch run, to try to stop the Unity Services from the tray icon, but i wasnt able to, so i will attempt this work another night after some useful NetPro posts saying that a certain AvS service can be stopped to stop all Unty services :o)

I can only reset passwords now, nothing more. I cant delete subscribers etc. I thik perhaps the member server was restarted too soon and that the DC wasnt fully up and authenticating...?

When i hover over the delete icon on the GUI, i get the message "The domaincontroller for xxxxx cannot be contacted. Delete is temporarily not allowed"

I have then logged on to each server via mstsc and looked at the Unity "Failover Monitor". The member server is "running:active" as i would expect, and the DC is "running:inactive" as i would also expect. So i *think* from a Unity point of view all is ok.

So, how do i get the member server to be able to contact the DC again? Simply reboot the member server perhaps? I assume that once the member server can 'see' the DC it will then allow me full admin rights in the GUI again.

I think the issue is that it isnt clear in what order i reboot/restart the Windows cluster. Should i bring BOTH servers down in a maintenance slot, then restart the DC, wait for it to come up fully, then restart the member server...? This makes sense from a Windows point of view....but I seem to recall that bringing up the member server *last* resulted in it no longer being the ACTIVE server for Unity. How do i make it active if i have to restart that last?

Thoughts appreciated :o)

Kind regards

Cisco Employee

Re: Unity "Domain controller cannot be contacted, delete is not

If you haven't done this already, go to the administrative tools in tools depot, open the DCGC reconnect tool and do a force reconnect on both the DC and GC tabs. Give it some time to complete and then hover over the button again to see if it goes away and returns to functionality.


New Member

Re: Unity "Domain controller cannot be contacted, delete is not

OK, i have restarted the member server in this domain (one DC, one member server). Restarting the member server has meant that the DC is now in control of the Unity cluster, thus meaning i ave to login to the web GUI via: http://DCservername/web/sa

Upon doin this, i now get the full admin functionality back on the UnityAdmin account, and can delete users etc.

So, my followup Q from this would be: Is it at all critical *which* server in a cluster is the 'primary' one? Provided they are both up and running, will Exchange, SQL etc still be written to and function in the same manner? Or more succintly, does Unity care which server is in control provided both are running? :o)

Any thoughts appreciated.

Tstoutme - thanks for the post. I wasnt aware this Unty tool existsed. Whilst i have not used it in anger, i did run it from the member server and it could 'see' the DC ok. Another bit to add to my doco should i ever need it !

Cisco Employee

Re: Unity "Domain controller cannot be contacted, delete is not

As far as functionality, as long as one is active and you have no replication issues between them, it technically doesn't matter which one is active. Calls will be answered, vmail will be recorded and played back, etc. However, you usually want to remain on the primary as that is the main db and main server. The backup is just that, a backup only meant to be in use should their be a total failure of the primary for one reason or another. I hope that answers the question.