Guest

Cisco Unity

Field Notice: Unity and Windows 2003 SP1 Interoperability Issue Incorrectly Reports That the Exchange Server is Offline


April 19, 2005


Products Affected

  • UNITYSW - UNITY-4.0-BUNDLE

Problem Description

AvWM OpenSCManager gets access denied when connecting to Windows 2003 SP1. Microsoft changed the permissions required by the Windows Manager (WM) to complete OpenSCManager in Windows 2003 SP1.

Note: Unity 4.0(5) and later is not affected by this issue. Unity 4.0(5) has not been released as of the posting of this Field Notice.

Background

Microsoft has changed the permissions required by Windows Manager to complete OpenSCManager in Windows 2003 SP1. The change was implemented in Service Pack 1.

Voicemail-only users are not affected. This problem affects only Unified Messaging deployments because Microsoft supports only Exchange 2003 on Windows 2003 and Exchange 2003 is supported only for Cisco Unity Unified Messaging configuration.

For more information on diagnosing Exchange server offline issues see Diagnosing Exchange Server Offline Issues for Cisco Unity 3.x and Later .

Problem Symptoms

Once Windows 2003 SP1 has been applied to the Exchange 2003 server, the Exchange 2003 will be completely unavailable to Unity. This will cause notifications to stop. Outside callers' messages will queue in the UnityMTA directory and subscribers will recieve a warning that their mail server is offline during mailbox login.

On the Windows 2003 SP1 / Exchange 2003 server the following Security Event log warning message will be displayed:

Event Type: Failure Audit 
Event Source: Security 
Event Category: Object Access 
Event ID: 560 
Date: 4/1/2005 
Time: 4:37:29 AM 
User: DOMAIN\UnityMsgStoreSvc 
Computer: EXCHANGE 
Description: 
Object Open: 
Object Server: SC Manager 
Object Type: SC_MANAGER OBJECT 
Object Name: ServicesActive 
Handle ID: - 
Operation ID: {0,1705124} 
Process ID: 524 
Image File Name: C:\WINDOWS\system32\services.exe 
Primary User Name: EXCHANGE$ 
Primary Domain: SJ-VNT 
Primary Logon ID: (0x0,0x3E7) 
Client User Name: UnityMsgStoreSvc 
Client Domain: SJ-VNT 
Client Logon ID: (0x0,0x1A0496) 
Accesses: READ_CONTROL 
Connect to service controller 
Enumerate services 
Query service database lock state 
Privileges: - 
Restricted Sid Count: 0 
Access Mask: 0x20015 

If AvWM diagnostics are enabled (HKLM > Software > Active Voice > AvWm > 1.00 > Diag Level = 1) the following Application Event log warning message will be displayed:

Event Type: Warning 
Event Source: CiscoUnity_AvWM 
Event Category: Error 
Event ID: 29004 
Date: 4/1/2005 
Time: 4:50:14 AM 
User: N/A 
Computer: UNITY 
Description: 
Error accessing service control manager on EXCHANGE. 
OpenSCManager:5. (AvUMRSyncSvr:3920) 

Workaround/Solution

Workaround:

  1. Uninstall Windows 2003 SP1 from the Exchange 2003 server. Once this is complete, the Unity server (Windows) must be fully rebooted.

    or

  2. Place the UnityMsgStoreSvc account, the account the AvMsgStoreMonitor service logs on as, in the local Administrators group on the Windows 2003 SP1/Exchange 2003 server. Once this is complete, the Unity server (Windows) must be fully rebooted.

If the Windows 2003 SP1/Exchange 2003 server is a clustered Exchange server, place the UnityMsgStoreSvc account in the local Administrators group for all nodes in the cluster. Once this is complete the Unity server (Windows) must be fully rebooted.

If the Windows 2003 SP1/Exchange 2003 server is a domain controller, it is not recommended to place the UnityMsgStoreSvc account in the Domain Admins group because this group has explicit denies that are the default on all Exchange Message Stores. Placing the account in that group will allow Unity to access the Services Control Manager so Unity will be able to "see" the Exchange server again but all mailbox logins will fail. Instead, do option number 1 and uninstall Windows 2003 SP1.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsa80702 (registered customers only)

AvWM OpenSCManager gets access denied when connecting to W2K3 SP1

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.