Guest

Cisco Unity

Field Notice: FN - 62673 - US Daylight Savings Time Policy Change Effective March 2007 - for Cisco Unity


Revised March 20, 2007

February 08, 2007

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

UNITY

Problem Description

According to a new policy act, the US Government will extend Daylight Savings Time (DST) in the United States starting in March 2007.

The operating systems of most Cisco products that support DST have built in mechanisms to automatically change the times, based on current United States rules. Once the new act is implemented, the time on devices that maintain time zone information will continue to change according to the old Rules, unless changes are made.

Background

On August 8, 2005, President Bush signed into law the Energy Policy Act, which extends DST by four weeks from the second Sunday of March to the first Sunday of November. The Secretary of Energy will report the impact of this change to Congress, and then Congress retains the right to resume the 2005 DST schedule once the Department of Energy study is complete. This law takes effect on March 1, 2007.

Event

Prior to 2007

Year 2007 and After

Start

First Sunday in April

Second Sunday in March

End

Last Sunday in October

First Sunday in November

The Energy Policy Act of 2005, bill number H.R.6.ENR, can be found at The Library of Congress, THOMAS. Search for "daylight savings" to find the Act in various stages.

Unity and Unity Bridge are closely tied to Windows Operating Systems. Consequently, several steps must be taken to allow the new DST changes to take effect.

Overview of Daylight Savings Time Change

When the Energy Policy Act of 2005 passed into law in the United States, DST would begin three weeks earlier and end one week later from its historical beginning and end. This change affects those areas in the United States and its territories which choose to observe DST. Canada will observe the new start and end of DST as well.

Due to the change in DST, certain functionalities that are dependent on date and time calculations, both within a time zone and certainly across other time zones, can result in incorrect calculations. Any issue relating to the earlier start or later ending of DST is applicable between March 11, 2007 and April 1, 2007 and again between October 28, 2007 and November 4, 2007.

Problem Symptoms

The potential problem is that the Unity Inbox timestamps will be incorrect by an hour for three weeks in the spring and one week in the fall for the year of 2007 and beyond, unless the steps described in this notice have been undertaken.

This can have an impact on any event correlation activities that are performed as part of normal operations, troubleshooting, and monitoring.

For example, security related devices, where logs may be captured, correlated, and stored for future reference, could be rendered incorrect for situations where they need to be recalled to rebuild a sequence of events. The incorrect timestamps may not be an issue for events that get immediate action, but future reference back to these events would reference incorrect times.

In addition, any device with time based controls and activities, such as authentication servers, synchronization activities, and scheduled events such as batch jobs, timed backups or automated scripts would be impacted.

Unity voicemail timestamps can be off by one hour during the periods where the new Act changes the date that Daylight Savings Time begins or ends.

Workaround/Solution

Workaround:

If the patches to Windows and Unity are not applied, time may be adjusted manually through the Windows Operating System.

Solution:

Cisco recommends applying the following fixes and patches.

Installation of Patches

Depending on how Unity is deployed, the features and version used would dictate the specific patches needed. Some systems may require patches to the operating system, the Java Runtime Engine and a specific Unity Engineering Special (ES). Other systems may only require the operating system patch.

All patches necessary for Cisco Unity and Cisco Unity Bridge have been bundled into a single downloadable file available on CCO from the Software Download (registered customers only) page.

After downloading the ZIP file, extract the contents into a folder on the Unity or Bridge system that needs to be patched. Find and open the ReadMe.txt file within the folder created by the ZIP extraction. Follow the instructions provided in ReadME.txt file.

The order in which the various patches are applied is not relevant so long as the patches are applied to all the machines necessary.

The table below lists the Unity and Bridge versions that each patch applies to. If the version of Unity you are using is not listed, then no patch is necessary.

Patch Location:

URL: http://www.cisco.com/cgi-bin/tablebuild.pl/unity (registered customers only)

Patch Name:

Unity_DST_Patches.zip

Unity

Required Patches

Unity Versions Affected

Windows 2000 SP4

All

Windows 2003 SP1

All

Java Runtime Engine

4.0(1) and later

Unity Inbox

4.2(1)

4.1(1) if ES34 was previously installed

4.0(5) if ES39 was previously installed

Unity Bridge

Required Patch

Bridge Version Affected

Windows 2000 SP4

All

Windows 2003 SP1

All

Additional Information

Microsoft Windows

Unity and Unity Bridge primarily obtain time zone information through the Windows API. As such, applying the appropriate Windows patch will resolve virtually all problems related to the changes to the time zones and DST. For Unity, this includes everything done through the Telephone User Interface (TUI).

All versions of Unity and Unity Bridge run on the Windows operating system. Apply the relevant Windows patch (Windows 2003 SP1 or Windows 2000 SP4) to each Unity or Unity Bridge server deployed to all servers hosting Microsoft Exchange or Lotus Domino that contain a mailbox of a Unity subscriber (including the partner mail server), to each domain controller (DC) in a domain with a Unity server, and to all global catalog (GC) servers within the Active Directory forest where Unity is present.

If at any time you have manually adjusted the system clock on any of the above machines, for example when testing this patch or to enable a workaround prior to applying the patch, you are advised to reboot the server and validate that the system clock on all machines is reading the true and accurate time for the time zone selected in the operating system.

Microsoft Exchange

If a customer determines the Exchange patch is needed, the patch should be installed on every Exchange server containing a Unity-related mailbox as well as on the Unity server itself. The latter is required as the Exchange System Management tools are present on the Unity server.

If Unity is used in a Unified Messaging (UM) environment where Unity is not the only application to utilize the Exchange mail store, you may need to install a patch to preserve certain functionality in those other applications. An example of such an application is Outlook Web Access.

No patch for Exchange, or for the Exchange Management tools present on the Unity server itself, regardless of the version, is currently necessary to preserve functionality. If Unity is used in a "voice mail only" configuration, there is no need to install the currently available Exchange 2003 patch or Exchange 2000 (if available to you) related to the change in Daylight Savings Time.

Regardless of whether Unity is used in a VM or UM environment, however, the Windows patch described in the prior section must be applied to the operating system on the machine hosting Exchange. Not doing so will result in an incorrect time stamp being placed on a message by Exchange when it arrives at the mailbox.

For additional information on the impact of DST to Exchange, see Knowledge Base article 926666.

Below is a summary of the patches available from Microsoft for Exchange 2000 and 2003.

Exchange Version

Patch

Exchange 2003 SP2

The Exchange 2003 SP2 patch is available for download here:

Knowledge Base article 926666

Exchange 2003 SP1

Microsoft support for SP1 ended January 9th, 2007. No patch will be available. Customers are instructed to upgrade each Exchange server to SP2 and then apply SP2 patch.

Exchange 2000

Exchange 2000 support has expired. No patch will be available without a separate Extended Hotfix Service Agreement. A customer would need to purchase this separately from Microsoft.

Important Notice Regarding Exchange 2003 SP2 and Exchange 2000 Patch

The Exchange 2003 SP2 patch available in KB92666 contains changes beyond updates to the time zone database used by the CDO technology. A change related to Unity is a modification to the send as permission applied to user and contact objects for the Unity Message Store service account. This change is described in KB article 895949 at http://support.microsoft.com/kb/895949. This specific change to the send as permissions is same as the one contained in Microsoft security update MS06-19. See Cisco Systems Field Notice: FN - 62484.

According to the documentation made available from Microsoft, the issue described above does not apply to the analogous DST patch for Exchange 2000.

Impact to Unity

After applying the Exchange 2003 SP2 patch, voice messages may not be delivered. This includes messages from outside or unknown callers, those that pass through the UnityMTA folder, and some or all messages submitted by subscribers. The symptoms encountered will depend on the version of Unity used and whether certain permissions were applied in a default manner. that is, using Permissions Wizard, or set manually to comply with specific security requirements of your Active Directory environment.

The Cisco Unity system may be impacted if the following statements are true for the version of Cisco Unity used:

Cisco Unity version 4.0(3) through 4.1(1):

  • The Exchange mailboxes for the affected subscribers are homed either in Exchange 2003 or Exchange 2000.

  • The Active Directory accounts associated with the affected subscribers belong to one or more administrative groups such as Enterprise Admins, Schema Admins, Domain Admins, or Administrators.

  • The Permissions Wizard that was last run to grant permissions to the installation and services accounts is older than version 2.1.0.25, dated September 8, 2004.

Cisco Unity version 4.0(2) and earlier:

  • The Exchange mailboxes for the affected subscribers are homed either in Exchange 2003 or Exchange 2000.

  • The Permissions Wizard that was last run to grant permissions to the installation and services accounts is older than version 2.1.0.25, dated September 8, 2004.

For a properly configured Unity 4.2(1) system, the Exchange 2003 SP2 DST patch should not impact message delivery.

The bullet point regarding the latest version of Permissions Wizard to run will be false if Microsoft security update MS06-19 was previously installed on the Exchange servers used by Unity, you followed the resolution steps in Field Notice FN 62484, and have not removed necessary permission since then either through accident or deliberate action. If in doubt, follow the steps in the "Preventive Steps" section in Field Notice FN 62484.

Do note that for Unity versions 4.0(2) and earlier, the latest Permissions Wizard for Unity 4.0(3) must be used to resolve the message delivery issues caused by the Exchange 2003 SP2 DST Patch or MS06-19. Both of those Microsoft patches will now cause certain "send as" rights to be enforced that were not previously enforced. The Permissions Wizard versions for Unity 4.0(2) and earlier does not set those needed "send as" rights.

For all Unity versions, however, an incorrectly configured system with regards to Active Directory and Exchange permissions may still be impacted. This includes Unity version 4.2(1). A common incorrect configuration is that the Unity Message Store service account does not have send as permissions for the Unity_ account. This can occur if inheritance is disabled on the container the Message Store service account is in or any container above it.

In this situation, the behavior described in Impact to Unity will occur. Running the most current version of Permissions Wizard for your version of Unity will not resolve this issue. You will need to either grant permissions to the Message Store service account or re-enable inheritance by checking the "Allow Inheritable Permissions from Parent to Propagate to This Object check box on the Security tab in the applicable Properties dialog box.

Please consult the help file for the version of Permissions Wizard appropriate to your Unity system. Help files for every version available can be found in the following link:

http://www.ciscounitytools.com/App_AlphabeticalListing.htm

VMO

In a Unified Messaging environment, the VMO application is used to send and retrieve voice messages from Microsoft Outlook. In this situation, the operating system hosting Outlook will require a separate patch. This can be obtained directly from Microsoft from:

http://support.microsoft.com/?kbid=931836.

A patch specific to VMO is not needed.

In addition, an update to Outlook itself may be needed depending on the version of Outlook used. Such an update would not be required for VMO but for other applications used by Outlook, such as calendaring. Please refer to the following Microsoft link for information on whether additional patches are needed for your specific desktop deployment:

http://www.microsoft.com/windows/timezone/dst2007.mspx

IBM Lotus Domino Unified Communications (DUC)

At this time IBM has not communicated a need for any update or patch to their DUC software whether using Windows or AIX operating systems.

Information Available From Microsoft

The following web page from Microsoft provides details on all MS products affected by the DST change and the patches available:

http://www.microsoft.com/windows/timezone/dst2007.mspx

It is updated frequently. This link is a good starting point for finding information related to specific products of interest to you. In addition, you can find information related to new time zones now added to Windows.

You are encouraged to visit this site and read the areas relevant to your system.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsh35828 (registered customers only)

Unity Inbox: time stamp adjustment not valid for DST change in 2007

CSCeg51736 (registered customers only)

Display timestamp in Unity Inbox using time zone from sub profile

CSCsh48829 (registered customers only)

Unity will have Incorrect time stamps during DST w/o Windows Patch

CSCsh35926 (registered customers only)

JVM version installed is not compliant with 2007 DST changes

Other Considerations

An anomaly was discovered during testing with Unity Bridge.

For the purposes of testing the Microsoft Windows patch applied to the operating system hosting a Cisco Unity Bridge server, the system clock of the operating system will likely be moved forward in time to a date after the change in DST (March 11th, 2007). Once testing is complete, the system clock will, of course, revert back to the current and correct date and time. Upon reverting the system clock back to the correct date and time, the Bridge server will encounter the issue described in CSCee01101 (registered customers only) . In short, the Bridge will not deliver messages sent from Cisco Unity until the system clock exceeds the future date and time previously set.

In some cases, when the system time reaches the latest time previously set on the server, message delivery will resume. For example, if the system time was 4:00 P.M. and reset to 2:00 P.M., then when the system time again reaches 4:00 P.M. and the message delivery interval is exceeded, the Bridge will begin delivering the queued messages.

Alternatively, the following manual steps can be done for each node in Cisco Unity Bridge:

  1. In the Bridge System Administration page, open the Octel Node configuration page for one of the nodes

  2. Change the Message Delivery Windows (Normal, Urgent, and Administration) from Enabled to Disabled

  3. Save the change

  4. Change the Message Delivery Windows (Normal, Urgent, and Administration) from Disabled to Enabled

  5. Save the change Repeat Steps 1-5 for each node.

This image shows the check boxes in the Bridge System Administration page.

fn62673_je535e.jpg

Revision History

Revision

Date

Comment

1.9

20-MAR-2007

Rewrote sections under Installation of Patches, Microsoft Windows and Microsoft Exchange to improve clarity.

1.8

13-MAR-2007

Rearranged the information in the in the Workaround Solution Section under the heading "Microsoft Exchange" to improve clarity and highlight when Exchange patches are needed instead of emphasizing when Exchange patches are not needed.

1.7

08-MAR-2007

Updated the Impact to Unity section of the Workaround/Solution section.

1.6

06-MAR-2007

Added "Apply the Windows patch relevant to each Unity or Unity Bridge server deployed to all servers hosting Exchange that contain a mailbox of a Unity subscriber, to each domain controller (DC) in a domain with a Unity server, and to all global catalog (GC) servers within the Active Directory forest." to the Workaround Solutions section under Microsoft Windows section.

1.5

27-FEB-2007

Updated image in Other Considerations section.

1.4

22-FEB-2007

Changed the ES values for Unity Inbox for releases 4.1(1) and 4.0(5). Added the section entitled "Other Considerations" to cover an anomaly found with Unity Bridge DST verification testing.

1.3

19-FEB-2007

Changed minor wording in Problem Symptoms and Workaround/Solution sections. Changed URL in the VMO section of the Workaround/Solution section to point to KB article 931836

1.2

12-FEB-2007

Added CSCsh35828 and CSCsh35926. Removed CSCsh63361.

1.1

09-FEB-2007

Added CSCsh63361 to the list of DDTS

1.0

08-FEB-2007

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.