Guest

Cisco Unity

Cisco Unity: "ACCESS DENIED because there is no exact allow ACE" Error

Document ID: 111725

Updated: Feb 16, 2010

   Print

Introduction

With Cisco Unity, after you run the Permissions Wizard in report mode, the ACCESS DENIED because there is no exact Allow ACE error message appears. This document describes the procedure in order to resolve this error.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

The ACCESS DENIED because there is no exact Allow ACE error message appears after the Permissions Wizard is run in report mode during the upgrade/installation process of Cisco Unity.

This issue arises due to the permission issue of Cisco Unity. Also, Cisco Unity does not have the sufficient account rights to run the Permissions Wizard.

If you try to run the Permissions Wizard with an account that has less than the specified permissions, is it possible that the Permissions Wizard is not able to grant all of the permissions required by the installation account and the services account. If the Permissions wizard cannot grant all of the required permissions, either the Cisco Unity installation fails, or Cisco Unity does not run properly after it has been installed.

Solution

Complete these steps in order to resolve this issue.

  1. Ensure that the Unityadmin account meets all of these requirements:

    • Is a member of the Domain Admins group in the domain in which the Cisco Unity server is being installed, or that has permissions in that domain that are equivalent to the default permissions for the Domain Admins group.

    • Is a member of the Domain Admins group in all of the domains that contain OUs from which you want to import Cisco Unity subscribers, Cisco Unity contacts, or public distribution lists, or that has permissions in those domains that are equivalent to the default permissions for the Domain Admins group.

    • Has permission to grant permissions on the deleted items container in the configuration container.

    • Is an Exchange Full Administrator.

  2. Re-run the Permission Wizard with a higher level permission account. It does not have to be run with the unityinstall account. Run it with a high level account like Administrator or an account, which has high full access to Active Directory and Exchange. Make sure everything passes when it runs.

  3. If the issue is not solved even after the completion of the previously mentioned steps, reset these Cisco Unity accounts:

    • install

    • dirsvc

    • msgstoresvc

Related Information

Updated: Feb 16, 2010
Document ID: 111725