The Global Catalog Datastore service (AvDSGlobalCatalog) monitors the Active Directory (AD) global catalog for changes in Cisco Unity objects (users, locations, distribution lists, contacts) and sends notification of the changes to the Change Writer service. This keeps Cisco Unity synchronized with directory changes made in the Cisco Unity Administrator.
In some situations, Cisco Unity Event logs show the AvDSGlobalCatalog error message: 0x80072032 ERROR_DS_INVALID_DN_SYNTAX An Invalid dn syntax has been specified. This document discusses how to troubleshoot this issue.
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
This error message is received in the Cisco Unity Application logs intermittently:
The Cisco Unity service that monitors the global catalog (AvDSGlobalCatalog) failed to
synchronize data for an object in the global catalog with the corresponding data for the
object in the SQL Server/MSDE database on the Cisco Unity server. Unity will not be able
to synchronize all changes for this object until this is resolved. However, other objects
will continue to be synchronized.
Reason: 0x80072032 ERROR_DS_INVALID_DN_SYNTAX An Invalid dn syntax has been specified.
Note: If the object that encountered the failure was AVOBJECTTYPE_MAILUSER and the error code was ERROR_DS_NO_ATTRIBUTE_OR_VALUE, this occurs when the AD user object represented by the name portion of the event log message is a member of a distribution list that the service account for the AvDsGlobalCatalog does not have permissions to view. By viewing the member of tab on the user object in the Active Directory Users and Computers , you can obtain a list of the groups of which the user is a member. Ensure the service account for the AvDsGlobalCatalog has sufficient permissions to view these group objects.
Perform this procedure in order to resolve the issue:
Verify permissions for the UnityMsgStoreSvc account, and check if the user is a member of the Domain Admins and Local Administrators group. Run Permissions Wizard (using a Domain Admin account) from the Cisco Unity Tools Depot.
Run the Cisco Unity Services Configuration wizard from the Cisco Unity Installation and Configuration Assistant. Refer to Installing and Configuring Cisco Unity Software-Configuring Services for more information.
Try to force a reconnection by using the Domain Controller/Global Catalog (DC/GC) Reconnect Settings tool available at Cisco Unity Tools Depot > Administrative Tools. Refer to Changing the Domain Controller and Global Catalog Server for more information on DC/GC Reconnect Settings tool.
Note: This is not service impacting. Therefore, it is safe to run at anytime. When you force a reconnection, you can monitor it on the Application Log on the Event Viewer. From there, you see a message when the process starts and when it finishes.
Choose Cisco Unity Tools Depot > Diagnostics Tools, and double-click DohPropTest. Enter the password, and click the DOH Property Tester window.
Click GC Monitor, and choose TotalResync. Close the GC Monitor window, then click AD Monitor. Choose TotalResync.
Restart the AvDSAD and AvDSGlobalCatalog services.