Guest

Cisco Unity

Unity Failover Wizard Configuration Example

Cisco - Unity Failover Wizard Configuration Example

Document ID: 26060

Updated: May 20, 2010

   Print

Introduction

This document describes how to configure the failover between Cisco Unity servers with the Unity Failover Wizard. This document is based on Cisco Unity 3.1.4. For more information on architecture, refer to Cisco Unity Failover Configuration and Administration Guide, Release 3.1.

Prerequisites

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

Before you configure Cisco Unity failover, make sure that you meet the requirements mentioned in the Requirements for Cisco Unity Failover document.

Components Used

The information in this document is based on these software and hardware versions:

  • Two Cisco Unity servers Version 3.1.4.

  • The second Cisco Unity server must have "Failover Backup Server" set on the key in order to function as a secondary server.

  • The IP address of the primary Cisco Unity server (Budweiser) is 10.48.79.89.

  • The IP address of the secondary Cisco Unity server (Guinness) is 10.48.79.88.

  • The IP address of the Exchange 2000 offbox (Harp) is 10.48.79.90.

  • All three servers have been installed in the domain "dublinbrew.com."

The information presented in this document was created from devices in a specific lab environment. All the devices used in this document started with a cleared (default) configuration. If you work in a live network, ensure that you understand the potential impact of any command before you use it.

Configure the Cisco Unity Failover Wizard

Step-by-Step Instructions

These steps show how to properly use the Cisco Unity Failover Wizard to configure the failover between two Unity servers:

  1. In Windows Explorer, browse to the directory in which Cisco Unity is installed. The default directory is C:\CommServer.

  2. Double-click FailoverConfig.exe to start the Cisco Unity Failover Wizard. Click Next.

    unity_failover_config1.gif

    1. Click Browse.

    2. Choose the name of the secondary server.

    3. Click OK.

      The IP address for the secondary server is filled in automatically. If the system runs Cisco Unity Version 3.1(3) or later, and you want the switch file for the chosen phone system to replicate with the Wizard, check the Copy switch files from primary server to secondary server check box.

      Note: The switch file is replicated only while the Cisco Unity Failover Wizard is used. If you choose a different phone system after you run the Wizard, the new switch file is not replicated to the secondary server. In addition, changes to the phone system settings are not replicated between the primary and secondary servers. If you change the phone system settings after you run the Cisco Unity Failover Wizard, you must change the values on both servers manually.

    unity_failover_config2.gif

  3. Browse to the account that owns the failover service. Input the password for this account.

    unity_failover_config3.gif

  4. Specify the same account on both the primary and the secondary servers, and then click the Configure button.

    The Wizard verifies the settings and configures failover on the primary server.

    unity_failover_config4.gif

  5. Watch the progress of the Wizard.

    Note: The Structured Query Language (SQL) replication is performed automatically by the Wizard within the Wizard configuration.

    unity_failover_config5.gif

  6. If the Wizard does not finish the configuration successfully, an error message explains why the Wizard failed.

    1. Exit the Wizard.

    2. Correct the problem.

    3. Click the Configure button again.

    unity_failover_config6.gif

  7. Click the Finish button to complete the installation.

    unity_failover_config7.gif

  8. Perform the same procedure on the secondary server. On this server, you will point to the primary server (Budweiser - 10.48.79.89). Once this is done, go to Start > Programs > Unity > Failover Monitor.

    The Failover Monitor window opens:

    unity_failover_config8.gif

    Obtain this information from the Failover Monitor window:

    • The operation mode is enabled. This means that the failover is set to run automatically.

    • The partner servername is Guinness (secondary server).

    • The local status of this server is Running;Active.

    • The remote status of this server is Running;Inactive.

  9. Click the Configure button on the Failover Monitor window to open the Failover Configuration window.

    unity_failover_config9.gif

    Obtain this information from the Failover Configuration window:

    • The ping interval is 1000 ms. Pings are pushed to the other partner every second. These are health checks to see if the other partner is still "alive."

    • The number of missed pings before failover is 30. In this case, it would failover after 30 seconds if it missed 30 pings.

    • The file replication interval is 10 minutes.

    • Failback has been set to Manual.

    The primary server comes up (after the failover secondary server had taken over when the primary server initially went down). The failback can be scheduled now. This way, failback will attempt to contact the primary server automatically between the time range indicated in the Scheduled Failback area.

  10. Click the Advanced button on the Failover Monitor window to open the Failover Advanced Options window.

    unity_failover_config10.gif

    In the Failover Advanced Options window, you can either set the failover and failback to occur manually or disable it.

Verify the Result

This section provides information that you can use to confirm that your configuration works properly.

Once the failover has been activated on the primary server, both servers will go through these steps. This trace has been taken from the output view on the Failover Monitor window.

The primary server shows a Running-Active status, and the secondary server shows a Running-Inactive status in this example:

11:50:09 Local, AvCsMgr,Running-Active;AvDSAD,Active;
    AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;Miu,
    Active;Notifier,Active;Ruler,Active;Scheduler,Active;
11:50:09 Remote, AvCsMgr,Running-Inactive;AvDSAD,Inactive;
    AvDSGlobalCatalog,Inactive;AvUMRSyncSvr,Inactive;
    Miu,Inactive;Notifier,Inactive;Ruler,Inactive;Scheduler,Inactive;
11:50:10 Local, AvCsMgr,Running-Active;AvDSAD,Active;
    AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;Miu,Active;
    Notifier,Active;Ruler,Active;Scheduler,Active;

This example shows that the failover has been activated:

11:50:10 Failover, AvCsMgr

This example shows that the primary server has started to deactivate:

11:50:11 Local, AvCsMgr,Running-Starting Deactivation;
    AvDSAD,Active;AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;
    Miu,Active;Notifier,Active;Ruler,Active;
11:50:11 Remote, AvCsMgr,Running-Inactive;AvDSAD,Inactive;
    AvDSGlobalCatalog,Inactive;AvUMRSyncSvr,Inactive;Miu,Inactive;
    Notifier,Inactive;Ruler,Inactive;Scheduler,Inactive;

This example shows that the secondary server has started to activate:

11:50:16 Local, AvCsMgr,Running-Failback;AvDSAD,Failback;
    AvDSGlobalCatalog,Failback;AvUMRSyncSvr,Failback;Miu,Failback;
    Notifier,Failback;Ruler,Failback;Scheduler,Failback;
11:50:16 Remote, AvCsMgr,Running-Activating;AvDSAD,Inactive;
    AvDSGlobalCatalog,Inactive;AvUMRSyncSvr,Inactive;Miu,Inactive;
    Notifier,Inactive;Ruler,Inactive;Scheduler,Inactive;

11:50:22 Local, AvCsMgr,Running-Failback;AvDSAD,Failback;
    AvDSGlobalCatalog,Failback;AvUMRSyncSvr,Failback;Miu,Failback;
    Notifier,Failback;Ruler,Failback;Scheduler,Failback;

The secondary server now runs as the primary server, as shown in this example:

11:50:22 Remote, AvCsMgr,Running-Active;AvDSAD,Active;
    AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;Miu,Active;
    Notifier,Active;Ruler,Active;Scheduler,Active;

11:50:23 Local, AvCsMgr,Running-Completing Deactivation;
    AvDSAD,Inactive;AvDSGlobalCatalog,Failback;AvUMRSyncSvr,Failback;
    Miu,Failback;Notifier,Failback;Ruler,Failback;Scheduler,Failback;
11:50:23 Remote, AvCsMgr,Running-Active;AvDSAD,Active;
    AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;Miu,Active;
    Notifier,Active;Ruler,Active;Scheduler,Active;

11:50:27 Local, AvCsMgr,Running-Inactive;AvDSAD,Inactive;
    AvDSGlobalCatalog,Inactive;AvUMRSyncSvr,Inactive;Miu,Inactive;
    Notifier,Inactive;Ruler,Inactive;Scheduler,Inactive;
11:50:27 Remote, AvCsMgr,Running-Active;AvDSAD,Active;
    AvDSGlobalCatalog,Active;AvUMRSyncSvr,Active;Miu,Active;
    Notifier,Active;Ruler,Active;Scheduler,Active;

Troubleshoot

This section provides information that you can use to troubleshoot your configuration.

Error: Method LogonUser Returned [0x522]: A Required Privilege is Not Held by the Client

When you try to run failover configuration wizard on a Cisco unity primary server, it returns the error method logonUser returned [0x522]: A required privilege is not held by the client.

This happens because the login account does not have sufficient privileges. A UnityInstall account is required to run the failover configuration wizard. Log in with a UnityInstall account to solve this problem.

Error: You might not have permission to use this network resource

When trying to run the Failover Configuration Wizard on the primary server, the system displays this message:

You might not have permission to use this network
resource. Contact the administrator of this server to find out if you have access
permissions.

Also, this error message appears on the event logs:

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10016
Date:		4/27/2010
Time:		3:51:06 AM
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	XYZ
Description:
The machine-default permission settings do not grant Local Activation permission for the
COM Server application with CLSID 
{60EB7702-6A7A-11D1-8029-00C04FAD610B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be
modified using the Component Services administrative tool.

In order to resolve the issue, complete these steps:

  1. On the server where you cannot see the other server name you will need to add the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Active Voice\AvCsNodeMgr\1.0

  2. Create a new string value named Partner Server Name with a value of the other server name in the failover cluster.

  3. Create a string value Partner Server IP with a value of the IP address of the other server.

  4. Re-run the failover configuration wizard, and you should now be able to complete running the wizard

Cisco Unity Failover Configuration Wizard Fails on the Secondary Server

Error: Cannot generate SSPI context

The Cisco Unity Failover Configuration Wizard ran successfully on the primary Unity server, but it failed when it ran on the secondary Unity server; this error message displayed: Cannot generate SSPI context.

This error can happen due to the ServicePrincipalNames (SPN) issue between the primary and secondary Unity servers. In order to resolve the SPN related issues, download setspn.exe from Microsoft and perform these procedures:

  1. List the SPNs in both the Unity server with the setspn -L <servername> command from the command prompt.

  2. In order to delete any current SPN for the MSSQLSvc entry, type this at a command prompt: setspn -D “MSSQLSvc/<machine:port> <serviceaccountname>” <servername>

    Note: The string inside quotes must match exactly what is seen in the list from step 1. The quotes must be used around the string.

You require domain administrator rights to execute these commands. In order to remove that SPN, it is necessary to continue with the failover configuration.

For more information, refer to the Microsoft Knowledge Base Article 811889 .

Error: Failed to verify SQL Configuration table

Problem 1

The Cisco Unity Failover Configuration Wizard failed on the secondary server with this error message:

Failed to verify SQL Configuration table.
DETAILED INFORMATION:
Method IAvRdbConnection::Execute(ILMNSD-VMAIL02, csp_ConfigurationCleanupLastModifiedTime)
returned [0x80040e37]:

Solution

Perform these steps in order to resolve the issue:

  1. On the secondary server, go to C:\CommServer and run confimgr.exe.

  2. Click Advanced, and select the Reset All default Configuration settings option under the Select the re-Configuration Operation menu.

  3. Run the Message Store Configuration Wizard on the secondary server.

  4. Make sure that Unity is up and running on the secondary server.

  5. Run this command:

    osql -E -d UnityDb -Q "update Configuration set LastModifiedTime=NULL"

Problem 2

The Cisco Unity Failover Configuration Wizard fails on the secondary server with this error message:

Failed to verify SQL Configuration table.
DETAILED INFORMATION
Method IAcRdbConnection::Execute(PLYSVML05, csp_ConfigurationCleanupLastModifiedTime)
returned [0x80040e37]

Solution

Verify these items in order to resolve the issue:

  • Verify that the MSSQLSERVER and SQLSERVERAGENT services are set to log on as the Cisco Unity directory services account.

  • Verify that services logon is set in domain\username format.

Error: The SQL Distribution Agent Failed to Start

When you run the failover configuration wizard on the secondary Unity server, this error message appears:

The SQL distribution agent failed to start in a reasonable amount of time.
As a result, Cisco Unity Failover will not work properly. Disable all Cisco Unity
replication using the SQL Enterprise Manager and run this wizard again.

In order to resolve this issue, make sure that the MSSQLSERVER and SQLSERVERAGENT services run as accounts that are in the Domain Admin group.

Error: Cannot Generate SSPI Context

Solution 1

The most common cause for this error is missing SPNs. This error is generated when SSPI uses Kerberos to delegate over TCP/IP and Kerberos cannot complete the necessary operations to successfully delegate the user security token to the destination computer that runs the SQL server.

In order to resolve this error, run the setspn.exe utility. This utility is usually installed as part of the support tools on your domain controllers. If you do not have the utility, download setspn.exe leavingcisco.com from Microsoft, and run the file as a domain administrator.

Run the SETSPN.exe -L command in order to check whether the Unity Server is missing the SPN for the SQL server:

SETSPN.exe -L
Sample Output:

Primary (SPN missing)

C:\Program Files\Resource Kit>setspn.exe -L UNITYSVR
Registered ServicePrincipalNames for CN=UNITYSVR,OU=Call Center
Servers,OU=Domain Servers,DC=pefcu,DC=publixcu,DC=com:
    SMTPSVC/UNITYSVR
    SMTPSVC/UNITYSVR.pefcu.publixcu.com
    HOST/UNITYSVR
    HOST/UNITYSVR.pefcu.publixcu.com

Secondary(With SPN)

C:\Program Files\Resource Kit>setspn.exe -L UNITYSVR2
Registered ServicePrincipalNames for CN=UNITYSVR2,OU=Call Center
Servers,OU=Domain Servers,DC=pefcu,DC=publixcu,DC=com:
    exchangeMDB/UNITYSVR2
    exchangeMDB/UNITYSVR2.pefcu.publixcu.com
    exchangeRFR/UNITYSVR2
    exchangeRFR/UNITYSVR2.pefcu.publixcu.com
    MSSQLSvc/UNITYSVR2.pefcu.publixcu.com:1433
    SMTPSVC/UNITYSVR2.pefcu.publixcu.com
    SMTPSVC/UNITYSVR2
    HOST/UNITYSVR2
    HOST/UNITYSVR2.pefcu.publixcu.com

In order to add the SPN for the SQL Server on the Unity server, run this command: setspn -A MSSQLSvc/UNITYSVR.pefcu.publixcu.com:1433 UNITYSVR.

You must reboot the server in order for the new value to take effect.

Solution 2

Complete these steps in order to resolve this issue:

  1. Verify that the Computer Browser service is started on both Cisco Unity servers.

    Refer to How to troubleshoot the "Cannot generate SSPI context" error message for more details.

    Note: Use the UnityInstall account and Log on as for both the MSSQLSERVER and SQLSERVERAGENT services, as the UnityInstall account is a member of the Domain Admins group.

  2. Run the Failover Configuration Wizard on the secondary Cisco Unity server.

Related Information

Updated: May 20, 2010
Document ID: 26060