Reconfiguration and Upgrade Guide for Cisco Unity Release 5.x (With Microsoft Exchange)
Changing Passwords
Downloads: This chapterpdf (PDF - 121.0KB) The complete bookPDF (PDF - 6.98MB) | Feedback

Changing Passwords

Table Of Contents

Changing Passwords

Changing Passwords for the Cisco Unity Service Accounts (Without Failover)

Changing Passwords for the Cisco Unity Service Accounts (With Failover Configured)

Changing the Active Directory Password for the Unity_<servername> and EAdmin Accounts


Changing Passwords


This chapter contains the following sections:

Changing Passwords for the Cisco Unity Service Accounts (Without Failover)

Changing Passwords for the Cisco Unity Service Accounts (With Failover Configured)

Changing the Active Directory Password for the Unity_<servername> and EAdmin Accounts

Changing Passwords for the Cisco Unity Service Accounts (Without Failover)


Note If failover is configured, see the "Changing Passwords for the Cisco Unity Service Accounts (With Failover Configured)" section instead.


To change passwords on the accounts that Cisco Unity services log on as, you determine the Active Directory accounts that the services log on as, change the password on each account, and then change the password on the Cisco Unity services.

Note that you use Active Directory Users and Computers in the procedure "To Change the Password for an Active Directory Account That Cisco Unity Services Log On As." If the program is not installed on the Cisco Unity server, you can install it (refer to Windows 2000 Server Help), or you can use a computer in the domain that includes the Cisco Unity server (for example, the domain controller) on which Active Directory Users and Computers is already installed.

Do the following four procedures in the order listed.

To Determine the Active Directory Accounts That Cisco Unity Services Log On As


Step 1 See the "Cisco Unity 5.x Services" appendix, which lists the Cisco Unity services and the Active Directory accounts that they log on as.

Step 2 For each of the Cisco Unity services that log on as an account other than Local System, note:

The name of the service.

The name of the Active Directory account in the Logs On As column.

Ignore services that log on as the Local System account.


To Change the Password for an Active Directory Account That Cisco Unity Services Log On As


Step 1 Log on to the server by using an account that has permission to change passwords (for example, a domain administrator account).

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.

Step 3 In the left pane, click Users or the organizational unit in which the Active Directory account whose password you are changing was created.

Step 4 In the right pane, right-click the name of the account, and click Reset Password.

Step 5 Enter and confirm the new password, and click OK.

Step 6 If you are changing the password on more than one account, repeat Step 4 and Step 5 for each account.


To Change the Password for Cisco Unity Services


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 In the right pane, right-click the name of the first service that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 3 Click Properties.

Step 4 Click the Log On tab.

Step 5 In the Password box and in the Confirm Password box, enter the same new password that you used for the account that the service logs on as.

Step 6 Click OK.

Step 7 Repeat Step 2 through Step 6 for each of the remaining Cisco Unity services that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 8 Shut down and restart the Cisco Unity server.


To Confirm That Cisco Unity Services Restarted After Password Changes


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 For each service for which you changed the password, confirm that the value in the Status column is Started.

Step 3 If all services started, close the Services MMC, and skip the rest of this procedure.

If one or more services failed to start, on the Windows Start menu, click Programs > Administrative Tools > Event Viewer.

Step 4 In the left pane, click System Log.

Step 5 Look for one or more errors similar to the following description:

The <CiscoUnityServiceName> service failed to start due to the following error: The service did not start due to a logon failure.

Step 6 If you find one or more such errors, confirm that the passwords for the specified services and for the corresponding accounts were changed to the same values.

Step 7 If you change any passwords again while troubleshooting, shut down and restart the Cisco Unity server, and repeat this procedure.


Changing Passwords for the Cisco Unity Service Accounts (With Failover Configured)


Note If failover is not configured, see the "Changing Passwords for the Cisco Unity Service Accounts (Without Failover)" section instead.


To change passwords on the accounts that Cisco Unity services log on as, you determine the Active Directory accounts that the services log on as, change the password on each account, and then change the password on the Cisco Unity services.

Use this procedure to change passwords for the Cisco Unity service accounts both when Exchange is installed on a separate server and when Exchange is installed on the secondary server.

Note that you use Active Directory Users and Computers in the procedure "To Change the Password for an Active Directory Account That Cisco Unity Services Log On As." If the program is not installed on the Cisco Unity server, you can install it (refer to Windows 2000 Server Help), or you can use a computer in the domain that includes the Cisco Unity server (for example, the domain controller) on which Active Directory Users and Computers is already installed.

Do the following seven procedures in the order listed.

To Determine the Active Directory Accounts That Cisco Unity Services Log On As


Step 1 See the "Cisco Unity 5.x Services" appendix, which lists the Cisco Unity services and the Active Directory accounts that they log on as.

Step 2 For each of the Cisco Unity services that log on as an account other than Local System, note:

The name of the service.

The name of the Active Directory account in the Logs On As column.

Ignore services that log on as the Local System account.


To Change the Password for an Active Directory Account That Cisco Unity Services Log On As


Step 1 Log on to the server by using an account that has permission to change passwords (for example, a domain administrator account).

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.

Step 3 In the left pane, click Users or the organizational unit in which the Active Directory account whose password you are changing was created.

Step 4 In the right pane, right-click the name of the account, and click Reset Password.

Step 5 Enter and confirm the new password, and click OK.

Step 6 If you are changing the password on more than one account, repeat Step 4 and Step 5 for each account.


To Change the Password for Cisco Unity Services on the Secondary Server


Step 1 On the secondary server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 In the right pane, right-click the name of the first service that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 3 Click Properties.

Step 4 Click the Log On tab.

Step 5 In the Password box and in the Confirm Password box, enter the same new password that you used for the account that the service logs on as.

Step 6 Click OK.

Step 7 Repeat Step 2 through Step 6 for each of the remaining Cisco Unity services that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 8 Shut down and restart the secondary server.


To Confirm That Cisco Unity Services on the Secondary Server Restarted After Password Changes


Step 1 On the secondary server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 For each service for which you changed the password, confirm that the value in the Status column is Started.

Step 3 If all services started, close the Services MMC, and skip the rest of this procedure.

If one or more services failed to start, on the Windows Start menu, click Programs > Administrative Tools > Event Viewer.

Step 4 In the left pane, click System Log.

Step 5 Look for one or more errors similar to the following description:

The <CiscoUnityServiceName> service failed to start due to the following error: The service did not start due to a logon failure.

Step 6 If you find one or more such errors, confirm that the passwords for the specified services and for the corresponding accounts were changed to the same values.

Step 7 If you change any passwords again while troubleshooting, shut down and restart the secondary server, and repeat this procedure.


To Manually Initiate Failover to the Secondary Server


Step 1 On the primary server, on the Windows Start menu, click Programs > Cisco Unity > Failover Monitor.

Step 2 Click Failover.

Step 3 Click OK to confirm that you want to fail over to the secondary server. The primary server becomes inactive, and the secondary server becomes active.


To Change the Password for Cisco Unity Services on the Primary Server


Step 1 On the primary server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 In the right pane, right-click the name of the first service that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 3 Click Properties.

Step 4 Click the Log On tab.

Step 5 In the Password box and in the Confirm Password box, enter the same new password that you used for the account that the service logs on as.

Step 6 Click OK.

Step 7 Repeat Step 2 through Step 6 for each of the remaining Cisco Unity services that you identified in the procedure "To Determine the Active Directory Accounts That Cisco Unity Services Log On As."

Step 8 Shut down and restart the primary server.


To Confirm That Cisco Unity Services on the Primary Server Restarted After Password Changes


Step 1 On the primary server, on the Windows Start menu, click Programs > Administrative Tools > Services.

Step 2 For each service for which you changed the password, confirm that the value in the Status column is Started.

Step 3 If all services started, close the Services MMC, and skip the rest of this procedure.

If one or more services failed to start, on the Windows Start menu, click Programs > Administrative Tools > Event Viewer.

Step 4 In the left pane, click System Log.

Step 5 Look for one or more errors similar to the following description:

The <CiscoUnityServiceName> service failed to start due to the following error: The service did not start due to a logon failure.

Step 6 If you find one or more such errors, confirm that the passwords for the specified services and for the corresponding accounts were changed to the same values.

Step 7 If you change any passwords again while troubleshooting, shut down and restart the primary server, and repeat this procedure.


Changing the Active Directory Password for the Unity_<servername> and EAdmin Accounts

When Cisco Unity is installed, two Active Directory accounts are automatically created: Unity_<servername> and EAdmin<8_alphanumeric_characters>. Prior to Cisco Unity 4.0(4), the default passwords on these accounts were long strings of random, alphanumeric characters. Beginning with Cisco Unity 4.0(4), the passwords are specified in the Password Hardening wizard, during installation.

Because the accounts are used only by Cisco Unity, you can change a password at any time by using the applicable Windows application. For Active Directory accounts, use Active Directory Users and Computers; for Windows NT accounts, use User Manager for Domains. For more information, refer to Help for the application.


Note To secure the accounts more effectively, you can disable (not delete) the accounts by using the same application that you use to change a password.