Guest

Cisco Unity

Doing a Rolling Upgrade to Cisco Unity 5.0 with Failover Configured (With Microsoft Exchange)

  • Viewing Options

  • PDF (425.0 KB)
  • Feedback
Doing a Rolling Upgrade to Cisco Unity 5.0 with Failover Configured (With Microsoft Exchange)

Table Of Contents

Doing a Rolling Upgrade to Cisco Unity 5.0 with Failover Configured (With Microsoft Exchange)

Task List for Doing a Rolling Upgrade from Cisco Unity 4.x Software to Cisco Unity 5.0(1) with Failover Configured

Obtaining Cisco Unity License Files

Downloading Software for the Upgrade

Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data

Determining Whether to Set Up Cisco Unity to Use SSL

Installing the Microsoft Certificate Services Component

Extending the Active Directory Schema for Cisco Unity

Creating New Active Directory Accounts for Cisco Unity Installation and Services

Disabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations

Manually Failing Over, and Disabling Automatic Failover and Failback

Stopping and Disabling the World Wide Web Publishing Services on the Primary Server

Setting Permissions on an Active Directory Location by Using the Permissions Wizard

Disabling Antivirus and Cisco Security Agent Services

Running the Cisco Unity System Preparation Assistant

Upgrading to Exchange 2003 System Manager on the Cisco Unity Server

Installing the Exchange Service Pack Required by Cisco Unity Setup

Upgrading and Configuring Cisco Unity Software

Upgrading the Cisco Unity Software, and Configuring Services and Cisco Unity for the Message Store

Setting Up the Cisco Personal Communications Assistant to Use SSL

Skipping Cisco PCA Setup for SSL

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

Designating the Phone System as Cisco Unified CM Express

Installing the Latest Microsoft Service Packs

Installing Microsoft Updates and Cisco Security Agent for Cisco Unity

Stopping and Disabling the World Wide Web Publishing Services on the Primary Server

Re-enabling Antivirus and Cisco Security Agent Services

Installing Additional Dialogic Software for D/120JCT-Euro Rev 2 Voice Cards

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)

Manually Initiate Failback to the Primary Server While Automatic Failover and Failback Are Disabled

Enabling and Starting the World Wide Web Publishing Services on the Primary and Secondary Servers

Re-enabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

Disabling or Deleting Old Installation and Service Accounts

Hardening the Cisco Unity Server

Obtaining Documentation, Obtaining Support, and Security Guidelines


Doing a Rolling Upgrade to Cisco Unity 5.0 with Failover Configured (With Microsoft Exchange)


Revised August 13, 2008

The task list and procedures in this document describe the process for upgrading the Cisco Unity software from version 4.x to Cisco Unity 5.0(1) with minimal interruption to voice mail (known as a rolling upgrade).

The rolling upgrade has the following requirements:

Cisco Unity must be configured for failover.

Cisco Unity must be version 4.x. Using the rolling upgrade process for earlier versions of Cisco Unity is not supported.

Microsoft Exchange Server must be the message store. Using the rolling upgrade process when IBM Lotus Domino is the message store is not supported.


Caution During the rolling upgrade process, you will disable the World Wide Web Publishing Services service so changes to that Cisco Unity database cannot be made through the Cisco Unity Administrator and the Cisco Personal Communications Assistant. Otherwise changes to the Cisco Unity database that are made may be lost.

For systems that use the standard, optional, or alternate conversations, your subscribers may lose changes that they make through the telephony user interface (TUI) to their personal options (for example, voice names or greetings) during the rolling upgrade process. We recommend that you advise subscribers to avoid changing their personal options through the TUI during the rolling upgrade process.

For systems that have custom conversations created through the Custom Key Map Tool (Cisco Unity 4.0(5) and later), you will use the Custom Key Map Tool to disable the menu in the telephony user interface (TUI) for changing subscriber personal settings such as a new voice name or new greeting. Otherwise, changes to subscriber options that are made in the TUI may be lost.

The rolling upgrade process will not result in the loss of voice messages.

Note that the task list below contains some tasks that reference instructions in other Cisco Unity documentation.

Task List for Doing a Rolling Upgrade from Cisco Unity 4.x Software to Cisco Unity 5.0(1) with Failover Configured

Revised August 13, 2008

If the Cisco Unity system is using Cisco Unity Bridge, the order and timing of upgrade tasks are different than for a Cisco Unity system that is not using the Bridge. Refer instead to the "Upgrading from Cisco Unity 4.0(3) or Later with Bridge 3.x" chapter of the applicable Networking Guide for Cisco Unity Bridge at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

If the Cisco Unity system is using Cisco Unity Bridge version 2.x, you must upgrade to Bridge version 3.0 at the same time that you upgrade to Cisco Unity Bridge 5.x. Refer to the "Upgrading from Bridge 2.x to Bridge 3.x" chapter of the Networking Guide for Cisco Unity Bridge, Release 3.0 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html. The task list in this chapter guides you through upgrading both Cisco Unity and the Bridge.

If you want to upgrade to the latest version of the Bridge after you upgrade to Bridge 3.0 and Cisco Unity 5.x, refer to the "Upgrading Bridge 3.x Software to the Shipping Version" chapter of the Networking Guide for Cisco Unity Bridge, Release 3.1 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

If the Cisco Unity system is using Cisco Unity Bridge version 3.x, refer to the "Upgrading from Cisco Unity 4.0(3) or Later with Bridge 3.x" chapter of the applicable Networking Guide for Cisco Unity Bridge at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.



Caution Windows Server 2003 is supported on the Cisco Unity server only with Cisco Unity version 4.0(4) and later. Upgrading from Windows 2000 to Windows Server 2003 is not supported when any additional software has been installed on the server (for example, SQL Server 2000 or MSDE 2000, or Cisco Unity). Upgrading to Windows Server 2003 on an existing Cisco Unity server is supported only when you back up Cisco Unity data by using the Cisco Unity Disaster Recovery Backup tool, reinstall all software on the Cisco Unity server, and restore Cisco Unity data by using the Cisco Unity Disaster Recovery Restore tool. For more information, refer to the "Replacing or Converting a Cisco Unity 5.x Server, or Upgrading to Windows 2003" chapter of the Reconfiguration and Upgrade Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.

We recommend that you upgrade when phone traffic is light, for example, after business hours.

Start the upgrade on the primary Cisco Unity server. The task list alerts you when to begin upgrading the secondary Cisco Unity server. Some failover tasks reference detailed instructions in the Failover Configuration and Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

1. Obtain the license file(s) for the upgrade to Cisco Unity 5.x. See the "Obtaining Cisco Unity License Files" section.

2. Download software for the upgrade. See the "Downloading Software for the Upgrade" section.

3. If the partner Exchange server is running Exchange 5.5: Upgrade Exchange. Do the procedures in the applicable section in the "Upgrading Exchange on the Cisco Unity System" chapter of the applicable Reconfiguration and Upgrade Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.


Caution For Cisco Unity 4.2(1) and later, Exchange 5.5 is not supported as the message store.

4. If SMTP Networking is configured: Migrate to VPIM Networking. Beginning with Cisco Unity 5.0(1), SMTP Networking is no longer supported. See the "Migrating from SMTP Networking to VPIM Networking" chapter in the Networking Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.


Caution You must migrate from SMTP Networking to VPIM Networking before you begin the Cisco Unity upgrade, or SMTP subscribers will stop functioning.

5. Refer to Release Notes for Cisco Unity Release 5.0(1) for additional information on upgrading to the shipping version of Cisco Unity. In particular, note the items in the sections "Installation and Upgrade Notes" and "Limitations and Restrictions." Release notes are available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.

6. Check the consistency of the Cisco Unity database by using the Cisco Unity Directory Walker (DbWalker) utility, and back up Cisco Unity data by using the Disaster Recovery Backup tool. See the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section.

7. If Cisco Unity is not already using SSL: Determine whether to set up Cisco Unity to use SSL. See the "Determining Whether to Set Up Cisco Unity to Use SSL" section.

8. If you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate: Install the Microsoft Certificate Services component. See the "Installing the Microsoft Certificate Services Component" section.

9. Update the Active Directory schema. See the "Extending the Active Directory Schema for Cisco Unity" section.

10. Optional: Create new Active Directory accounts for Cisco Unity installation and services.

Beginning with Cisco Unity 4.2(1), the Permissions wizard sets only the permissions that Cisco Unity requires to function rather than setting permissions at a higher level. If you want to take advantage of the reduced permissions, you must create new Active Directory accounts for Cisco Unity installation and services. Later in the task list, you will be alerted when to run the Permissions wizard to set permissions on the new accounts, and when to change the accounts that Cisco Unity services log on as and disable or delete the old accounts. See the "Creating New Active Directory Accounts for Cisco Unity Installation and Services" section.

11. If your subscribers use a custom conversation created through the Custom Key Map Tool (Cisco Unity 4.0(5) or later): Disable the telephony user interface (TUI) menu option for changing subscriber settings in the custom conversation. See the "Disabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations" section.

12. Manually fail over to the secondary server, and disable automatic failover and failback. See the "Manually Failing Over, and Disabling Automatic Failover and Failback" section.

13. Stop and disable the World Wide Web Publishing Services service on the primary and secondary servers. See the "Stopping and Disabling the World Wide Web Publishing Services on the Primary Server" section.

14. If you downloaded the latest version of the Permissions wizard from CiscoUnityTools.com, install and run that version. Otherwise, run the version that appears in the Utilities\PermissionsWizard directory on the shipping Cisco Unity CD or DVD. For more information, refer to the Permissions wizard Help file, PWHelp_<language>.htm.


Caution You must run the Permissions wizard even if you did not create new installation and service accounts in Task 10.

We recommend that you run the Cisco Unity Permissions wizard during off-peak hours unless you are installing a new Cisco Unity system in a Voice Messaging configuration and you are not creating subscriber accounts in the corporate directory. The new version of Permissions wizard sets permissions at a more granular level that requires more changes to the Active Directory database than previous versions.

When the Permissions wizard completes, the Lsass.exe process updates the Active Directory database with the new permissions. While Lsass.exe is processing the updates, it uses 100 percent of available processor time on the root domain controller in the domain and on one of the global catalog servers in the site where the Permissions wizard was run. (Other domain controllers in the domain and other global catalog servers in the forest are also affected, but the impact is less significant.) The updates take a few minutes to several hours, depending on the size of the database. Except when the Cisco Unity server is the domain controller and the Lsass.exe process slows the screen refresh, you may continue with the Cisco Unity installation while Lsass.exe is processing changes.

15. If Cisco Unity is configured to automatically create Bridge or VPIM subscribers in a different AD location than regular subscribers: rerun the Permissions wizard, and specify the domain and location on the Set Active Directory Containers for New Objects page. See the "Setting Permissions on an Active Directory Location by Using the Permissions Wizard" section.

16. If antivirus software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Disable antivirus services and the Cisco Security Agent service. See the "Disabling Antivirus and Cisco Security Agent Services" section.

17. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, and database. Cisco Unity System Preparation Assistant also installs the Windows and the SQL Server or MSDE service packs required by the current Cisco Unity Setup. See the "Running the Cisco Unity System Preparation Assistant" section.

If you are upgrading from Cisco Unity 4.2(1) to Cisco Unity 5.0(1), you can skip this step. The Cisco Unity 4.2(1) and Cisco Unity 5.0(1) versions of the Cisco Unity System Preparation Assistant install the same software. If you are upgrading from or to any other version of Cisco Unity, you must run the Cisco Unity System Preparation Assistant.


Caution Do not install the latest service packs that are recommended for use with Cisco Unity yet. Any service packs qualified for use with the current version of Cisco Unity after the current version was released have not been tested with Cisco Unity Setup and may cause Setup to fail. In addition, do not run the latest Cisco Unity Server Updates wizard, which installs updates only for the latest recommended service packs.

18. If Exchange 2000 System Manager (not the full version of Exchange 2000) is installed on the Cisco Unity server: Upgrade to Exchange 2003 System Manager. See the "Upgrading to Exchange 2003 System Manager on the Cisco Unity Server" section.


Note Upgrade to Exchange 2003 System Manager even if you are using only Exchange 2000 as a message store. Exchange 2003 System Manager allows you to access Exchange 2000 data and also allows Cisco Unity subscriber mailboxes to be homed in Exchange 2007.


19. Install the applicable Exchange service pack. See the "Installing the Exchange Service Pack Required by Cisco Unity Setup" section.

20. Run the Cisco Unity Installation and Configuration Assistant to upgrade and configure the Cisco Unity software, and to set up the Cisco Personal Communications Assistant to use SSL. See the "Upgrading and Configuring Cisco Unity Software" section.

21. Install the latest Microsoft service packs qualified for use with Cisco Unity, if any. See the "Installing the Latest Microsoft Service Packs" section.

22. Run the Cisco Unity Server Updates wizard to install Microsoft security updates and, optionally, Cisco Security Agent for Cisco Unity. See the "Installing Microsoft Updates and Cisco Security Agent for Cisco Unity" section.

23. Stop and disable the World Wide Web Publishing Services service. See the "Stopping and Disabling the World Wide Web Publishing Services on the Primary Server" section.

24. If antivirus software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Re-enable antivirus services and the Cisco Security Agent service. See the "Re-enabling Antivirus and Cisco Security Agent Services" section.

25. If you are upgrading from Cisco Unity 4.0(1) through 4.0(4), and if Cisco Unity uses Intel Dialogic D/120JCT-Euro Rev 2 voice cards to integrate with a circuit-switched phone system: Install additional Dialogic .prm files. See the "Installing Additional Dialogic Software for D/120JCT-Euro Rev 2 Voice Cards" section.

26. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.

27. If Windows Server 2003 is installed on the Cisco Unity Server: Update Internet Explorer security settings. See the"Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)" section.

28. Run the Configure Cisco Unity Failover wizard. Refer to the "Configuring Failover on the Primary and Secondary Servers" section in the "Configuring Cisco Unity Failover" chapter of the Failover Configuration and Administration Guide for Cisco Unity, Release 5.0 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.


Note After running the Configure Cisco Unity Failover wizard on the primary server, both Cisco Unity servers will be active and will answer calls until you complete Task 29.


29. When upgrading the primary server only: Manually initiate failback to the primary server. See the "Manually Initiate Failback to the Primary Server While Automatic Failover and Failback Are Disabled" section.

30. On the secondary server, run the Permissions wizard.

When you run the Permissions wizard on the secondary server, Lsass.exe does not affect performance on domain controllers.

31. On the secondary server, repeat Task 16. through Task 28. to upgrade the server.

32. Enable and start the World Wide Web Publishing Services service on the primary and secondary servers. See the "Enabling and Starting the World Wide Web Publishing Services on the Primary and Secondary Servers" section.

33. If your subscribers use a custom conversation created through the Custom Key Map Tool (Cisco Unity 4.0(5) or later): Re-enable the telephony user interface (TUI) menu option for changing subscriber settings in the custom conversation. See the "Re-enabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations" section.

34. Review the substitute objects on the System > Configuration > Settings page of the Cisco Unity Administrator. The objects are Substitute Recipient, Substitute Owner, Substitute After Message Call Handler, and Substitute Exit Call Handler. Cisco Unity uses the objects to substitute references to any subscriber that is deleted by using the Cisco Unity Administrator without first reassigning such references (for example, ownership of a call handler or distribution list). For new installations, the Example Administrator is configured as the Substitute Recipient and Substitute Owner, and the Goodbye call handler is configured as the Substitute After Message Call Handler and Substitute Exit Call Handler. For upgrades, any changes made to the defaults will not be overwritten. However, we recommend that you review these settings now and update them if you wish to use different substitute objects. Refer to Cisco Unity Administrator Help for a description of each object and where it applies.

35. Secure the Example Administrator and Example Subscriber accounts against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.

36. If the Cisco Unity servers are connected to the corporate network: Harden the Cisco Unity servers. See the "Hardening the Cisco Unity Server" section.

37. If the system is using the AMIS or VPIM networking options: Refer to the applicable "Upgrading with <Networking Option>" section in the "Upgrading and Uninstalling Networking Options" chapter of the applicable Networking Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

38. If the system is using Cisco Unity Bridge version 3.x: Refer to the "Upgrading from Cisco Unity 4.0(3) or Later with Bridge 3.x" chapter of the applicable Networking Guide for Cisco Unity Bridge at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

Obtaining Cisco Unity License Files

License files, which enable the features purchased by the customer, are required for installing Cisco Unity software, for some upgrades, and for adding or changing licensed features. You obtain the license files by completing registration information on Cisco.com.

Shortly after registration, Cisco e-mails the license files. The e-mail from Cisco contains instructions on how to save and store the files. The Cisco Unity Reconfiguration and Upgrade Guide later provides specific instructions on the use of the license files.


Note You install the license files only on the primary server.


The following information is required during registration:

The MAC address (physical address) for the network interface card (NIC) in the Cisco Unity server.

The product authorization key (PAK), which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1.

Do the following two procedures in the order listed.

 

To Get the MAC Address of the Primary Cisco Unity Server


Step 1 On the computer on which Cisco Unity will be installed, do one of the following:

If the server contains a dual NIC that has been configured for fault tolerance, run the NIC-configuration utility provided by the manufacturer, and write down the MAC address (excluding hyphens) that is shared by the two NICs. Then skip the rest of this procedure.

If the server does not contain a dual NIC or if the server contains a dual NIC that is not configured for fault tolerance, on the Windows Start menu, click Programs > Accessories > Command Prompt.

Step 2 In the Command Prompt window, enter ipconfig /all, and press Enter.

Step 3 Write down the value of Physical Address, excluding the hyphens, or save it to a file that you can access during online registration. (For example, if the physical address is 00-A1-B2-C3-D4-E5, record 00A1B2C3D4E5.)

If the server contains more than one NIC, one value will appear for each NIC. Write down the value for the NIC that you will use to connect the Cisco Unity server to the network.

Step 4 Close the Command Prompt window.


 

To Register and Obtain the License Files


Step 1 Browse to the registration website at http://www.cisco.com/go/license (URL is case sensitive).

You must be a registered user on Cisco.com to obtain license files.

Step 2 Enter the PAK or software serial number, and click Submit.

Step 3 Follow the on-screen prompts.

Step 4 Shortly after registration, you will receive an e-mail with the Cisco Unity license files.

If license files are lost, it can take up to one business day to get another copy.


If you do not receive the license files within 1 hour or to get another copy of a license file, call the Cisco Technical Assistance Center (TAC) and ask for the Licensing Team:

In the U.S.

800 553-2447

Outside
the U.S.

For your local Cisco TAC phone number, see the Cisco Worldwide Contacts page at http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.


Or open a service request using the TAC Service Request Tool at http://tools.cisco.com/ServiceRequestTool/create/DefineProblem.do.

You will need to provide information to verify Cisco Unity ownership—for example, the purchase order number or the PAK (which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1).

 

Downloading Software for the Upgrade

This section lists the software needed to upgrade Cisco Unity. If you do not have Cisco Unity DVDs for the currently shipping version, download all of the software listed in this section.

Note the following considerations:

The downloads may total several gigabytes. Use a computer with a high-speed Internet connection, and confirm that the computer has sufficient disk space or has access to a network drive with sufficient disk space.

Most downloads are self-extracting executable files. When downloads are complete, extract the updates and burn CDs that contain the extracted files. Then delete the downloaded .exe files to free disk space.

For detailed instructions on downloading software and burning DVDs, refer to the "Installation and Upgrade Information" section of the applicable release notes, available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.


Caution Until you have installed all of the recommended service packs and updates, and, optionally, Cisco Security Agent for Cisco Unity and antivirus software, third-party components installed on the Cisco Unity server have significant security vulnerabilities. Do not connect the Cisco Unity server to the network to install software. Instead, burn DVDs that contain the downloaded software, and install the software from the DVDs.

The Cisco Unity documentation instructs you when to install the software you download.


Note To access the software download page, you must be logged on to Cisco.com as a registered user.


Download the following software for all installations. Even if you have Cisco Unity DVDs for the currently shipping version, we recommend that you download the software, some of which may have been released or updated after the discs were produced.

Cisco Unity Software

Disc images for the currently shipping Cisco Unity version, including:

The Cisco Unity installation disc.

The discs for Cisco Unity languages that you want to install on the server (other that U.S. English, which is automatically installed on all systems).

The applicable Cisco Unity Service Pack discs for the version of Cisco Unity that you are installing and for the version of Exchange that you are using. You always need Service Pack disc 1, which contains the Cisco Unity System Preparation Assistant.

Before you install Cisco Unity, you must install the Microsoft service packs that were required for that version of Cisco Unity. After you install Cisco Unity, you can install any later service packs that were qualified for use with Cisco Unity.


Note If you are upgrading from Cisco Unity 4.2(1) to Cisco Unity 5.0(1), you do not need to download Service Pack disc 1 or run the Cisco Unity System Preparation Assistant. The Cisco Unity 4.2(1) and Cisco Unity 5.0(1) versions of the Cisco Unity System Preparation Assistant install the same software. If you are upgrading from or to any other version of Cisco Unity, you must run the Cisco Unity System Preparation Assistant.


The Cisco Unity Post-Install disc, which includes the Cisco Unity Server Updates Wizard that is shipped with the version of Cisco Unity that you are installing. The updates in this version of the wizard correspond with the required service packs on the Cisco Unity Service Pack discs.

Refer to the "Downloading Software for Cisco Unity <Version>" section of the applicable Release Notes for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.

Latest Microsoft Service Packs and Cisco Unity Server Updates Wizard

Download the following software:

For the Microsoft software that you are installing on the Cisco Unity server, the latest service packs recommended for use with Cisco Unity, if later than the service packs shipped with Cisco Unity. Any service packs that are qualified for use with Cisco Unity after the most recent Cisco Unity release are available on the Microsoft Updates Software Download page at http://www.cisco.com/cgi-bin/tablebuild.pl/unity_msft_updates. Also download or print the installation instructions.

For a list of the service packs that are recommended, refer to the section "Recommended Service Packs—Cisco Unity Server" in the System Requirements for Cisco Unity for your version of Cisco Unity, at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.

The latest Cisco Unity Server Updates Wizard, which automatically installs the latest Microsoft updates for Windows, Exchange, and SQL Server or MSDE that are recommended for use with Cisco Unity. The wizard also optionally installs the latest version of the Cisco Security Agent for Cisco Unity. Available on the Microsoft Updates for Cisco Unity Software Download page at http://www.cisco.com/cgi-bin/tablebuild.pl/unity_msft_updates.

For information on the Microsoft updates and the version of Cisco Security Agent for Cisco Unity that are installed by the Server Updates Wizard, refer to Software Installed by the Cisco Unity Server Updates Wizard at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.

Cisco Unity Directory Walker Utility and Cisco Unity Disaster Recovery Tools

The latest versions of the Cisco Unity Directory Walker (DbWalker) utility utility and the Cisco Unity Disaster Recovery tools (DiRT). DbWalker is used to check the consistency of and correct errors in the Cisco Unity database before the upgrade. DiRT is used to back up Cisco Unity data before the upgrade and to restore Cisco Unity data, if necessary. (All are included on the Cisco Unity discs, but updates are posted regularly to the Cisco Unity Tools website.)

DbWalker for Cisco Unity 4.x and later is available at http://ciscounitytools.com/App_DirectoryWalker4.htm. DiRT is available at http://ciscounitytools.com/App_DisasterRecoveryTools.htm.

Cisco Unity Permissions Wizard

The latest version of the Cisco Unity Permissions wizard. The Permissions wizard for Cisco Unity 5.0(1) and later is available at http://ciscounitytools.com/App_PW_501.htm.

Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data

Before you upgrade Cisco Unity, we recommend that you run the DbWalker utility to check the consistency of the Cisco Unity database. Running DbWalker fixes most minor errors automatically and flags any major errors.

On a system with a few hundred subscribers, running DbWalker takes only a few minutes. However, on a large system, running DbWalker may take several hours. The duration depends on the speed of the processor, the amount of RAM in the server, the number of calls that Cisco Unity is taking, and other variables.

We also recommend that you back up Cisco Unity data by using the Disaster Recovery Backup tool. Running the tool takes only a few minutes, and having a DiRT backup allows you to restore Cisco Unity data easily, if necessary.

 

To Check the Consistency of the Cisco Unity Database


Step 1 On the Cisco Unity server, install the latest version of DbWalker, if it is not already installed.

If Cisco Unity failover is configured, do this procedure on the primary server.

Step 2 Run DbWalker, and correct all errors that the utility finds. Refer to DbWalker Help for detailed instructions on running the utility and on correcting errors in the database. (The Help file, DbWalker.htm, is in the same directory as DbWalker.exe.)

 


If you choose to back up messages as well as Cisco Unity data in the next procedure, backing up takes longer, the size of the backup is significantly larger, and the account with which you log on to Windows requires additional permissions. Refer to DiRT Help for detailed information.

 

To Back Up Cisco Unity Data


Step 1 On the Cisco Unity server, install the latest versions of DiRT, if the tools are not already installed.

If Cisco Unity failover is configured, do this procedure on the secondary server.

Step 2 Back up Cisco Unity data by using the Disaster Recovery Backup tool. Refer to DiRT Help for detailed instructions. (The Help file, UnityDisasterRecovery.htm, is in the same directory as UnityDisasterRecoveryBackup.exe.)


Caution Follow Help carefully. DiRT includes a variety of options that you must understand to use the tools successfully. In addition, the account you are logged on as when you back up Cisco Unity data must have sufficient permissions or the backup will fail.

 


Determining Whether to Set Up Cisco Unity to Use SSL


Note If Cisco Unity is already using SSL, skip this section.


When subscribers log on to the Cisco Personal Communications Assistant (PCA), their credentials are sent across the network to Cisco Unity in clear text. The same is true in the following situations:

When the Cisco Unity Administrator and the Status Monitor are configured to use the Anonymous authentication method.

With the Mobile Message Access for BlackBerry feature, when data is sent between the Cisco Unity server and the BlackBerry server.

In addition, the information that subscribers enter on the pages of the Cisco PCA and of the Cisco Unity Administrator (regardless of which authentication method it uses) is not encrypted.

For increased security, we recommend that you set up Cisco Unity to use the Secure Sockets Layer (SSL) protocol. SSL uses public/private key encryption to provide a secure connection between servers and clients, and uses digital certificates to authenticate servers or servers and clients. (A digital certificate is a file that contains encrypted data that attests to the identity of an organization or entity, such as a computer.)

Using the SSL protocol ensures that all Cisco Unity subscriber credentials—as well as the information that a subscriber enters on any page of the Cisco Unity Administrator and the Cisco PCA—are encrypted as the data is sent across the network. In addition, when you set up Cisco Unity to use SSL, each time that a subscriber tries to access any Cisco Unity web application, the browser will confirm that it is connected with the real Cisco Unity server—and not an entity falsely posing as such—before allowing the subscriber to log on.

To set up a web server such as Cisco Unity to use SSL, you can either obtain a digital certificate from a certificate authority (CA) or use Microsoft Certificate Services available with Windows to issue your own certificate. (A CA is a trusted organization or entity that issues and manages certificates at the request of another organization or entity.) Cost, certificate features, ease of setup and maintenance, and the security policies practiced by the organization are some of the issues to consider when determining whether you should purchase a certificate from a CA or issue your own.

Information on third-party CAs, Microsoft Certificate Services, and SSL is widely available on the Internet, as well as in the Windows and IIS online documentation. Such sources can help you determine whether to use SSL and how to set up a web server to use it.

 

Installing the Microsoft Certificate Services Component


Note If you do not plan to set up Cisco Unity to use SSL or if you want to use a digital certificate from a Certificate Authority to set up Cisco Unity to use SSL, skip this section.


Do the procedure in this section if you plan to set up Cisco Unity to use SSL and you want to use the Microsoft Certificate Services available with Windows to issue your own certificate. You may install the component on the Cisco Unity server or on another server.

 

To Install the Microsoft Certificate Services Component


Step 1 On the server that will act as your certificate authority (CA) and issue certificates, on the Windows Start menu, click Settings > Control Panel > Add/Remove Programs.

Step 2 Click Add/Remove Windows Components.

Step 3 In the Windows Components dialog box, check the Certificate Services check box. Do not change any other items. When the warning appears about not being able to rename the computer, or to join or be removed from a domain, click Yes.

Step 4 Click Next.

Step 5 Click Stand-alone Root CA, and click Next. (A stand-alone CA is a CA that does not require Active Directory.)

Step 6 Follow the on-screen prompts to complete the installation. For information, refer to the Windows documentation.

If a message appears that Internet Information Services is running on the computer and must be stopped before proceeding, click OK to stop the services.

Step 7 In the Completing the Windows Components Wizard dialog box, click Finish.

Step 8 Close the Add Remove Programs dialog box and Control Panel.


 

Extending the Active Directory Schema for Cisco Unity

Several changes to the Active Directory schema are required for Cisco Unity to work properly. To see the changes that the schema update program makes, browse to the directory Schema\LdifScripts on Cisco Unity CD 1, and view the file Avdirmonex2k.ldf.

Changes to the Active Directory schema may take 15 minutes or more to replicate throughout the forest. These changes must finish replicating before you can install Cisco Unity.

To Extend the Active Directory Schema


Step 1 Confirm that all domain controllers are on line. (The Active Directory schema extensions replicate only when all domain controllers are on line.)

Step 2 On the computer that has the schema master role (typically the first DC/GC in the forest), log on to Windows as a user who is a member of the Schema Admins group.

Step 3 On Cisco Unity DVD 1, browse to the directory ADSchemaSetup, and double-click ADSchemaSetup.exe.

Step 4 In the Active Directory Schema Setup dialog box, check the Exchange Directory Monitor check box.

Step 5 If you have ever used, are currently using, or plan to use VPIM Networking or Bridge Networking, check the applicable boxes.


Caution If the schema has ever been updated with Bridge Connector and/or VPIM Connector extensions (for Bridge Networking and VPIM Networking, respectively) from an earlier version of Cisco Unity, you must update those extensions and the Directory Monitor extensions even if you are no longer using the Bridge or VPIM.

Step 6 Click OK.

Step 7 When the schema extension has finished, Ldif.log and Ldif.err files are saved to the desktop. View the contents of these files to confirm that the extension completed successfully.


Creating New Active Directory Accounts for Cisco Unity Installation and Services

Beginning with Cisco Unity 4.2(1), the Permissions wizard sets only the permissions that Cisco Unity requires to function rather than setting permissions at a higher level. If you want to take advantage of the reduced permissions, create new Active Directory domain accounts for Cisco Unity installation and services.


Caution The Permissions wizard does not take permissions away, it only grants permissions. If you run the Permissions wizard on existing accounts, permissions will not be reduced.

To Create New Domain Accounts for Cisco Unity Installation and Services


Step 1 On the Cisco Unity server or another server where Active Directory Users and Computers is installed, log on to Windows by using an account that is a member of the Domain Admins group.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Active Directory Users and Computers.

Step 3 In the left pane, expand the domain, right-click Users or the organizational unit where you want to create the installation account, and click New > User.

Step 4 Follow the on-screen prompts to create the installation account. Creating an Exchange mailbox is optional.

We suggest that you use the following names for the accounts.

Installation

UnityInstall

Account that Cisco Unity directory services log on as (directory services account)

UnityDirSvc

Account that Cisco Unity message store services log on as (message store services account)

UnityMsgStoreSvc


Step 5 Repeat Step 3 and Step 4 to create the Cisco Unity directory services account and message store services account.

Step 6 Ensure that for the accounts that Cisco Unity services log on as, the password will never expire. If the password expires, Cisco Unity will stop working the next time the server is restarted.

Step 7 Close Active Directory Users and Computers.


Disabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations

If your system uses only the following conversations, skip this section:

Standard Conversation

Optional Conversation 1

Alternate Keypad Mapping N

Alternate Keypad Mapping S

Alternate Keypad Mapping X

For systems that use a custom conversation created through the Custom Key Map Tool (Cisco Unity 4.0(5) and later), this section describes the steps to prevent access to subscriber options through the telephony user interface (TUI) so subscribers cannot change their personal settings such as a new voice name or a new greeting.


Caution You must disable the TUI menu option for changing subscriber settings on all customized subscriber conversations. Otherwise, changes made to subscriber settings through the TUI may be lost.

Note the following:

During the upgrade process, subscribers will be able to listen to, and send voice messages.

At the end of the upgrade process, the changes to the custom subscriber conversation will be reversed.

To Disable TUI Menu Options for Changing Subscriber Settings in Custom Conversations


Step 1 On the primary server, on the desktop, double-click Cisco Unity Tools Depot.

Step 2 In the Tools Depot window, in the left pane, expand Administration Tools.

Step 3 Double-click Custom Key Map.

Step 4 In the Editing - Custom Keypad Mapping window, on the Select Key Map menu, click a custom key map that subscribers are using.

Step 5 Click the Main Menu tab.

Step 6 In the left pane, click Change Setup Options.

Step 7 Under Key Map, select the number and press Delete so the field is blank and press Enter.

Step 8 Click Save.

Step 9 Repeat Step 4 through Step 8 for all remaining custom conversations that subscribers use.

Step 10 Click Exit.

Step 11 Close the Editing - Custom Keypad Mapping window.


Manually Failing Over, and Disabling Automatic Failover and Failback

This section contains procedures for disabling automatic failover and failback, and for manually initiating failover while the automatic functions are disabled.

Note that when automatic failover and failback are disabled:

File replication is also disabled.

You must manually force a server to become active or inactive by using the Failover Monitor.

If you restart the primary and secondary servers while automatic failover and failback are disabled, both servers start as inactive, so Cisco Unity is not able to take calls.


Note When you disable automatic failover and failback, the primary server never fails over to the secondary server even if the primary server stops taking calls. In addition, the secondary server never fails back to the primary server even if you have specified a schedule for automatic failback.


To Manually Initiate Failover to the Secondary Server


Step 1 On the primary server, on the Windows Start menu, click Programs > Cisco Unity > Failover Monitor.

Step 2 Click Failover.

Step 3 Click OK to confirm that you want to fail over to the secondary server.

Step 4 To maintain Cisco Unity functionality for all subscribers, do the tasks in the following sections as applicable:

"Notifying Subscribers of the Active Server and the URLs to Use for Accessing Cisco Unity Web Applications" section in the "Tasks Required When Failover or Failback Occurs" chapter of the applicable Failover Configuration and Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

"T1 Integrations Through Voice Cards: Enabling the Phone System to Send Calls to the Active Server After Failover or Failback Occurs" section in the "Tasks Required When Failover or Failback Occurs" chapter of the applicable Failover Configuration and Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.


To Disable Automatic Failover and Failback


Step 1 On the primary server, on the Windows Start menu, click Programs > Cisco Unity > Failover Monitor.

Step 2 Click Advanced.

Step 3 Check the Disable Automatic Failover and Failback check box.

Step 4 Click OK.


Stopping and Disabling the World Wide Web Publishing Services on the Primary Server

This section describes the steps to prevent access to Cisco Unity Administrator and the Cisco Personal Communications Assistant so changes to the Cisco Unity database cannot be made.


Caution We recommend that you stop and disable the World Wide Web Publishing Services. Otherwise, changes made through the Cisco Unity Administrator and the Cisco Personal Communications Assistant during the rolling upgrade process may be lost.


Note After doing this procedure, subscribers and administrators will not be able to access the Cisco Unity Administrator and the Cisco Personal Communications Assistant.


To Stop and Disable the World Wide Web Publishing Services on the Primary and Secondary Servers


Step 1 On the primary server, on the Windows Start menu, click Programs > Administrative Tools > Component Services.

Step 2 In the Component Services window, in the right pane, double-click World Wide Web Publishing Services.

Step 3 In the World Wide Web Publishing Services Properties dialog box, in the Startup Type drop-down box, click Disabled.

Step 4 Click Stop and click OK.

Step 5 On the secondary server, repeat Step 1 through Step 4.


Setting Permissions on an Active Directory Location by Using the Permissions Wizard

You rerun the Permissions Wizard to update the permissions on the Active Directory location where Cisco Unity automatically creates Bridge and/or VPIM subscribers, if it is different from the location where Cisco Unity creates regular subscribers. If Cisco Unity is configured to automatically create both Bridge and VPIM subscribers in different locations, do the following procedure for the Bridge subscriber location, and repeat the procedure for the VPIM subscriber location.

Run the Permissions wizard during off-peak hours. Beginning with Cisco Unity 4.2(1), the Permissions wizard sets permissions at a more granular level than previous versions did, which requires more changes to the Active Directory database.


Caution When the Permissions wizard completes, the Lsass.exe process updates the Active Directory database with the new permissions. While Lsass.exe is processing the updates, it uses 100% of available processor time on the root domain controller in the domain and on one of the global catalog servers in the site where the Permissions wizard was run. (Other domain controllers in the domain and other global catalog servers in the forest are also affected, but the impact is less significant.) The updates take a few minutes to several hours, depending on the size of the database. Do not continue with the Cisco Unity upgrade until Lsass.exe has finished processing the changes, or Cisco Unity Setup may fail.

To Set Permissions on the AD Location by Using the Permissions Wizard


Step 1 If you downloaded the latest version of Permissions wizard from CiscoUnityTools.com, install and run that version. Otherwise, run the version that appears in the Utilities\PermissionsWizard directory on the shipping Cisco Unity CD or DVD.

Step 2 Click Next without changing any options until you arrive at the Set Active Directory Containers for New Objects page.

Step 3 Choose the domain and the applicable container or organizational unit in which Cisco Unity automatically creates Bridge or VPIM subscribers.


Note The Permissions wizard only has the ability to grant permissions—it does not remove any permissions. Following this procedure will add the necessary permissions on the container or OU that you select, but will not remove permissions that are already granted on other containers for Cisco Unity.


Step 4 Click Next and follow the prompts to complete the Permissions wizard.


Disabling Antivirus and Cisco Security Agent Services


Note If the system is not using antivirus software or Cisco Security Agent for Cisco Unity, skip this section.


You disable antivirus and Cisco Security Agent services on the server so that they do not slow down the installation of software or cause the installations to fail. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to re-enable the services after all of the installation procedures that can be affected are complete.

 

To Disable and Stop Antivirus and Cisco Security Agent Services


Step 1 Refer to the antivirus software documentation to determine the names of the antivirus services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Disable and stop each antivirus service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Disabled. This prevents the service from starting when you restart the server.

c. Click Stop to stop the service immediately.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been disabled, close the Services MMC.


 

Running the Cisco Unity System Preparation Assistant

The Cisco Unity System Preparation Assistant is a program that helps customize the platform for Cisco Unity by checking for and installing Windows components, Microsoft service packs and updates, and other software required by Cisco Unity. (For a detailed list, refer to Components and Software Installed by the Cisco Unity Platform Configuration Discs and the Cisco Unity System Preparation Assistant at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.)


Caution Do not run the Cisco Unity System Preparation Assistant remotely by using Windows Terminal Services or other remote-access applications, or the installation of required software may fail.

If a Microsoft AutoMenu window appears while the Cisco Unity System Preparation Assistant is installing an application, close the window and allow the assistant to continue.

To Run the Cisco Unity System Preparation Assistant


Step 1 Log on to Windows by using an account that is a member of the Local Administrators group.

Step 2 On the Cisco Unity Service Packs DVD, browse to the Cuspa directory, and double-click Cuspa.vbs.

If you are accessing the Cisco Unity System Preparation Assistant files on another server, use Windows Explorer or the "net" command to map the network drive to a drive letter on the Cisco Unity server before you run Cuspa.vbs.

Step 3 If prompted, double-click the language of your choice to continue the installation.

Step 4 On the Welcome screen, click Next.

Step 5 On the Cisco Unity Server Characteristics page, set the following fields:

Configuration

Click Unified Messaging or Voice Messaging Only, depending on the Cisco Unity configuration.

Failover

Check the This Is a Primary or Secondary Failover Server check box if the system is using failover.

Number of Ports

Enter the number of voice ports that you are connecting with the Cisco Unity server.


Step 6 Click Next. The assistant lists the components and indicates whether or not they are installed.

Step 7 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to install the additional software required by Cisco Unity.

Step 8 If MSDE Service Pack 4 is being installed, skip to Step 9.

If SQL Server Service Pack 4 is being installed, install it now:

a. On the Welcome screen, click Next.

b. Follow the on-screen prompts until you are prompted to choose the authentication mode.

c. Choose Windows authentication, and click Next.

d. If the SA Password Warning dialog box appears, enter and confirm the password, and click Next.

e. On the Backward Compatibility Checklist page, do not check the Enable Cross-Database Ownership Chaining for All Databases [Not Recommended] check box.

f. Follow the on-screen prompts to continue.

g. If you are prompted about shutdown tasks before continuing with the installation, click Next.

h. Click Finish to begin installing components.

i. When the Setup message appears, click OK.

j. Click Finish to restart the server.

k. Skip to Step 10.

Step 9 If MSDE Service Pack 4 is being installed, install it now:

a. Follow the on-screen prompts.

b. When the installation is complete, click Yes to restart the server.

Step 10 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to install the additional software required by Cisco Unity.

Step 11 When the Cisco Unity System Preparation Assistant has completed, click Finish.


Upgrading to Exchange 2003 System Manager on the Cisco Unity Server

If Exchange 2000 System Manager is installed on the Cisco Unity server (and the full version of Exchange is not), do the following procedure to upgrade to Exchange 2003 System Manager.


Note If you have no other Exchange 2003 servers in the forest, you are prompted to run forestprep and domainprep before you are allowed to install Exchange 2003 System Manager. Follow the onscreen prompts.


To Upgrade Exchange 2000 System Manager to Exchange 2003 System Manager


Step 1 On the Cisco Unity server, insert the Cisco Unity Message Store 2003 disc in the DVD drive.

Step 2 If the disc does not run automatically, browse to the root directory, and double-click Setup.exe.

Step 3 Click Exchange Deployment Tools.

Step 4 Click Install Exchange System Management Tools Only.

Step 5 On the Install Exchange System Management Tools Only page, scroll down to Step 4 and click Run Setup Now.


Note In early editions of Exchange 2003, Step 3 on the Install Exchange System Management Tools Only page incorrectly listed Windows Server 2003 Administration Tools Pack as required when the operating system is Windows 2000 Server. In later editions of Exchange 2003, this requirement was removed from Help, as explained in Microsoft Knowledge Base article 826966.


Step 6 In the Welcome to Microsoft Exchange Installation wizard, click Next.

Step 7 In the License Agreement dialog box, click I Agree, and click Next.

Step 8 In the Component Selection dialog box, in the Action column, set the actions for the following three components:

Microsoft Exchange 2003

Change the action to Custom.

Microsoft Exchange Messaging and Collaboration Services

Change the action to None.

Microsoft Exchange System Management Tools

Leave the action as Install.


Step 9 Click Next.

Step 10 Follow the on-screen prompts to complete the installation.

Step 11 Restart the server.


Installing the Exchange Service Pack Required by Cisco Unity Setup

Do the applicable procedure to install the Exchange service pack that you downloaded when you did the "Downloading Software for the Upgrade" section:

To Install Exchange 2000 Service Pack 3

To Install Exchange 2003 Service Pack 2

Install the service pack on the following servers:

The Cisco Unity server. If failover is configured, both the primary and secondary Cisco Unity servers.

The partner Exchange server.

The Exchange servers on which Cisco Unity subscribers are homed.

To Install Exchange 2000 Service Pack 3


Step 1 On Cisco Unity Service Packs DVD 1, browse to the directory Exchange_2000_SP3\Setup\I386, and double-click Update.exe.

Step 2 Follow the on-screen prompts to complete the installation.

Step 3 Restart the server.

Step 4 If you have not already done so, repeat this procedure on the partner Exchange server and on every Exchange 2000 server on which Cisco Unity subscriber mailboxes are homed.


 

To Install Exchange 2003 Service Pack 2


Step 1 On Cisco Unity Service Packs DVD 1, browse to the directory Exchange_2003_SP1\Setup\I386, and double-click Update.exe.

Step 2 Follow the on-screen prompts to complete the installation.

Step 3 Restart the server.

Step 4 If you have not already done so, repeat this procedure on the partner Exchange server and on every Exchange 2003 server on which Cisco Unity subscriber mailboxes are homed.


 

Upgrading and Configuring Cisco Unity Software

To upgrade and configure Cisco Unity software, you use the Cisco Unity Installation and Configuration Assistant to run four programs in a specific order. The programs:

Check the system and upgrade the Cisco Unity software.

Configure the Cisco Unity services.

Configure Cisco Unity for the message store.

Configure the Cisco Personal Communications Assistant to use SSL, if applicable.

Do the procedures in the following two subsections in the order listed.

Upgrading the Cisco Unity Software, and Configuring Services and Cisco Unity for the Message Store

To Upgrade and Configure the Cisco Unity Software


Step 1 Log on to Windows by using the Cisco Unity installation account.


Caution If you have not already done so, disable antivirus and Cisco Security Agent services on the server, if applicable. Otherwise, the installation may fail.

Step 2 On Cisco Unity DVD 1, browse to the root directory and double-click Setup.exe.

Step 3 If prompted, double-click the language of your choice to continue the upgrade.

Step 4 If you have already installed the Cisco Unity 5.0 upgrade license, skip to Step 5.

If you have not already installed the upgrade license, on the Install a Cisco Unity Upgrade License page, click Run the Cisco Unity Install License File Wizard.

a. On the Welcome to the Cisco Unity License File wizard page, click Next.

b. On the Add or Remove License Files page, add or remove the applicable license files:

If you are installing the upgrade license file on a non-failover Cisco Unity server, browse to the location of the upgrade license file, and double-click the license file name.

If you are installing the upgrade license file on the primary Cisco Unity server in a failover configuration, browse to the location of the upgrade license file, and double-click the license file name.

If you are installing a license file on the Cisco Unity secondary server in a failover configuration, remove the Cisco Unity 4.x default license file CiscoUnity40.lic. Then browse to the CommServer\Licenses directory on the Cisco Unity installation disc, and add CiscoUnity50.lic.

c. Follow the on-screen prompts to finish the wizard.

Step 5 On the Cisco Unity Installation and Configuration Assistant Welcome screen, click Continue.

Step 6 If you already checked the consistency of the Cisco Unity database by using DbWalker, as recommended in the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section, click Skip DbWalker, click OK, and skip to Step 7.

If you have not checked the consistency of the Cisco Unity database recently, we recommend that you do so now. On a system with a few hundred subscribers, running DbWalker takes only a few minutes. However, on a large system, running DbWalker may take several hours. The duration depends on the speed of the processor, the amount of RAM in the server, the number of calls that Cisco Unity is taking, and other variables. Click Run DbWalker from the Installation Media, click Continue, and follow the on-screen prompts.

Step 7 If you have already backed up Cisco Unity data by using the Disaster Recovery Backup tool, as recommended in the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section, click Skip DiRT, click OK, and skip to Step 8.

If you have not backed up Cisco Unity data recently, we recommend that you do so now. Running the Disaster Recovery Backup tool takes only a few minutes, and having a DiRT backup allows you to restore Cisco Unity data easily, if necessary. Click Run DiRT from the Installation Media, click Continue, and follow the on-screen prompts.

Step 8 In the main window of the assistant, click Run the Cisco Unity Setup Program.

Step 9 If prompted, double-click the language of your choice to continue the upgrade.

Step 10 If a message to stop services appears, click OK.

Step 11 Click Next or Continue without changing values until the Select Features dialog box appears.

Step 12 In the Select Features dialog box:

a. Check the Upgrade Cisco Unity check box.

b. If the Cisco Unity license includes text to speech, check the Enable TTS check box.

If not, uncheck the Enable TTS check box.

c. If Windows 2000 is installed on the server, uncheck the Install Voice Card Software check box.


Caution If Cisco Unity is integrated with a circuit-switched phone system and you reinstall voice card software, the Dialogic quiet parameter and software settings for the D/120JCT-Euro and D/240PCI-T1 voice cards are reset to default values.

Step 13 Click Next or Continue without changing values until you are prompted to restart the Cisco Unity server.


Caution Do not cancel Cisco Unity Setup, or you may have to uninstall and reinstall Cisco Unity. In some cases, nothing may appear to be happening for long periods. To confirm that Cisco Unity Setup is still working, right-click the Windows taskbar and click Task Manager, then the Processes tab and Image Name (to sort by process name), and find Setup.exe. It should be using more than 0% of the CPU.

Step 14 Check the Yes, I Want to Restart My Computer Now check box, and click Finish.

Step 15 In the main window of the Cisco Unity Installation and Configuration Assistant, click Run the Cisco Unity Services Configuration Wizard. (You should be logged on to Windows with the Cisco Unity installation account.)

If you created a new installation account and service accounts in the "Creating New Active Directory Accounts for Cisco Unity Installation and Services" section, specify the new accounts when prompted.

Step 16 On the Welcome screen, click Next.

Step 17 Choose the message store type, and click Next.

Step 18 Follow the on-screen prompts to complete the configuration.

Step 19 In the main window of the assistant, click Run the Cisco Unity Message Store Configuration Wizard.

Step 20 Confirm that the message store server is running. If the message store server is not running, configuring the message store will fail.

Step 21 On the Welcome screen, click Next.

Step 22 Follow the on-screen prompts.

Step 23 When the message store configuration is complete, click Next.

Step 24 If you have not previously set up Cisco Unity to use SSL, the Set Up the Cisco Personal Communications Assistant to Use SSL page appears. Skip to the next subsection, "Setting Up the Cisco Personal Communications Assistant to Use SSL."

If Cisco Unity is already set up to use SSL, when the Summary screen appears, click Close.


Setting Up the Cisco Personal Communications Assistant to Use SSL

From the Cisco Unity Installation and Configuration Assistant, you can set up the Cisco PCA to use SSL. Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco PCA—are encrypted as the data is sent across the network.

After the Cisco Unity Installation and Configuration Assistant is finished and the Cisco PCA is set up to use SSL, you manually set up the Cisco Unity Administrator and Status Monitor to use SSL. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to do the procedure.

 

 

If you do not want to set up the Cisco PCA to use SSL, see the "Skipping Cisco PCA Setup for SSL" section.

To set up the Cisco PCA to use SSL, do the procedures in the applicable section, depending on whether you are using a certificate authority:

"Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority" section

"Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority" section

If the Cisco Unity server is running Windows Server 2003, you can set up the Cisco Personal Communications Assistant to use SSL now. However, the option to do so by creating a local certificate without a certificate authority has not been automated for Windows Server 2003. If you want to set up the Cisco PCA to use SSL by using this method, you must do so manually. Refer to the "Using SSL to Secure Client/Server Connections" chapter of the Security Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.

Skipping Cisco PCA Setup for SSL

Do the procedure in this section if you do not want to set up the Cisco PCA to use SSL. (Note that without SSL when subscribers log on to the Cisco PCA, their credentials will be sent across the network to Cisco Unity in clear text. In addition, the information that subscribers enter on the pages of the Cisco PCA will not be encrypted.)

 

To Skip Cisco PCA Setup for SSL


Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, Click Do Not Set Up Cisco Personal Communications Assistant to Use SSL.

Step 2 Click Continue.

Step 3 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


 

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

To Set Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority


Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, click Create a Local Certificate Without a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.

If not, skip to Step 5.

Step 5 Right-click Default Web Site, and click Properties.

Step 6 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 7 Under Secure Communications, click Server Certificate.

Step 8 On the Web Server Certificate wizard Welcome page, click Next.

Step 9 Click Create a New Certificate, and click Next.

Step 10 Click Prepare the Request Now, But Send It Later, and click Next.

Step 11 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 12 Click Next.

Step 13 Enter the organization information, and click Next.

Step 14 For the common name of the site, enter either the system name of the Cisco Unity server or the fully qualified domain name.


Caution The name must exactly match the host portion of any URL that will access the system by using a secure connection.

Step 15 Click Next.

Step 16 Enter the geographical information, and click Next.

Step 17 Specify the certificate request file name and location, and write down the file name and location because you will need the information later in this procedure.

Step 18 Click Next.

Step 19 Verify the request file information, and click Next.

Step 20 Click Finish to exit the Web Server Certificate wizard.

Step 21 Click OK to Close the Default Web Site Properties dialog box.

Step 22 Close the Internet Services Manager window.

Step 23 In the Cisco Unity Installation and Configuration Assistant, in the Enter Certificate Request File box, enter the full path and file name of the certificate request file that you specified in Step 17.

Step 24 Click Create Certificate.

Step 25 Click Internet Services Manager.

Step 26 Expand the name of the Cisco Unity server.

Step 27 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.

If not, skip to Step 28.

Step 28 Right-click Default Web Site, and click Properties.

Step 29 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 30 Under Secure Communications, click Server Certificate.

Step 31 On the Web Server Certificate wizard Welcome page, click Next.

Step 32 Click Process the Pending Request and Install the Certificate.

Step 33 Click OK.

Step 34 In the Process a Pending Request dialog box, click OK to accept the default path and file name of the pending certificate request.

Step 35 In the Certificate Summary dialog box, click Next.

Step 36 Click Finish to exit the Web Server Certificate wizard.

Step 37 Click OK to Close the Default Web Site Properties dialog box.

Step 38 Close the Internet Services Manager window.

Step 39 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 40 Click Internet Services Manager.

Step 41 Right-click the name of the Cisco Unity server, and click Restart IIS.

Step 42 In the Stop/Start/Restart dialog box, click Restart Internet Services on <Servername>.

Step 43 Click OK.

Step 44 Close the Internet Services Manager window.

Step 45 In the Cisco Unity Installation and Configuration Assistant, click Continue.

Step 46 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


 

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

This section contains four procedures.

If you are using Microsoft Certificate Services to issue your own certificate, do all four procedures in the order listed.

 

If you are using a certificate purchased from a Certificate Authority (for example, VeriSign), do only the fourth procedure, "To Install the Certificate" section.

To Create a Certificate Request by Using Microsoft Certificate Services


Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, click Use a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.

If not, skip to Step 5.

Step 5 Right-click Default Web Site, and click Properties.

Step 6 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 7 Under Secure Communications, click Server Certificate.

Step 8 On the Web Server Certificate wizard Welcome page, click Next.

Step 9 Click Create a New Certificate, and click Next.

Step 10 Click Prepare the Request Now, But Send It Later, and click Next.

Step 11 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 12 Click Next.

Step 13 Enter the organization information, and click Next.

Step 14 For the common name of the site, enter either the system name of the Cisco Unity server or the fully qualified domain name.


Caution The name must exactly match the host portion of any URL that will access the system by using a secure connection.

Step 15 Click Next.

Step 16 Enter the geographical information, and click Next.

Step 17 Specify the certificate request file name and location, and write down the file name and location because you will need the information in the next procedure.

Save the file to a disk or to a directory that the certificate authority (CA) server can access.

Step 18 Click Next.

Step 19 Verify the request file information, and click Next.

Step 20 Click Finish to exit the Web Server Certificate wizard.

Step 21 Click OK to Close the Default Web Site Properties dialog box.

Step 22 Close the Internet Services Manager window.

Step 23 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


 

To Submit the Certificate Request by Using Microsoft Certificate Services


Step 1 On the server that is acting as the CA, on the Windows Start menu, click Run.

Step 2 Run Certreq.

Step 3 Browse to the directory where you saved the certificate request file, and double-click the file.

Step 4 Click the CA to use, and click OK.


 

Once the CA submits the certificate request, it assigns a pending status by default for added security. This requires a person to verify the authenticity of the request and to manually issue the certificate.

 

To Issue the Certificate by Using Microsoft Certificate Services


Step 1 On the server that is acting as the CA, on the Windows Start menu, click Programs > Administrative Tools > Certification Authority.

Step 2 In the left pane of the Certification Authority window, expand Certification Authority.

Step 3 Expand <Certification Authority name>.

Step 4 Click Pending Requests.

Step 5 In the right pane, right-click the request, and click All Tasks > Issue.

Step 6 In the left pane, click Issued Certificates.

Step 7 In the right pane, double-click the certificate to open it.

Step 8 Click the Details tab.

Step 9 In the Show list, choose <All>, and click Copy to File.

Step 10 On the Certificate Export wizard Welcome page, click Next.

Step 11 Accept the default export file format DER encoded binary X.509 (.CER), and click Next.

Step 12 Specify a file name and a location that the Cisco Unity server can access, and click Next.

Step 13 Verify the settings, and click Finish.

Step 14 Click OK to close the Certificate Details dialog box.

Step 15 Close the Certification Authority window.


 

To Install the Certificate


Step 1 On the Cisco Unity server, double-click the CUICA icon on the desktop.

Step 2 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.

Step 3 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, at Step 3, click Internet Services Manager.

Step 4 Expand the name of the Cisco Unity server.

Step 5 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.

If not, skip to Step 6.

Step 6 Right-click Default Web Site, and click Properties.

Step 7 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 8 Under Secure Communications, click Server Certificate.

Step 9 On the Web Server Certificate wizard Welcome page, click Next.

Step 10 Click Process the Pending Request and Install the Certificate, and click Next.

Step 11 Browse to the directory of the certificate (.cer) file, and double-click the file.

Step 12 Verify the certificate information, and click Next.

Step 13 Click Finish to exit the Web Server Certificate wizard.

Step 14 Click OK to close the Default Web Site Properties dialog box.

Step 15 Close the Internet Services Manager window.

Step 16 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 17 Restart IIS:

a. Click Internet Services Manager.

b. Right-click the name of the Cisco Unity server, and click Restart IIS.

c. In the Stop/Start/Restart dialog box, click Restart Internet Services on <Servername>.

d. Click OK.

e. Close the Internet Services Manager window.

Step 18 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


Designating the Phone System as Cisco Unified CM Express


Note If the Cisco Unity system is configured for failover, skip this section. The Cisco Unified CM Express integration is not supported with Cisco Unity failover.


You must do the procedure in this section when both of the following conditions apply:

You are upgrading to the shipping version of Cisco Unity from Cisco Unity 4.0(1) through 4.0(4).

Cisco Unity is integrated with Cisco Unified CM Express or with a Cisco Unified CM cluster that includes a Cisco Unified CM Express server.

Doing the procedure enables all the Cisco Unified CM Express integration features listed in the applicable Cisco Unified CM Express integration guide.

To Designate the Phone System as Cisco Unified CM Express


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Cisco Unity > Manage Integrations. UTIM appears.

Step 2 In the left pane of the UTIM window, click the Cisco Unified CM Express integration or the Cisco Unified CM integration that includes a Cisco Unified CM Express server.

Step 3 In the right pane, click the applicable cluster.

Step 4 In the right pane, click the Servers tab.

Step 5 In the list of servers, double-click the first Cisco Unified CM Express server.

Step 6 In the Modify Server dialog box, in the IP Address or Host Name field, enter the IP address of the Cisco Unified CM Express server.

Step 7 Check the This Server Is Cisco Unified CM Express check box.

Step 8 Click OK.

Step 9 On the Servers tab, click Save.

Step 10 At the prompt to restart the Cisco Unity services, click Yes. The Cisco Unity services restart.


Note When restarting Cisco Unity, use the UTIM prompt instead of the Cisco Unity icon in the Windows taskbar. The taskbar icon does not restart all the Cisco Unity services.


Step 11 Exit UTIM.


Installing the Latest Microsoft Service Packs

You install the latest Microsoft service packs that has been qualified for use with Cisco Unity, if any, as well as the corresponding updates, to enhance the security of the Cisco Unity server. Do the following procedures.

To Install the Latest Microsoft Service Packs, If Any


Follow the instructions that you printed or downloaded when you downloaded the service pack.


Installing Microsoft Updates and Cisco Security Agent for Cisco Unity

You run the Cisco Unity Server Updates wizard on the Cisco Unity Post-Install DVD to install the Microsoft updates that apply to Cisco Unity and, optionally, to install Cisco Security Agent for Cisco Unity. (If you do not have Cisco Unity discs, you downloaded the Cisco Unity Server Updates wizard in the "Downloading Software for the Upgrade" section.)

If Cisco Security Agent for Cisco Unity is already installed on the server, you must disable and uninstall it before you can install the latest version. For more information, see the Release Notes for Cisco Security Agent for Cisco Unity for the version of Cisco Security Agent for Cisco Unity currently installed. Release notes are available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.

To Install Microsoft Updates and, Optionally, Cisco Security Agent for Cisco Unity


Step 1 Insert in the Cisco Unity Post-Install disc in the drive.

Step 2 Run ServerUpdatesWizard.exe.

Step 3 Follow the on-screen prompts to complete the installation of Microsoft updates and, optionally, Cisco Security Agent for Cisco Unity.


Note If you are accessing the server by using Remote Desktop or a VNC client, and you are installing Cisco Security Agent for Cisco Unity, the Remote Desktop or VNC session will be disconnected when Cisco Security Agent for Cisco Unity restarts the network interface. If the session does not reconnect automatically, reconnect manually to finish the Server Updates wizard.


Step 4 Restart the Cisco Unity server.


Stopping and Disabling the World Wide Web Publishing Services on the Primary Server

When the primary server restarts, the World Wide Web Publishing Services service is enabled and restarted. This section describes the steps to stop and disable the service again.


Note After doing this procedure, subscribers and administrators will not be able to access the Cisco Unity Administrator and the Cisco Personal Communications Assistant.


To Stop and Disable the World Wide Web Publishing Services on the Primary and Secondary Servers


Step 1 On the primary server, on the Windows Start menu, click Programs > Administrative Tools > Component Services.

Step 2 In the Component Services window, in the left pane, double-click World Wide Web Publishing Services.

Step 3 In the World Wide Web Publishing Services Properties dialog box, in the Startup Type drop-down box, click Disabled.

Step 4 Click Stop and click OK.

Step 5 On the secondary server, repeat Step 1 through Step 4.


Re-enabling Antivirus and Cisco Security Agent Services

You re-enable antivirus and Cisco Security Agent services now that all of the software installations that could have been affected if the services were running are complete.

 

If you installed Cisco Security Agent for Cisco Unity when you ran the Server Updates wizard, you do not need to re-enable or start it.

To Re-enable and Start Antivirus and Cisco Security Agent Services


Step 1 Refer to the antivirus software documentation to determine the names of the antivirus services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Re-enable and start each antivirus service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Automatic to re-enable the service.

c. Click Start to start the service.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been re-enabled, close the Services MMC.


 

Installing Additional Dialogic Software for D/120JCT-Euro Rev 2 Voice Cards

The Dialogic D/120JCT-Euro Rev 2 voice card requires some software that is installed automatically with Cisco Unity 4.0(5) and later but that was not installed for Cisco Unity versions 4.0(1) through 4.0(4). If you are upgrading to the shipping version from Cisco Unity 4.0(1) through 4.0(4) and you are using D/120JCT-Euro Rev 2 voice cards, do the following procedure.

To Install Additional Dialogic Software for the Dialogic D/120JCT-Euro Rev 2 Voice Card


Step 1 On a secure server, go to the Other Cisco Unity Components Software Download page at http://www.cisco.com/cgi-bin/tablebuild.pl/unity, and download the file DialogicD120JCTEuro.exe.


Note To access the software download page, you must be logged on to Cisco.com as a registered user.


Step 2 Click the file DialogicD120JCTEuro.exe.

Step 3 When prompted to verify the software image, click Next.

Step 4 On the Software Download Rules page, click Accept.

Step 5 Follow the on-screen prompts to download the file.

Step 6 When the download is complete, copy the file DialogicD120JCTEuro.exe to the Cisco Unity server.

Step 7 On the Cisco Unity server, in Windows Explorer, double-click DialogicD120JCTEuro.exe.

Step 8 Follow the on-screen prompts to extract the following three files to the directory Commserver\Dialogic\Data:

nz_120jr2.prm

au_120jr2.prm

eu_120jr2.prm

Step 9 Right-click the Cisco Unity icon in the status area of the taskbar, and click Stop Cisco Unity.

Step 10 On the Windows Start menu, click Programs > Dialogic System Software > Dialogic Configuration Manager - DCM.

Step 11 On the Dialogic Configuration Manager Service menu, click Stop Service.

Step 12 On the Dialogic Configuration Manager Service menu, click Start Service.

Stopping and restarting the service forces the Rev 2 card(s) to download the updated .prm files.

Step 13 On the Windows Start menu, click Programs > Startup > AvCsTrayStatus to restart the Cisco Unity icon.

Step 14 When the Cisco Unity icon appears in the status area of the taskbar, right-click it.

Step 15 Click Start Cisco Unity.


Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL


Note If you are not setting up Cisco Unity to use SSL, skip this section.


Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco Unity Administrator—are encrypted as the data is sent across the network.

To Set Up the Cisco Unity Administrator and Status Monitor to Use SSL


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Internet Services Manager.

Step 2 Expand the name of the Cisco Unity server.

Step 3 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.

If not, skip to Step 4.

Step 4 Expand Default Web Site.

Step 5 Under Default Web Site, right-click Web, and click Properties.

Step 6 In the Properties dialog box, set the Web directory to use SSL:

a. Click the Directory Security tab.

b. Under Secure Communications, click Edit.

c. Check the Require Secure Channel (SSL) check box.

d. Click OK to close the Secure Communications dialog box.

e. Click OK to close the Properties dialog box.

Step 7 Under Default Web Site, right-click SAWeb, and click Properties.

Step 8 Repeat Step 6 to set the SAWeb directory to use SSL.

Step 9 Under Default Web Site, right-click Status, and click Properties.

Step 10 Repeat Step 6 to set the Status directory to use SSL.

Step 11 Under Default Web Site, double-click AvXml.

Step 12 In the right pane, right-click AvXml.dll, and click Properties.

Step 13 In the Properties dialog box, click the File Security tab.

Step 14 Under Secure Communications, click Edit.

Step 15 Check the Require Secure Channel (SSL) check box.

Step 16 Click OK to close the Secure Communications dialog box.

Step 17 Click OK to close the AvXml.dll Properties dialog box.

Step 18 Close the Internet Services Manager window.


 

Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)

This section applies only when Windows Server 2003 is installed on the Cisco Unity server.

If you created a Cisco Unity administration account as recommended by the Cisco Unity installation guide, and if you log on to Windows using that account, the changes that Windows Server 2003 Service Pack 1 makes to default Internet Explorer security settings cause the Cisco Unity Administrator to display a blank page. Do the following procedure to configure Internet Explorer to display the Cisco Unity Administrator when you log on to Windows using the administration account.

To Configure Internet Explorer to Display the Cisco Unity Administrator


Step 1 Log on to the Cisco Unity server using the Cisco Unity administration account.

Step 2 Right click the Cisco Unity icon in the system tray, and click Launch System Admin.

Step 3 If you are prompted to provide a user name and password, click Cancel.

Step 4 On the Internet Explorer Tools menu, click Internet Options.

Step 5 Click the Security tab.

Step 6 Under Select a Web Content Zone to Specify Its Security Settings, click the Trusted Sites icon.

Step 7 Click Sites.

Step 8 In the Trusted Sites dialog box, in the Add This Website to the Zone field, enter the applicable value depending on whether the Cisco Unity Administrator is set up to use SSL:

If the Cisco Unity Administrator is set up to use SSL

Enter https:\\<CiscoUnityServerName>

If the Cisco Unity Administrator is not set up to use SSL

Enter http:\\<CiscoUnityServerName>


Step 9 If the Cisco Unity Administrator is set up to use SSL, check the Require Server Verification (https:) for All Sites in This Zone check box. If not, uncheck the check box.

Step 10 Click Add.

Step 11 Click Close to close the Trusted Sites dialog box.

Step 12 On the Security tab, click Custom Level.

Step 13 In the Security Settings dialog box, change the value of the Reset To list to Low.

Step 14 Click Reset, and click Yes to confirm that you want to change the security settings for this zone.

Step 15 Click OK to close the Security Settings dialog box.

Step 16 If the Security Settings dialog box does not close:

a. Close the dialog box by clicking the X in the upper-right corner.

b. In the "not responding" message box, click End Now. (The "not responding" message box may take a few seconds to appear.)

Step 17 Restart the Cisco Unity Administrator.


Manually Initiate Failback to the Primary Server While Automatic Failover and Failback Are Disabled

This section describes the steps for manually initiating failback to the primary server.

To Manually Initiate Failback to the Primary Server While Automatic Failover and Failback Are Disabled


Step 1 On the secondary server, on the Windows Start menu, click Programs > Cisco Unity > Failover Monitor.

Step 2 Click Force Inactive.

Step 3 Click OK to confirm that you want to fail back to the primary server.

Step 4 To maintain Cisco Unity functionality for all subscribers, do the tasks in the following sections as applicable:

"Notifying Subscribers of the Active Server and the URLs to Use for Accessing Cisco Unity Web Applications" section in the "Tasks Required When Failover or Failback Occurs" chapter of the applicable Failover Configuration and Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.

"T1 Integrations Through Voice Cards: Enabling the Phone System to Send Calls to the Active Server After Failover or Failback Occurs" section in the "Tasks Required When Failover or Failback Occurs" chapter of the applicable Failover Configuration and Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_feature_guides_list.html.


Enabling and Starting the World Wide Web Publishing Services on the Primary and Secondary Servers

This section describes the steps to re-enable access to Cisco Unity Administrator and the Cisco Personal Communications Assistant so changes to the Cisco Unity database can be made again.

To Enable and Start the World Wide Web Publishing Services on the Primary and Secondary Servers


Step 1 On the primary server, on the Windows Start menu, click Programs > Administrative Tools > Component Services.

Step 2 In the Component Services window, in the left pane, double-click World Wide Web Publishing Services.

Step 3 In the World Wide Web Publishing Services Properties dialog box, in the Startup Type drop-down box, click Automatic, then click Apply.

Step 4 Click Start and click OK.

Step 5 Repeat Step 1 through Step 4 on the secondary server.


Re-enabling the TUI Menu Option for Changing Subscriber Settings in Custom Conversations

For systems that use a custom conversation created through the Custom Key Map Tool (Cisco Unity 4.0(5) and later), this section describes the steps to re-enable access to subscriber options through the telephony user interface (TUI) so subscribers can change their personal settings again such as a new voice name or a new greeting.

To Re-enable TUI Menu Options for Changing Subscriber Settings


Step 1 On the primary server, on the desktop, double-click Cisco Unity Tools Depot.

Step 2 In the Tools Depot window, in the left pane, expand Administration Tools.

Step 3 Double-click Custom Key Map.

Step 4 In the Editing - Custom Keypad Mapping window, on the Select Key Map menu, click a custom key map that subscribers are using.

Step 5 Click the Setup tab.

Step 6 In the left pane, click Change Setup Options.

Step 7 Under Key Map, enter the key that was originally assigned to this menu.

Step 8 Click Save.

Step 9 Repeat Step 4 through Step 8 for all remaining custom conversations that subscribers use.

Step 10 Click Exit.

Step 11 Close the Editing - Custom Keypad Mapping window.


Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

It is possible for a malicious user to dial into Cisco Unity, log on as the Example Administrator or Example Subscriber by using the default extension and password, and configure Cisco Unity to forward calls to phone numbers for which there are charges or to reconfigure greetings so an operator believes the messaging system is personally accepting collect-call charges. To help secure Cisco Unity against toll fraud, we strongly recommend that you change the phone password for both accounts after Cisco Unity is installed.

Although the Example Subscriber account is no longer created during Cisco Unity installation in versions 4.0(3) and later, you may still have an Example Subscriber account from an earlier version, as the account is not removed during the upgrade process.

(For information on the accounts, refer to the "Default Accounts" section in the "Default Accounts and Message Handling" chapter of the System Administration Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.)

To Change the Password on the Example Administrator and Example Subscriber Accounts


Step 1 In the Cisco Unity Administrator, go to any Subscribers > Subscribers page.

Step 2 Click the Find icon.

Step 3 On the Find and Select Subscriber page, click Find.

Step 4 Click Example Administrator.

Step 5 In the left pane, click Phone Password.

Step 6 In the right pane, check the User Cannot Change Password check box.

Step 7 Check the Password Never Expires check box.

Step 8 Under Reset Phone Password, enter and confirm a new password by using digits 0 through 9.

We recommend that you enter a long and nontrivial password; 20 digits or more is desirable. (The minimum length of the password is set on the Subscribers > Account Policy > Phone Password Restrictions page.) In a nontrivial password:

The digits are not all the same (for example, 9999).

The digits are not consecutive (for example, 1234).

The password is not the same as the extension assigned to the example account.

The password does not spell the name of the example account, the name of the company, the name of the IT manager, or any other obvious words.

Step 9 Click the Save icon.

 

Step 10 Click the Find icon.

Step 11 On the Find and Select Subscriber page, click Find.

Step 12 Click Example Subscriber.

Step 13 Repeat Step 5 through Step 9 for Example Subscriber.

Step 14 Close the Cisco Unity Administrator.


Disabling or Deleting Old Installation and Service Accounts

If you created new installation and service accounts to take advantage of the reduced Active Directory permissions that are set by the Permissions wizard beginning with Cisco Unity 4.2(1), use Active Directory Users and Computers (ADUC) to disable or delete the old accounts. Refer to ADUC Help for more information.

Hardening the Cisco Unity Server


Note If the Cisco Unity server is not connected to the corporate network, skip this section.


We strongly recommend that you secure Cisco Unity and the Cisco Unity server. Refer to the Security Guide for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html