Cisco Unity Installation Guide (With Microsoft Exchange), Release 4.0(3)
Upgrading Cisco Unity 3.x Software to Version 4.0(3)

Table Of Contents

Upgrading Cisco Unity 3.x Software to Version 4.0(3)

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) Without Failover

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) When Failover Is Configured

Preparing for a Possible Downgrade to Cisco Unity Version 3.1(5) (Optional)

Converting from the System Key to License Files

Disabling Virus-Scanning and Cisco Security Agent Services

Installing the Microsoft Updates Recommended for Use with Cisco Unity

Installing Exchange 2000 Service Pack 2

Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)

Upgrading and Configuring Cisco Unity Software

Starting the Cisco Unity Installation and Configuration Assistant and Upgrading Cisco Unity Software

Installing License Files

Configuring Services

Configuring the Message Store

Converting the Integration with the Phone System to a Cisco Unity Version 4.0 Integration

Setting Up the Cisco Personal Communications Assistant to Use SSL

Skipping Cisco PCA Setup for SSL

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

Re-enabling Virus-Scanning and Cisco Security Agent Services


Upgrading Cisco Unity 3.x Software to Version 4.0(3)


The task lists and procedures in this chapter apply only to upgrading the Cisco Unity software from version 3.x to version 4.0(3). Note that the lists contain some tasks that reference instructions in other Cisco Unity documentation.

For information on modifying hardware or other software, or on adding Cisco Unity features, see the "Task List for Modifying the Cisco Unity 4.0(3) System" section after you have finished upgrading the software.

This chapter contains the following sections:

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) Without Failover

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) When Failover Is Configured

Preparing for a Possible Downgrade to Cisco Unity Version 3.1(5) (Optional)

Converting from the System Key to License Files

Disabling Virus-Scanning and Cisco Security Agent Services

Running the Cisco Unity System Preparation Assistant

Installing the Microsoft Updates Recommended for Use with Cisco Unity

Installing Exchange 2000 Service Pack 2

Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)

Upgrading and Configuring Cisco Unity Software

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

Re-enabling Virus-Scanning and Cisco Security Agent Services

Hardening the Cisco Unity Server

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) Without Failover


Note If the system is using Cisco Unity failover, see the "Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) When Failover Is Configured" section instead.


This task list contains all upgrade tasks for upgrading Cisco Unity 3.x software to version 4.0(3). Follow the documentation for a successful upgrade.

Do not remove the system key before completing the upgrading and configuration process. The Cisco Unity Installation Guide alerts you when to remove the key during the upgrade process.

The Cisco Unity server will be out of service while the Cisco Unity software is upgraded.


Caution Cisco Unity 3.x does not support Exchange 2003. Before you run Exchange 2003 Forestprep to begin an upgrade to Exchange 2003, you must first upgrade Cisco Unity to version 4.0(3). Otherwise, the changes that Forestprep makes to Active Directory will cause Cisco Unity to stop functioning.

1. Optional: Prepare for a possible downgrade if there are problems with the upgrade. See the "Preparing for a Possible Downgrade to Cisco Unity Version 3.1(5) (Optional)" section.

2. Obtain license file(s). See the "Converting from the System Key to License Files" section.

3. If you do not have DVDs or CDs for Cisco Unity 4.0(3), including Service Release 1: Download the following software:

The applicable Cisco Unity CDs and Cisco Unity Service Pack CDs. Refer to the "Downloading Software for Cisco Unity 4.0(3)" section of Release Notes for Cisco Unity Release 4.0(3) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/cu403rn.htm.

Cisco Unity 4.0(3) Service Release 1 (a rollup of 4.0(3) engineering specials). Refer to the "Downloading Service Release 1" section of Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

4. Download the latest Microsoft updates that are recommended for use with Cisco Unity from the Microsoft Updates for Unity Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity_msft_updates. Most of the updates are included on the Cisco Unity 4.0(3) SR1 Post-Install CD, but the website is updated monthly, so you should check for new updates even if you have the CD.

5. Confirm that the Cisco Unity server name (netBIOS name) contains only alphabetical characters A to Z and a to z, numerical characters 0 to 9, and hyphens (-). Note that an underscore in the Cisco Unity server name is not supported. (If present, it prevents successful completion of the upgrade and prevents access to the Cisco Unity Administrator.)


Caution Using other characters in the server name is not supported by DNS.

6. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.

7. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.

8. Install the Microsoft updates recommended for use with Cisco Unity. See the "Installing the Microsoft Updates Recommended for Use with Cisco Unity" section.

9. If Cisco Unity subscribers are homed in Exchange 2000: Install Exchange 2000 Service Pack 2, if it is not already installed. See the "Installing Exchange 2000 Service Pack 2" section.

Service Pack 2 is currently the required service pack for Exchange 2000. We recommend that you install Service Pack 3 and the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, in that order, because they resolve an intermittent problem with message notification. Both are available on Cisco Unity Service Packs CD 3.


Note If you choose to install Service Pack 3 and the Post-Service Pack 3 Rollup on the Cisco Unity server, you should also install them on the Exchange 2000 servers on which Cisco Unity subscribers are homed. If the security rollup is not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Activity like this is seen by intrusion-detection systems as port scans or attacks.


10. If Cisco Unity subscribers are homed in Exchange 2000: Extend the Active Directory schema for Cisco Unity. See the "Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)" section.

11. Familiarize yourself with the domain accounts you will create in Task 12. The same accounts and permissions are required for installing a new Cisco Unity 4.0(3) system and for upgrading from previous versions of Cisco Unity. See the "About the Accounts Required for the Cisco Unity Installation" section.

12. Create the applicable accounts that are needed to install Cisco Unity. See the "Creating the Accounts Required for the Cisco Unity Installation" section.

13. If you created a Cisco Unity administration account in Task 12.: Add the account either to the local Administrators group—when the Cisco Unity server is a member server—or to the Domain Admins group—when the Cisco Unity server is a domain controller. See the "Adding the Cisco Unity Administration Account to an Admins Group" section.

14. Set rights and permissions for the accounts that you created in Task 12. See the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.

15. If voice card software is installed: Remove the voice card software. See the "Removing Intel Dialogic Software" section. The Cisco Unity Installation Guide alerts you when to install an upgraded version of the software later in the installation.

16. Determine whether to set up Cisco Unity to use SSL. See the "Determining Whether to Set Up Cisco Unity to Use SSL" section.

17. If you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate: Install the Microsoft Certificate Services component. See the "Installing the Microsoft Certificate Services Component" section.

18. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the license files, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.

19. Install Cisco Unity 4.0(3) Service Release 1. Refer to Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

20. Remove the system key. Store it where it can be accessed if you need to downgrade the system later from Cisco Unity 4.0 to 3.x.

21. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.

22. Secure the Example Administrator account, and if applicable, the Example Subscriber account, against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.

23. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.

24. If the Cisco Unity server is connected to the corporate network: Harden the Cisco Unity server. See the "Hardening the Cisco Unity Server" section.

Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) When Failover Is Configured


Note If the system is not using Cisco Unity failover, see the "Task List for Upgrading Cisco Unity 3.x Software to Version 4.0(3) Without Failover" section instead.


This task list contains all upgrade tasks for upgrading Cisco Unity 3.x software to version 4.0(3) when failover is configured. Follow the documentation for a successful upgrade.

Do not remove the system key before completing the upgrading and configuration process. The Cisco Unity Installation Guide alerts you when to remove the key during the upgrade process.


Note The failover feature cannot be used for continuing Cisco Unity service on one server while upgrading the Cisco Unity software on the other server. Both the primary and secondary servers must be out of service while the Cisco Unity software is upgraded. The secondary server cannot handle voice messaging while the primary server is being upgraded. While you do these procedures, callers and subscribers will not be able to record or listen to voice messages. We recommend that you upgrade when phone traffic is light, for example, after business hours.



Caution Cisco Unity 3.x does not support Exchange 2003. Before you run Exchange 2003 Forestprep to begin an upgrade to Exchange 2003, you must first upgrade Cisco Unity to version 4.0(3). Otherwise, the changes that Forestprep makes to Active Directory will cause Cisco Unity to stop functioning.

1. Optional: Prepare for a possible downgrade if there are problems with the upgrade. See the "Preparing for a Possible Downgrade to Cisco Unity Version 3.1(5) (Optional)" section.

2. Obtain license file(s). See the "Converting from the System Key to License Files" section.

3. If you do not have DVDs or CDs for Cisco Unity 4.0(3), including Service Release 1: Download the following software:

The applicable Cisco Unity CDs and Cisco Unity Service Pack CDs. Refer to the "Downloading Software for Cisco Unity 4.0(3)" section of Release Notes for Cisco Unity Release 4.0(3) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/cu403rn.htm.

Cisco Unity 4.0(3) Service Release 1 (a rollup of 4.0(3) engineering specials). Refer to the "Downloading Service Release 1" section of Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

4. Download the latest Microsoft updates that are recommended for use with Cisco Unity from the Microsoft Updates for Unity Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity_msft_updates. Most of the updates are included on the Cisco Unity 4.0(3) SR1 Post-Install CD, but the website is updated monthly, so you should check for new updates even if you have the CD.

5. Confirm that the Cisco Unity server name (netBIOS name) contains only alphabetical characters A to Z and a to z, numerical characters 0 to 9, and hyphens (-). Note that an underscore in the Cisco Unity server name is not supported. (If present, it prevents successful completion of the upgrade and prevents access to the Cisco Unity Administrator.)


Caution Using other characters in the server name is not supported by DNS.

6. On the primary server, do the following four tasks:

a. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the primary Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.

b. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.

c. Install the Microsoft updates recommended for use with Cisco Unity. See the "Installing the Microsoft Updates Recommended for Use with Cisco Unity" section.

d. If Cisco Unity subscribers are homed in Exchange 2000: Install Exchange 2000 Service Pack 2, if it is not already installed. See the "Installing Exchange 2000 Service Pack 2" section.

Service Pack 2 is currently the required service pack for Exchange 2000. We recommend that you install Service Pack 3 and the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, in that order, because they resolve an intermittent problem with message notification. Both are available on Cisco Unity Service Packs CD 3.


Note If you choose to install Service Pack 3 and the Post-Service Pack 3 Rollup on the Cisco Unity server, you should also install them on the Exchange 2000 servers on which Cisco Unity subscribers are homed. If the security rollup is not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Activity like this is seen by intrusion-detection systems as port scans or attacks.


7. On the secondary server, do the following four tasks:

a. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the secondary Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.

b. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.

c. Install the Microsoft updates recommended for use with Cisco Unity. See the "Installing the Microsoft Updates Recommended for Use with Cisco Unity" section.

d. If Cisco Unity subscribers are homed in Exchange 2000: Install Exchange 2000 Service Pack 2, if it is not already installed. See the "Installing Exchange 2000 Service Pack 2" section.

Service Pack 2 is currently the required service pack for Exchange 2000. We recommend that you install Service Pack 3 and the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, in that order, because they resolve an intermittent problem with message notification. Both are available on Cisco Unity Service Packs CD 3.


Note If you choose to install Service Pack 3 and the Post-Service Pack 3 Rollup on the Cisco Unity server, you should also install them on the Exchange 2000 servers on which Cisco Unity subscribers are homed. If the security rollup is not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Activity like this is seen by intrusion-detection systems as port scans or attacks.


8. If Cisco Unity subscribers are homed in Exchange 2000: Extend the Active Directory schema on the schema master. See the "Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)" section.

9. Familiarize yourself with the domain accounts you will create in Task 10. The same accounts and permissions are required for installing a new Cisco Unity 4.0(3) system and for upgrading from previous versions of Cisco Unity. See the "About the Accounts Required for the Cisco Unity Installation" section.

10. Create the applicable accounts that are needed to install Cisco Unity. Create a single set of accounts to be used for both the primary and secondary Cisco Unity servers. See the "Creating the Accounts Required for the Cisco Unity Installation" section.

11. If you created a Cisco Unity administration account in Task 10.: On the primary server, add the account to the local Administrators group. See the "Adding the Cisco Unity Administration Account to an Admins Group" section.

12. On the primary server, run the Cisco Unity Permissions wizard to set rights and permissions for the accounts that you created in Task 10. See the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.

13. If you created a Cisco Unity administration account in Task 10.: On the secondary server, add the account to the local Administrators group. See the "Adding the Cisco Unity Administration Account to an Admins Group" section.

14. On the secondary server, run the Cisco Unity Permissions wizard to set rights and permissions for the same accounts that you created in Task 10. See the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section.

15. On the primary server, do the following six tasks:

a. If voice card software is installed: Remove the voice card software. See the"Removing Intel Dialogic Software" section. The Cisco Unity Installation Guide alerts you when to install an upgraded version of the software later in the installation.

b. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the license files, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.

c. Install Cisco Unity 4.0(3) Service Release 1. Refer to Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

d. Run the Configure Cisco Unity Failover wizard. Refer to the "Configuring Failover on the Primary and Secondary Servers" section in the "Configuring Cisco Unity Failover" chapter of the Cisco Unity Failover Configuration and Administration Guide, Release 4.0. (The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/fail/fail401/ex/index.htm.)

e. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.

f. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the primary Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.

16. On the secondary server, do the following six tasks:

a. If Intel Dialogic voice card software is installed: Remove the voice card software. See the"Removing Intel Dialogic Software" section. The Cisco Unity Installation Guide alerts you when to install an upgraded version of the software later in the installation.

b. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the default license file, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.

c. Install Cisco Unity 4.0(3) Service Release 1. Refer to Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

d. Run the Configure Cisco Unity Failover wizard. Refer to the "Configuring Failover on the Primary and Secondary Servers" section in the "Configuring Cisco Unity Failover" chapter of the Cisco Unity Failover Configuration and Administration Guide, Release 4.0. (The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/fail/fail401/ex/index.htm.)

e. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.

f. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the secondary Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service for Cisco Unity. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.

17. On the primary server, secure the Example Administrator account, and if applicable, the Example Subscriber account, against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.

18. Remove the system keys from the primary and secondary Cisco Unity servers. Store them where they can be accessed if you later need to downgrade the system from Cisco Unity 4.0 to 3.x.

19. If the Cisco Unity server is connected to the corporate network: Harden both the primary and secondary Cisco Unity servers. See the "Hardening the Cisco Unity Server" section.

Preparing for a Possible Downgrade to Cisco Unity Version 3.1(5) (Optional)

Back up the system by using the Cisco Unity Disaster Recovery Tool before beginning the upgrade process. Because the Disaster Recovery Tool only restores to the exact version of Cisco Unity that you backed up, you back up a Cisco Unity version 3.1(5) system.

To Prepare for a Possible Downgrade to Cisco Unity Version 3.1(5)


Step 1 Upgrade Cisco Unity to version 3.1(5), if applicable. Refer to Release Notes for Cisco Unity Release 3.1(5) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity31/rel_note/cu315rn.htm.

Step 2 Download the Cisco Unity Disaster Recovery Tool. The tool is available at http://ciscounitytools.com.

Step 3 Back up the Cisco Unity system by using the Disaster Recovery Backup tool. Refer to the tool Help.


Converting from the System Key to License Files

Cisco Unity has changed its license-control process from using a physical system key to using electronic license files. License files, which enable the features purchased by the customer, are now required for installing Cisco Unity software, for some upgrades, and for adding or changing licensed features. A system key is no longer required.

For an upgrade from Cisco Unity version 3.x to version 4.0, you obtain the license files by completing registration information on Cisco.com. Shortly after registration, Cisco e-mails the license files. The e-mail from Cisco contains instructions on how to save and store the files. The Cisco Unity Installation Guide provides specific instructions later in the upgrade process on the use of the license files and when to remove the system key. (For more information on licensing, refer to White Paper: Licensing for Cisco Unity at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/whitpapr/licenses.htm.)


Note If the system is using failover, install the license files only on the primary server.


The following information is required during registration:

The MAC address (physical address) for the network interface card (NIC) in the Cisco Unity server.

The serial number of the currently installed system key.

The currently installed system key code.

The product authorization key (PAK), which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1.

Do the following four procedures in the order listed.

To Get the MAC Address of the Cisco Unity Server


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Accessories > Command Prompt.

Step 2 In the Command Prompt window, enter ipconfig /all, and press Enter.

Step 3 Write down the value of Physical Address, excluding the hyphens, or save it to a file that you can access during online registration. (For example, if the physical address is 00-A1-B2-C3-D4-E5, record 00A1B2C3D4E5.)

If the server contains more than one NIC, one value will appear for each NIC. Use the value for the primary NIC.

Step 4 Close the Command Prompt window.


To Get the Serial Number of the Currently Installed System Key


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Cisco Unity > Key Dump.

Step 2 Write down the value for Serial Number, or save it to a file that you can access during online registration.

Step 3 Click Exit to close the Key Dump window.


To Get the Currently Installed System Key Code


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Cisco Unity > Upgrade License.

Step 2 Click Generate Current System Code. Do not change the code type.

Step 3 Click Save to File, and save the system code to a file that you can access during online registration. (The default name of the file is AvSysCode.txt.)

Step 4 Click Exit to close the Generate Current System Code window.

Step 5 Click Exit to close the Upgrade License window.


To Register and Obtain the License Files


Step 1 Browse to the applicable software registration site (URLs are case sensitive):

Registered user on Cisco.com

http://www.cisco.com/go/license

Not a registered user on Cisco.com

http://www.cisco.com/go/license/public


Step 2 In the Voice Products section, under Cisco Unity Software, click 4.0 Upgrading from 2x/3x.

Step 3 Enter the requested information.

Step 4 When you are ready to enter the Currently Installed Key Code, double-click the key code file you saved in the procedure "To Get the Currently Installed System Key Code." (The default name of the file is AvSysCode.txt.)

Step 5 Copy the value for EncryptionData, and paste it into the Currently Installed Key Code field.

Step 6 When you have completed the form, click Submit.

Step 7 Shortly after registration, you will receive an e-mail with the Cisco Unity license files.

If the license files are lost, it can take up to one business day to get another copy.


If you do not receive the license file(s) within 1 hour or to get another copy of a license file, call the Cisco Technical Assistance Center (TAC) and ask for the Licensing Team:

In the U.S.

800 553-2447

Outside
the U.S.

For your local Cisco TAC phone number, refer to the website http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.


Or send e-mail to licensing@cisco.com.

You will need to provide information to verify Cisco Unity ownership—for example, the purchase order number or the PAK (which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1).


Note Cisco Unity software comes with a default license file that has a minimal number of settings. The license file allows installation of a Cisco Unity demonstration system. For information and instructions on installing a demonstration system, refer to the "Cisco Unity Demonstration System" section of the Cisco Unity release notes.


Disabling Virus-Scanning and Cisco Security Agent Services


Note If the system is not using virus-scanning software or Cisco Security Agent for Cisco Unity, skip this section.


You disable virus-scanning and Cisco Security Agent services on the server so that they do not slow down the installation of software or cause the installations to fail. The Cisco Unity Installation Guide alerts you when to re-enable the services after all of the installation procedures that can be affected are complete.

To Disable and Stop Virus-Scanning and Cisco Security Agent Services


Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Disable and stop each virus-scanning service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Disabled. This prevents the service from starting when you restart the server.

c. Click Stop to stop the service immediately.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been disabled, close the Services MMC.


Running the Cisco Unity System Preparation Assistant

The Cisco Unity System Preparation Assistant is a program that helps customize the platform for Cisco Unity by checking for and installing Windows 2000 Server components, Microsoft service packs and updates, and other software required by Cisco Unity. For a detailed list, refer to Components and Software Installed by the Cisco Unity Platform Configuration Discs and the Cisco Unity System Preparation Assistant at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/pcd/pcd_inst.htm.


Caution Do not run the Cisco Unity System Preparation Assistant remotely by using Windows Terminal Services or other remote-access applications.


Note If a Microsoft AutoMenu window appears when the assistant is installing an application, close the window and allow the assistant to continue.


To Run the Cisco Unity System Preparation Assistant


Step 1 Log on to Windows by using an account that is a member of the Local Administrators group.

Step 2 On Cisco Unity Service Packs CD 1, or from the location to which you saved the downloaded Service Packs CD 1 image files, browse to the Cuspa directory, and double-click Cuspa.vbs.

If you are accessing the Cisco Unity System Preparation Assistant files on another server, use Windows Explorer or the "net" command to map the network drive to a drive letter on the Cisco Unity server before you run Cuspa.vbs.

Step 3 If prompted, double-click the language of your choice to continue the installation.

Step 4 On the Welcome screen, click Next.

Step 5 On the Cisco Unity Server Characteristics page, set the following fields:

Configuration

Click Unified Messaging or Voice Messaging Only, depending on the Cisco Unity configuration.

Failover

Check the This Is a Primary or Secondary Failover Server check box if the system is using failover.

Number of Ports

Enter the number of voice ports that you are connecting with the Cisco Unity server.


Step 6 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to customize the Cisco Unity platform.

Step 7 If MSDE Service Pack 3 is being installed, skip to Step 8.

If SQL Server Service Pack 3 is being installed, install it now:

a. On the Welcome screen, click Next.

b. Follow the on-screen prompts until you are prompted to choose the authentication mode.

c. Choose Windows authentication, and click Next.

d. If the SA Password Warning dialog box appears, enter and confirm the password, and click Next.

e. Check the Upgrade Microsoft Search and Apply SQL Server 2000 SP3 [Required] check box, and click Continue. (Do not check the Enable Cross-Database Ownership Chaining for All Databases [Not Recommended] check box.)

f. Follow the on-screen prompts to continue.

g. If you are prompted about shutdown tasks before continuing with the installation, click Next.

h. Click Finish to begin installing components.

i. When the Setup message appears, click OK.

j. Click Finish to restart the server.

k. Skip to Step 9.

Step 8 If MSDE Service Pack 3 is being installed, install it now:

a. Follow the on-screen prompts.

b. When the installation is complete, click Yes to restart the server.

Step 9 Follow the on-screen prompts.

Step 10 When the Cisco Unity System Preparation Assistant has completed, click Finish.


Caution When the Cisco Unity System Preparation Assistant installed Internet Explorer, it also automatically installed the file WScript.exe. Do not remove WScript.exe, or the Cisco Unity Setup program will fail later in the upgrade process.

Installing the Microsoft Updates Recommended for Use with Cisco Unity

The Cisco Unity 4.0(3) SR1 Post-Install CD includes updates for all of the Microsoft software that is supported on the Cisco Unity server, including three versions of Exchange, and both SQL Server 2000 and MSDE 2000. Install only the updates that apply to the version of Microsoft software that is installed on the Cisco Unity server. (For example, if Exchange 2000 administration software is installed on the Cisco Unity server, install only the Exchange 2000 updates, not the Exchange 5.5 or Exchange 2003 updates.)

To Install the Microsoft Updates Recommended for Use with Cisco Unity


Step 1 Insert the Cisco Unity 4.0(3) SR1 Post-Install disc in the CD-ROM drive, or browse to the location of the downloaded Microsoft updates.

Step 2 Browse to each of the applicable directories and install all of the updates in the directory. Follow the on-screen prompts.

Note that each directory includes four versions of an update, one each for English (ENU), French (FRA), German (DEU), and Japanese (JPN). Install the correct language version for the software you are updating. (For example, if the French version of Exchange 2000 administration software is installed on the Cisco Unity server, install the French version of the Exchange 2000 update.)

Step 3 Restart the Cisco Unity server as recommended. Several restarts may be required.


Installing Exchange 2000 Service Pack 2


Note If Cisco Unity subscribers are not homed in Exchange 2000, skip this section.


Service Pack 2 is currently the required service pack for Exchange 2000. We recommend that you install Service Pack 3 and the March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup, in that order, because they resolve an intermittent problem with message notification. Both are available on Cisco Unity Service Packs CD 3.


Note If you choose to install Service Pack 3 and the Post-Service Pack 3 Rollup on the Cisco Unity server, you should also install them on the Exchange 2000 servers on which Cisco Unity subscribers are homed. If the security rollup is not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Activity like this is seen by intrusion-detection systems as port scans or attacks.


To Install Exchange 2000 Service Pack 2


Step 1 On Cisco Unity Service Packs CD 2, or from the location to which you saved the downloaded Service Packs CD 2 image files, browse to the directory Exchange_2000_SP2\Setup\I386, and double-click Update.exe.

Step 2 Follow the on-screen prompts to complete the installation.

Step 3 Restart the server.


Extending the Active Directory Schema for Cisco Unity (Exchange 2000 Only)


Note If Cisco Unity subscribers are not homed in Exchange 2000, skip this section.


With Exchange 2000, several changes need to be made to the Active Directory schema for Cisco Unity to work properly. To see the changes that the schema update program makes, browse to the directory Schema\LdifScripts on Cisco Unity CD 1, and view the file Avdirmonex2k.ldf.

Changes to the Active Directory schema may take 15 minutes or more to replicate throughout the forest. These changes must finish replicating before you can install Cisco Unity.

To Extend the Active Directory Schema


Step 1 Confirm that all domain controllers are on line. (The Active Directory schema extensions replicate only when all domain controllers are on line.)

Step 2 On the computer that has the schema master role (typically the first DC/GC in the forest), log on to Windows as a user who is a member of the Schema Admins group.

Step 3 On Cisco Unity DVD 1 or CD 1, or from the location to which you saved the downloaded Cisco Unity CD 1 image files, browse to the directory ADSchemaSetup, and double-click ADSchemaSetup.exe.

Step 4 In the Active Directory Schema Setup dialog box, check the Exchange 2000 Directory Monitor check box.

Step 5 If you plan to use VPIM Networking or Bridge Networking, check the applicable boxes.

Step 6 Click OK.

Step 7 When the schema extension has finished, Ldif.log and Ldif.err files are saved to the desktop. View the contents of these files to confirm that the extension completed successfully.


Upgrading and Configuring Cisco Unity Software

To upgrade and configure Cisco Unity software from version 3.x to version 4.0(3), you use the Cisco Unity Installation and Configuration Assistant to run six programs in a specific order. The programs:

Check the system and upgrade the software.

Install the Cisco Unity licenses.

Configure the services.

Configure the message store.

Upgrade the Cisco Unity integration with the phone system.

Configure the Cisco Personal Communications Assistant to use SSL.

Do the following six subsections in the order listed.

Starting the Cisco Unity Installation and Configuration Assistant and Upgrading Cisco Unity Software

From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Setup program first to upgrade Cisco Unity. The Setup program checks the system, then upgrades the Cisco Unity software.


Caution Do not install features for which the system is not licensed, or Cisco Unity will shut down.


Caution If the Cisco Unity server contains voice cards, ensure that you have removed the old version of the voice card software before you run the Cisco Unity Installation and Configuration Assistant. Otherwise, the new version of the voice card software cannot be installed.


Caution When you run the Cisco Unity Installation and Configuration Assistant, Cisco Unity is uninstalled and then reinstalled. Fields will contain values from the current installation. Do not change any values unless you are instructed to do so in the following procedure, or the system may not be updated correctly.

To Start the Assistant and Upgrade Cisco Unity Software


Step 1 Log on to Windows by using the Cisco Unity installation account.


Caution If you have not already done so, disable virus-scanning and Cisco Security Agent services on the server, if applicable. Otherwise, the installation may fail.

Step 2 On Cisco Unity DVD 1 or CD 1, or from the location to which you saved the downloaded Cisco Unity CD 1 image files, browse to the root directory and double-click Setup.exe.

Step 3 If prompted, double-click the language of your choice to continue the installation.

Step 4 On the Cisco Unity Installation and Configuration Assistant Welcome screen, click Continue.

Step 5 In the main window of the assistant, click Run the Cisco Unity Setup Program.

If the Pre-Installation Requirements screen appears instead, saying that you need to run the Permissions wizard, close the Cisco Unity Installation and Configuration Assistant and see the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section. After the wizard is run, log on to Windows by using the Cisco Unity installation account, and return to step 2.

Step 6 If prompted, double-click the language of your choice to continue the installation.

Step 7 On the Welcome screen, click Next.

Step 8 If a message to stop services appears, click OK.

Step 9 Click Next or Continue without changing values until the Select Features dialog box appears.

Step 10 In the Select Features dialog box:

a. Check the Upgrade Cisco Unity check box.

b. If the Cisco Unity license includes text to speech, check the Enable TTS check box.

If not, uncheck the Enable TTS check box.

c. If the Cisco Unity server or an attached expansion chassis contains voice cards, check the Install Voice Card Software check box.

If not, uncheck the Install Voice Card Software check box.

Step 11 Click Next or Continue without changing values until you are prompted to restart the Cisco Unity server.


Caution Do not cancel Cisco Unity Setup, or you may have to uninstall and reinstall Cisco Unity. In some cases, nothing may appear to be happening for long periods. To confirm that Cisco Unity Setup is still working, right click the Windows taskbar and click Task Manager, click the Processes tab, click Image Name to sort by process name, and find Setup.exe. It should be using more than 0% of the CPU.

Step 12 The remainder of the procedure depends on whether the server contains Intel Dialogic D/120JCT-Euro or D/240PCI-T1 voice cards:

If the server does not contain
Intel Dialogic D/120JCT-EURO
or D/240PCI-T1 voice cards

Check the Yes, I Want to Restart My Computer Now check box, and click Finish. Cisco Unity software is now upgraded.

If the server contains
Intel Dialogic D/120JCT-EURO
or D/240PCI-T1 voice cards

a. Uncheck the Yes, I Want to Restart My Computer Now check box, and click Finish.


Caution If the Cisco Unity server contains Intel Dialogic D/120JCT-EURO or D/240PCI-T1 voice cards, do not restart the server now or you will not be able to access the Cisco Unity Administrator after Cisco Unity is installed.

b. Do the procedure under "Software Settings" for your voice card in "Voice Cards."

c. Restart the Cisco Unity server.

The Cisco Unity License Installation screen appears in the main window.



Installing License Files

From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Install License File wizard second to install the Cisco Unity license files.

If you are installing license files for a Cisco Unity system without failover or on the primary server for a Cisco Unity system with failover, do the first procedure, "To Install the License Files."

If you are upgrading the secondary Cisco Unity server now, do the second procedure, "To Install the Default License File on the Secondary Cisco Unity Server."

To Install the License Files


Step 1 Log on to Windows by using the Cisco Unity installation account.

Step 2 In the main window of the assistant, click Run the Cisco Unity Install License File Wizard.

Step 3 On the Welcome screen, click Next.

Step 4 Click Add.

Step 5 Insert the Cisco Unity license file disk, if applicable.

(When Cisco Unity was registered on Cisco.com, Cisco replied with an e-mail containing attached file(s) with license(s) for Cisco Unity features. The instructions in the e-mail directed that the attached files be saved. For more information, see the "Converting from the System Key to License Files" section.)

Step 6 Browse to drive A or to the location where the license file(s) have been stored.

Step 7 Double-click the license file to add it to the License Files list.

If prompted, click Yes to copy the license file to the local system.

Step 8 If you are adding more than one license file, click Add, and repeat Step 6 and Step 7 for each license file.

Step 9 Click Next.

Step 10 In the Licenses list, confirm that the license information is correct.

Step 11 Click Next.

Step 12 Click Finish.

Step 13 If a dialog box appears and reports that there is a licensing violation, click Yes to display the Unity Licensing MMC. In the left pane, click Alerts to see a list of any problems, and double-click each alert to display a detailed problem description and troubleshooting tip.

The most common violation is actually an upgrade problem related to the Cisco Unity Inbox (known in Cisco Unity 3.x as the Visual Messaging Interface, or VMI). Systems that were upgraded from Cisco Unity 3.x to 4.0 automatically have the Cisco Unity Inbox (Visual Messaging Interface) check box checked for all classes of service even if the customer never purchased licenses for it. Cisco Unity requires that there be enough Cisco Unity Inbox licenses for all Cisco Unity subscribers, and if the number of licenses is 0, the system is violating the license. If this problem occurs, in the Cisco Unity Administrator, go to the Subscribers > Class of Service > Licensed Features page, and uncheck the Cisco Unity Inbox (Visual Messaging Interface) check box for all classes of service.

Another possible problem is with the number of available licenses. Licensing for the Cisco Unity 3.x VMI was per session, while licensing for the Cisco Unity Inbox is per subscriber. If a customer has 100 VMI licenses and 500 subscribers on the 3.x system and upgrades to 4.0, there will not be enough Cisco Unity Inbox licenses for all subscribers after the upgrade. If this problem occurs, in the Cisco Unity Administrator, go to the Subscribers > Class of Service > Licensed Features page, and uncheck the Cisco Unity Inbox (Visual Messaging Interface) check box for classes of service until the number of subscribers with Cisco Unity Inbox access no longer exceeds the number of available Cisco Unity Inbox licenses.

For help with licensing problems, contact licensing@cisco.com. For help with other problems, contact Cisco TAC.


Caution If you do not resolve licensing violations, Cisco Unity will stop working after four hours.


Do the following procedure if you are upgrading the secondary server now for a Cisco Unity system with failover. Otherwise, do the first procedure, "To Install the License Files."

To Install the Default License File on the Secondary Cisco Unity Server


Step 1 Log on to Windows by using the Cisco Unity installation account.

Step 2 In the main window of the assistant, click Run the Cisco Unity Install License File Wizard.

Step 3 On the Welcome screen, click Next.

Step 4 When the message appears, saying that you do not have to run the wizard on a secondary server, click Next.

Step 5 Click Add.

Step 6 Install the default license file:

a. Browse to the CommServer\Licenses directory.

b. Double-click CiscoUnity40.lic.

Step 7 Click Next.

Step 8 In the Licenses list, confirm that the license information is correct.

Step 9 Click Next.

Step 10 Click Finish.

The Configure the Cisco Unity Services screen appears in the main window of the assistant.


Configuring Services

From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Services Configuration wizard third to associate the directory, message store, and local services with accounts you specify.

To Configure Services


Step 1 In the main window of the assistant, click Run the Cisco Unity Services Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)

Step 2 On the Welcome screen, click Next.

Step 3 Select the message store type, and click Next.

Step 4 Follow the on-screen prompts to complete the services configuration.

The Configure the Cisco Unity Message Store screen appears in the main window of the assistant.


Configuring the Message Store

From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Message Store Configuration wizard fourth to configure the message store.

To Configure the Message Store


Step 1 In the main window of the assistant, click Run the Cisco Unity Message Store Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)

Step 2 Confirm that the message store server is running. If the message store server is not running, configuring the message store will fail.

Step 3 On the Welcome screen, click Next.

Step 4 Follow the on-screen prompts.

Step 5 When message store configuration is complete, click Finish.

The Integrate the Phone System with Cisco Unity screen appears in the main window of the assistant.


Converting the Integration with the Phone System to a Cisco Unity Version 4.0 Integration

From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Telephony Integration Manager (UTIM) fifth to convert the existing integration between Cisco Unity and the phone system to a Cisco Unity version 4.0 integration.

To Convert the Integration with the Phone System to a Cisco Unity Version 4.0 Integration


Step 1 In the main window of the assistant, click Run the Cisco Unity Telephony Integration Manager. (Note that you should be logged on to Windows with the Cisco Unity installation account.)

When the conversion is complete, a message appears explaining that the integration has been converted.

Step 2 Click Yes to restart Cisco Unity services.

When the conversion is complete, the Set Up the Cisco Personal Communications Assistant to Use SSL screen appears in the main window.


Setting Up the Cisco Personal Communications Assistant to Use SSL

From the Cisco Unity Installation and Configuration Assistant, you can set up the Cisco PCA to use SSL. Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco PCA—are encrypted as the data is sent across the network.

If you do not want to set up the Cisco PCA to use SSL, see the "Skipping Cisco PCA Setup for SSL" section.

To set up the Cisco PCA to use SSL, do the procedures in the applicable section, depending on whether you are using a certificate authority:

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

After the Cisco Unity Installation and Configuration Assistant is finished and the Cisco PCA is set up to use SSL, you manually set up the Cisco Unity Administrator and Status Monitor to use SSL. The Cisco Unity Installation Guide alerts you when to do the procedure.

Skipping Cisco PCA Setup for SSL

Do the procedure in this section if you do not want to set up the Cisco PCA to use SSL. (Note that without SSL when subscribers log on to the Cisco PCA, their credentials will be sent across the network to Cisco Unity in clear text. In addition, the information that subscribers enter on the pages of the Cisco PCA will not be encrypted.)

To Skip Cisco PCA Setup for SSL


Step 1 Click Do Not Set Up Cisco Personal Communications Assistant to Use SSL.

Step 2 Click Continue.

Step 3 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

To Set Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority


Step 1 In the Cisco Unity Installation and Configuration Assistant, click Create a Local Certificate Without a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 Right-click Default Web Site, and click Properties.

Step 5 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 6 Under Secure Communications, click Server Certificate.

Step 7 In the Web Server Certificate wizard Welcome window, click Next.

Step 8 Click Create a New Certificate, and click Next.

Step 9 Click Prepare the Request Now, But Send It Later, and click Next.

Step 10 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 11 Click Next.

Step 12 Enter the organization information, and click Next.

Step 13 For the site's common name, enter either the Cisco Unity server's system name or the fully qualified domain name.


Caution The name must exactly match the host portion of any URL that will access this system using a secure connection.

Step 14 Click Next.

Step 15 Enter the geographical information, and click Next.

Step 16 Specify the certificate request file name and location, and write down the file name and location because you will need the information later in this procedure.

Step 17 Click Next.

Step 18 Verify the request file information, and click Next.

Step 19 Click Finish to close the Web Server Certificate wizard.

Step 20 Click OK to Close the Default Web Site Properties dialog box.

Step 21 Close the Internet Services Manager window.

Step 22 In the Cisco Unity Installation and Configuration Assistant, in the Enter Certificate Request File box, enter the full path and file name of the certificate request file that you specified in Step 16.

Step 23 Click Create Certificate.

Step 24 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 25 Click Close to exit the assistant.


Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

This section contains four procedures.

If you are using Microsoft Certificate Services to issue your own certificate, do all four procedures in the order listed.

If you are using a certificate purchased from a Certificate Authority (for example, VeriSign), do only the fourth procedure, "To Install the Certificate."

To Create a Certificate Request by Using Microsoft Certificate Services


Step 1 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 Right-click Default Web Site, and click Properties.

Step 5 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 6 Under Secure Communications, click Server Certificate.

Step 7 In the Web Server Certificate wizard Welcome window, click Next.

Step 8 Click Create a New Certificate, and click Next.

Step 9 Click Prepare the Request Now, But Send It Later, and click Next.

Step 10 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 11 Click Next.

Step 12 Enter the organization information, and click Next.

Step 13 For the site's common name, enter either the Cisco Unity server's system name or the fully qualified domain name.


Caution The name must exactly match the host portion of any URL that will access this system using a secure connection.

Step 14 Click Next.

Step 15 Enter the geographical information, and click Next.

Step 16 Specify the certificate request file name and location, and write down the file name and location because you will need the information in the next procedure.

Save the request file to a disk or to a directory that the Certificate Authority (CA) server can access.

Step 17 Click Next.

Step 18 Verify the request file information, and click Next.

Step 19 Click Finish to close the Web Server Certificate wizard.

Step 20 Click OK to Close the Default Web Site Properties dialog box.

Step 21 Close the Internet Services Manager window.

Step 22 Click Close to exit the Cisco Unity Installation and Configuration Assistant.


To Submit the Certificate Request by Using Microsoft Certificate Services


Step 1 On the server that is acting as the CA, on the Windows Start menu, click Run.

Step 2 Run Certreq.

Step 3 Browse to the directory where you saved the certificate request file, and double-click the file.

Step 4 Click the CA to use, and click OK.


Once the CA submits the certificate request, it assigns a pending status by default for added security. This requires a person to verify the authenticity of the request and to manually issue the certificate.

To Issue the Certificate by Using Microsoft Certificate Services


Step 1 On the server that is acting as the CA, on the Windows Start menu, click Programs > Administrative Tools > Certification Authority.

Step 2 In the left pane of the Certification Authority window, expand Certification Authority.

Step 3 Expand <Certification Authority name>.

Step 4 Click Pending Requests.

Step 5 In the right pane, right-click the request, and click All Tasks > Issue.

Step 6 In the left pane, click Issued Certificates.

Step 7 In the right pane, double-click the certificate to open it.

Step 8 Click the Details tab.

Step 9 In the Show list, choose <All>, and click Copy to File.

Step 10 In the Certificate Export wizard Welcome window, click Next.

Step 11 Accept the default export file format DER encoded binary X.509 (.CER), and click Next.

Step 12 Specify a file name and a location that the Cisco Unity server can access, and click Next.

Step 13 Verify the settings, and click Finish.

Step 14 Click OK to close the Certificate Details dialog box.

Step 15 Close the Certification Authority window.


To Install the Certificate


Step 1 On the Cisco Unity server, double-click the CUICA icon on the desktop.

Step 2 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.

Step 3 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, at Step 3, click Internet Services Manager.

Step 4 In Internet Services Manager, expand the name of the Cisco Unity server.

Step 5 Right-click Default Web Site, and click Properties.

Step 6 In the Properties dialog box, click the Directory Security tab.

Step 7 Under Secure Communications, click Server Certificate.

Step 8 On the Web Server Certificate Wizard welcome screen, click Next.

Step 9 Click Process the Pending Request and Install the Certificate, and click Next.

Step 10 Browse to the directory of the certificate (.cer) file, and double-click the file.

Step 11 Verify the certificate information, and click Next.

Step 12 Click Finish to close the Web Server Certificate wizard window.

Step 13 Click OK to close the Default Web Site Properties dialog box.

Step 14 Close the Internet Services Manager window.

Step 15 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 16 Close the Cisco Unity Installation and Configuration Assistant.


Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL


Note If you are not setting up Cisco Unity to use SSL, skip this section.


Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco Unity Administrator—are encrypted as the data is sent across the network.

To Set Up the Cisco Unity Administrator and Status Monitor to Use SSL


Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Internet Services Manager.

Step 2 Expand the name of the Cisco Unity server.

Step 3 Expand Default Web Site.

Step 4 Under Default Web Site, right-click Web, and click Properties.

Step 5 In the Properties dialog box, set the Web directory to use SSL:

a. Click the Directory Security tab.

b. Under Secure Communications, click Edit.

c. Check the Require Secure Channel (SSL) check box.

d. Click OK to close the Secure Communications dialog box.

e. Click OK to close the Properties dialog box.

Step 6 Under Default Web Site, right-click SAWeb, and click Properties.

Step 7 Repeat Step 5 to set the SAWeb directory to use SSL.

Step 8 Under Default Web Site, right-click Status, and click Properties.

Step 9 Repeat Step 5 to set the Status directory to use SSL.

Step 10 Under Default Web Site, double-click AvXml.

Step 11 In the right pane, right-click AvXml.dll, and click Properties.

Step 12 In the Properties dialog box, click the File Security tab.

Step 13 Under Secure Communications, click Edit.

Step 14 Check the Require Secure Channel (SSL) check box.

Step 15 Click OK to close the Secure Communications dialog box.

Step 16 Click OK to close the AvXml.dll Properties dialog box.

Step 17 Close the Internet Services Manager window.


Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

It is possible for a malicious user to dial into Cisco Unity, log on as the Example Administrator or Example Subscriber by using the default extension and password, and configure Cisco Unity to forward calls to phone numbers for which there are charges or to reconfigure greetings so an operator believes the voice messaging system is personally accepting collect-call charges. To help secure Cisco Unity against toll fraud, we strongly recommend that you change the phone password for both accounts after Cisco Unity is installed.

Although the Example Subscriber account is no longer created during Cisco Unity installation in versions 4.0(3) and later, you may still have an Example Subscriber account from an earlier version, as the account is not removed during the upgrade process.

(For information on the accounts, refer to the "Default Accounts" section in the "Default Accounts and Message Handling" chapter of the Cisco Unity System Administration Guide, Release 4.0(3).)

To Change the Password on the Example Administrator and Example Subscriber Accounts


Step 1 In the Cisco Unity Administrator, go to any Subscribers > Subscribers page.

Step 2 Click the Find icon.

Step 3 On the Find and Select Subscriber page, click Find.

Step 4 Click Example Administrator.

Step 5 In the left pane, click Phone Password.

Step 6 In the right pane, check the User Cannot Change Password check box.

Step 7 Check the Password Never Expires check box.

Step 8 Under Reset Phone Password, enter and confirm a new password by using digits 0 through 9.

We recommend that you enter a long and nontrivial password; 20 digits or more is desirable. (The minimum length of the password is set on the Subscribers > Account Policy > Phone Password Restrictions page.) In a nontrivial password:

The digits are not all the same (for example, 9999).

The digits are not consecutive (for example, 1234).

The password is not the same as the extension assigned to the Example Administrator.

The password does not spell Example Administrator, the name of the company, the name of the IT manager, or any other obvious words.

Step 9 Click the Save icon.

Step 10 Repeat Step 2 through Step 9 for Example Subscriber.

Step 11 Close the Cisco Unity Administrator.


Re-enabling Virus-Scanning and Cisco Security Agent Services


Note If the system is not using virus-scanning software or Cisco Security Agent for Cisco Unity, skip this section.


You re-enable virus-scanning and Cisco Security Agent services now that all of the software installations that could have been affected if the services were running are complete.

To Re-enable and Start Virus-Scanning and Cisco Security Agent Services


Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Re-enable and start each virus-scanning service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Automatic to re-enable the service.

c. Click Start to start the service.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been re-enabled, close the Services MMC.


Hardening the Cisco Unity Server


Note If the Cisco Unity server is not connected to the corporate network, skip this section.


When the Cisco Unity server is connected to the corporate network, we strongly recommend that you harden the server. Refer to White Paper: Security Best Practices for Cisco Unity 4.0 (With Microsoft Exchange) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/whitpapr/secure40.htm.