Cisco Unity Installation Guide (With IBM Lotus Domino), Release 4.0(3)
Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)
Download this chapter
Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)
Download the complete book
PDF Version of Entire Book PDF Version of Entire Book (PDF - 6 MB)
 Feedback

Table Of Contents

Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)

Task List for Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)

Disabling Virus-Scanning and Cisco Security Agent Services

Running the Cisco Unity System Preparation Assistant

Installing the Microsoft Updates Recommended for Use with Cisco Unity

Determining Whether to Set Up Cisco Unity to Use SSL

Installing the Microsoft Certificate Services Component

Upgrading and Configuring Cisco Unity Software

Upgrading the Cisco Unity Software, and Configuring Services and Cisco Unity for the Message Store

Setting Up the Cisco Personal Communications Assistant to Use SSL

Skipping Cisco PCA Setup for SSL

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

Re-enabling Virus-Scanning and Cisco Security Agent Services

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud


Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)

The task list and procedures in this chapter apply only to upgrading the Cisco Unity software from version 4.0(x) to version 4.0(3). Note that the list contains some tasks that reference instructions in other Cisco Unity and Domino documentation.

For information on modifying hardware or other software, or on adding Cisco Unity features, see the "Task List for Modifying the Cisco Unity 4.0(3) System" section.

This chapter contains the following sections:

Task List for Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)

Disabling Virus-Scanning and Cisco Security Agent Services

Running the Cisco Unity System Preparation Assistant

Installing the Microsoft Updates Recommended for Use with Cisco Unity

Determining Whether to Set Up Cisco Unity to Use SSL

Installing the Microsoft Certificate Services Component

Upgrading and Configuring Cisco Unity Software

Re-enabling Virus-Scanning and Cisco Security Agent Services

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

Task List for Upgrading Cisco Unity 4.0(x) Software to Version 4.0(3)

If you do not have DVDs or CDs for Cisco Unity 4.0(3), you download the applicable Cisco Unity 4.0(3) CD images from the Cisco Software Center website, and install from those images.

The Cisco Unity server will be out of service while the Cisco Unity software is upgraded.

1. Acquire the upgrade to DUCS version 1.2 from IBM Lotus.

2. If you do not have DVDs or CDs for Cisco Unity 4.0(3), including Service Release 1: Download the following software:

The applicable Cisco Unity CDs and Cisco Unity Service Pack CDs. Refer to the "Downloading Software for Cisco Unity 4.0(3)" section of Release Notes for Cisco Unity Release 4.0(3) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/cu403rn.htm.

Cisco Unity 4.0(3) Service Release 1 (a rollup of 4.0(3) engineering specials). Refer to the "Downloading Service Release 1" section of Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

3. Download the latest Microsoft updates that are recommended for use with Cisco Unity from the Microsoft Updates for Unity Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity_msft_updates. Most of the updates are included on the Cisco Unity 4.0(3) SR1 Post-Install CD, but the website is updated monthly, so you should check for new updates even if you have the CD.

4. Back up the Cisco Unity system.

5. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.

6. Run the Cisco Unity System Preparation Assistant to install the following necessary software:

SQL Server 2000 Service Pack 3 or MSDE 2000 Service Pack 3, if you are upgrading from Cisco Unity 4.0(1).

Microsoft .NET Framework version 1.1, if you are upgrading from Cisco Unity 4.0(1) or 4.0(2).

Microsoft Windows Patch for Unchecked Buffer in Windows Component (Microsoft Security Bulletin MS03-007, Microsoft Knowledge Base article 815021), if you are upgrading from Cisco Unity 4.0(1) or 4.0(2).

See the "Running the Cisco Unity System Preparation Assistant" section.

7. Install the Microsoft updates recommended for use with Cisco Unity. See the "Installing the Microsoft Updates Recommended for Use with Cisco Unity" section.

8. Upgrade all Domino servers to DUCS version 1.2. Refer to IBM Lotus Domino Unified Communications Services 1.2 for Cisco Release Notes for details.

Caution Do not install DUCS on the Cisco Unity server.

9. Install DUCS 1.2.1 on DUCS-enabled Notes clients. Refer to IBM Lotus Domino Unified Communications Services 1.2 for Cisco Release Notes for details.

10. Optional: Upgrade Domino servers from Domino R5 to Domino R6. Refer to the Domino upgrade instructions.

11. If you upgraded from Domino R5 to Domino R6: Reinstall DUCS version 1.2 on the upgraded Domino R6 servers. (DUCS 1.2 updates Domino elements that are not present until Domino R6 is installed.)

12. Optional: Upgrade Notes on the Cisco Unity server to 6.0.0 or 6.0.1.

13. Determine whether to set up Cisco Unity to use SSL. See the "Determining Whether to Set Up Cisco Unity to Use SSL" section.

14. If you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate: Install the Microsoft Certificate Services component. See the "Installing the Microsoft Certificate Services Component" section.

15. Run the Cisco Unity Installation and Configuration Assistant to upgrade and configure the Cisco Unity software, and to set up the Cisco Personal Communications Assistant to use SSL. See the "Upgrading and Configuring Cisco Unity Software" section.

16. Install Cisco Unity 4.0(3) Service Release 1. Refer to Release Notes for Cisco Unity 4.0(3) Service Release 1 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/relnote/403sr1rn.htm.

17. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.

18. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.

19. Secure the Example Administrator and Example Subscriber accounts against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.

Disabling Virus-Scanning and Cisco Security Agent Services

You disable virus-scanning and Cisco Security Agent services on the server so that they do not slow down the installation of software or cause the installations to fail. The Cisco Unity Installation Guide alerts you when to re-enable the services after all of the installation procedures that can be affected are complete.

To Disable and Stop Virus-Scanning and Cisco Security Agent Services

Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Disable and stop each virus-scanning service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Disabled. This prevents the service from starting when you restart the server.

c. Click Stop to stop the service immediately.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been disabled, close the Services MMC.

Running the Cisco Unity System Preparation Assistant

The Cisco Unity System Preparation Assistant is a program that helps customize the platform for Cisco Unity by checking for and installing Windows 2000 Server components, Microsoft service packs and updates, and other software required by Cisco Unity. (For a detailed list, refer to Components and Software Installed by the Cisco Unity Platform Configuration Discs and the Cisco Unity System Preparation Assistant at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/pcd/pcd_inst.htm.)

Caution Do not run the Cisco Unity System Preparation Assistant remotely by using Windows Terminal Services or other remote-access applications, or the installation of required software may fail.

Note If a Microsoft AutoMenu window appears while the Cisco Unity System Preparation Assistant is installing an application, close the window and allow the assistant to continue.

To Run the Cisco Unity System Preparation Assistant

Step 1 Log on to Windows by using an account that is a member of the Local Administrators group.

Step 2 On Cisco Unity Service Packs CD 1, or from the location to which you saved the downloaded Service Packs CD 1 image files, browse to the Cuspa directory, and double-click Cuspa.vbs.

If you are accessing the Cisco Unity System Preparation Assistant files on another server, use Windows Explorer or the "net" command to map the network drive to a drive letter on the Cisco Unity server before you run Cuspa.vbs.

Step 3 If prompted, double-click the language of your choice to continue the installation.

Step 4 On the Welcome screen, click Next.

Step 5 On the Cisco Unity Server Characteristics page, set the following fields:

Configuration

Click Unified Messaging or Voice Messaging Only, depending on the Cisco Unity configuration.

Failover

Uncheck the This Is a Primary or Secondary Failover Server check box.

Number of Ports

Enter the number of voice ports that you are connecting with the Cisco Unity server.

The assistant uses the information to determine whether the system requires SQL Server or MSDE. For systems with more than 32 ports, SQL Server is required. Otherwise, MSDE is required.


Step 6 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to install the additional software required by Cisco Unity 4.0(3).

Step 7 If you are upgrading from Cisco Unity 4.0(2), skip to Step 9.

If MSDE Service Pack 3 is being installed, skip to Step 8.

If SQL Server Service Pack 3 is being installed, install it now:

a. On the Welcome screen, click Next.

b. Follow the on-screen prompts until you are prompted to choose the authentication mode.

c. Choose Windows authentication, and click Next.

d. If the SA Password Warning dialog box appears, enter and confirm the password, and click Next.

e. Check the Upgrade Microsoft Search and Apply SQL Server 2000 SP3 [Required] check box, and click Continue. (Do not check the Enable Cross-Database Ownership Chaining for All Databases [Not Recommended] check box.)

f. Follow the on-screen prompts to continue.

g. If you are prompted about shutdown tasks before continuing with the installation, click Next.

h. Click Finish to begin installing components.

i. When the Setup message appears, click OK.

j. Click Finish to restart the server.

k. Skip to Step 9.

Step 8 If MSDE Service Pack 3 is being installed, install it now:

a. Follow the on-screen prompts.

b. When the installation is complete, click Yes to restart the server.

Step 9 Follow the on-screen prompts.

Step 10 When the Cisco Unity System Preparation Assistant has completed, click Finish.

Installing the Microsoft Updates Recommended for Use with Cisco Unity

The Cisco Unity 4.0(3) SR1 Post-Install CD includes updates for all of the Microsoft software that is supported on the Cisco Unity server, including three versions of Exchange, and both SQL Server 2000 and MSDE 2000. Install only the updates that apply to the version of Microsoft software that is installed on the Cisco Unity server. (For example, if Exchange 2000 administration software is installed on the Cisco Unity server, install only the Exchange 2000 updates, not the Exchange 5.5 or Exchange 2003 updates.)

To Install the Microsoft Updates Recommended for Use with Cisco Unity

Step 1 Insert the Cisco Unity 4.0(3) SR1 Post-Install disc in the CD-ROM drive, or browse to the location of the downloaded Microsoft updates.

Step 2 Browse to each of the applicable directories and install all of the updates in the directory. Follow the on-screen prompts.

Note that each directory includes four versions of an update, one each for English (ENU), French (FRA), German (DEU), and Japanese (JPN). Install the correct language version for the software you are updating. (For example, if the French version of Exchange 2000 administration software is installed on the Cisco Unity server, install the French version of the Exchange 2000 update.)

Step 3 Restart the Cisco Unity server as recommended. Several restarts may be required.

Determining Whether to Set Up Cisco Unity to Use SSL

When subscribers log on to the Cisco Personal Communications Assistant (PCA), their credentials are sent across the network to Cisco Unity in clear text. The same is true when the Cisco Unity Administrator and the Status Monitor are configured to use the Anonymous authentication method. In addition, the information that subscribers enter on the pages of the Cisco PCA and of the Cisco Unity Administrator (regardless of which authentication method it uses) is not encrypted.

For increased security, we recommend that you set up Cisco Unity to use the Secure Sockets Layer (SSL) protocol. SSL uses public-key encryption to provide a secure connection between servers and clients, and uses digital certificates to authenticate servers or servers and clients. (A digital certificate is a file that contains encrypted data that attests to the identity of an organization or entity, such as a computer.)

Using the SSL protocol ensures that all Cisco Unity subscriber credentials—as well as the information that a subscriber enters on any page of the Cisco Unity Administrator and the Cisco PCA—are encrypted as the data is sent across the network. In addition, when you set up Cisco Unity to use SSL, each time that a subscriber tries to access any Cisco Unity web application, the browser will confirm that it is connected with the real Cisco Unity server—and not an entity falsely posing as such—before allowing the subscriber to log on.

To set up a web server such as Cisco Unity to use SSL, you can either obtain a digital certificate from a Certificate Authority (CA) or use Microsoft Certificate Services available with Windows to issue your own certificate. (A CA is a trusted organization or entity that issues and manages certificates at the request of another organization or entity.) Cost, certificate features, ease of setup and maintenance, and the security policies practiced by the organization are some of the issues to consider when determining whether you should purchase a certificate from a CA or issue your own.

Information on third-party CAs, Microsoft Certificate Services, and SSL is widely available on the Internet, as well as in the Windows and IIS online documentation. Such sources can help you determine whether to use SSL and how to set up a web server to use it.

Installing the Microsoft Certificate Services Component

Note If you do not plan to set up Cisco Unity to use SSL or if you want to use a digital certificate from a Certificate Authority to set up Cisco Unity to use SSL, skip this section.

Do the procedure in this section if you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate. You may install the component on the Cisco Unity server or on another server.

To Install the Microsoft Certificate Services Component

Step 1 On the server that will act as your Certificate Authority (CA) and issue certificates, on the Windows Start menu, click Settings > Control Panel > Add/Remove Programs.

Step 2 Click Add/Remove Windows Components.

Step 3 In the Windows Components dialog box, check the Certificate Services check box. Do not change any other items. When the warning appears about not being able to rename the computer, or to join or be removed from a domain, click Yes.

Step 4 Click Next.

Step 5 Click Stand-alone Root CA, and click Next. (A stand-alone CA is a CA that does not require Active Directory.)

Step 6 Follow the on-screen prompts to complete the installation. For information, refer to the Windows documentation.

If a message appears that Internet Information Services is running on the computer and must be stopped before proceeding, click OK to stop the service.

Step 7 In the Completing the Windows Components Wizard dialog box, click Finish.

Step 8 Close the Add Remove Programs dialog box and Control Panel.

Upgrading and Configuring Cisco Unity Software

To upgrade and configure Cisco Unity software, you use the Cisco Unity Installation and Configuration Assistant to run four programs in a specific order. The programs:

Check the system and upgrade the Cisco Unity software.

Configure the Cisco Unity services.

Configure Cisco Unity for the message store.

Configure the Cisco Personal Communications Assistant to use SSL, if applicable.

Do the following two subsections in the order listed.

Upgrading the Cisco Unity Software, and Configuring Services and Cisco Unity for the Message Store

Caution When you run the Cisco Unity Installation and Configuration Assistant, Cisco Unity is uninstalled and then reinstalled. Some fields will contain values from the current installation. Do not change any values unless you are instructed to do so in the following procedure, or the system may not be updated correctly.

To Upgrade and Configure the Cisco Unity Software

Step 1 Log on to Windows by using the Cisco Unity installation account.

Caution If you have not already done so, disable virus-scanning and Cisco Security Agent services on the server, if applicable. Otherwise, the installation may fail.

Step 2 On Cisco Unity DVD 1 or CD 1, or from the location to which you saved the downloaded Cisco Unity CD 1 image files, browse to the root directory and double-click Setup.exe.

Step 3 If prompted, double-click the language of your choice to continue the upgrade.

Step 4 On the Cisco Unity Installation and Configuration Assistant Welcome screen, click Continue.

Step 5 In the main window of the assistant, click Run the Cisco Unity Setup Program.

Step 6 If prompted, double-click the language of your choice to continue the upgrade.

Step 7 If a message to stop services appears, click OK.

Step 8 Click Next or Continue without changing values until the Select Features dialog box appears.

Step 9 In the Select Features dialog box:

a. Check the Upgrade Cisco Unity check box.

b. If the Cisco Unity license includes text to speech, check the Enable TTS check box.

If not, uncheck the Enable TTS check box.

c. Uncheck the Install Voice Card Software check box.

Step 10 Click Next or Continue without changing values until you are prompted to restart the Cisco Unity server.

Caution Do not cancel Cisco Unity Setup, or you may have to uninstall and reinstall Cisco Unity. In some cases, nothing may appear to be happening for long periods. To confirm that Cisco Unity Setup is still working, right-click the Windows taskbar and click Task Manager, then the Processes tab and Image Name (to sort by process name), and find Setup.exe. It should be using more than 0% of the CPU.

Step 11 Check the Yes, I Want to Restart My Computer Now check box, and click Finish.

Step 12 In the main window of the Cisco Unity Installation and Configuration Assistant, click Run the Cisco Unity Services Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)

Step 13 On the Welcome screen, click Next.

Step 14 Choose the message store type, and click Next.

Step 15 Follow the on-screen prompts to complete the configuration.

Step 16 In the main window of the assistant, click Run the Cisco Unity Message Store Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)

Step 17 Confirm that the message store server is running. If the message store server is not running, configuring the message store will fail.

Step 18 On the Welcome screen, click Next.

Step 19 Follow the on-screen prompts.

Step 20 When the message store configuration is complete, click Next.

Step 21 If you have not previously set up Cisco Unity to use SSL, the Set Up the Cisco Personal Communications Assistant to Use SSL page appears. Skip to the next subsection, "Setting Up the Cisco Personal Communications Assistant to Use SSL."

If Cisco Unity is already set up to use SSL, when the Summary screen appears, click Close.

Setting Up the Cisco Personal Communications Assistant to Use SSL

From the Cisco Unity Installation and Configuration Assistant, you can set up the Cisco PCA to use SSL. Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco PCA—are encrypted as the data is sent across the network.

If you do not want to set up the Cisco PCA to use SSL, see the "Skipping Cisco PCA Setup for SSL" section.

To set up the Cisco PCA to use SSL, do the procedures in the applicable section, depending on whether you are using a certificate authority:

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

After the Cisco Unity Installation and Configuration Assistant is finished and the Cisco PCA is set up to use SSL, you manually set up the Cisco Unity Administrator and Status Monitor to use SSL. The Cisco Unity Installation Guide alerts you when to do the procedure.

Skipping Cisco PCA Setup for SSL

Do the procedure in this section if you do not want to set up the Cisco PCA to use SSL. (Note that without SSL when subscribers log on to the Cisco PCA, their credentials will be sent across the network to Cisco Unity in clear text. In addition, the information that subscribers enter on the pages of the Cisco PCA will not be encrypted.)

To Skip Cisco PCA Setup for SSL

Step 1 Click Do Not Set Up Cisco Personal Communications Assistant to Use SSL.

Step 2 Click Continue.

Step 3 Click Close to exit the Cisco Unity Installation and Configuration Assistant.

Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

To Set Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority

Step 1 In the Cisco Unity Installation and Configuration Assistant, click Create a Local Certificate Without a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 Right-click Default Web Site, and click Properties.

Step 5 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 6 Under Secure Communications, click Server Certificate.

Step 7 In the Web Server Certificate wizard Welcome window, click Next.

Step 8 Click Create a New Certificate, and click Next.

Step 9 Click Prepare the Request Now, But Send It Later, and click Next.

Step 10 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 11 Click Next.

Step 12 Enter the organization information, and click Next.

Step 13 For the site's common name, enter either the Cisco Unity server's system name or the fully qualified domain name.

Caution The name must exactly match the host portion of any URL that will access this system using a secure connection.

Step 14 Click Next.

Step 15 Enter the geographical information, and click Next.

Step 16 Specify the certificate request file name and location, and write down the file name and location because you will need the information later in this procedure.

Step 17 Click Next.

Step 18 Verify the request file information, and click Next.

Step 19 Click Finish to close the Web Server Certificate wizard.

Step 20 Click OK to Close the Default Web Site Properties dialog box.

Step 21 Close the Internet Services Manager window.

Step 22 In the Cisco Unity Installation and Configuration Assistant, in the Enter Certificate Request File box, enter the full path and file name of the certificate request file that you specified in Step 16.

Step 23 Click Create Certificate.

Step 24 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 25 Click Close to exit the assistant.

Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority

This section contains four procedures.

If you are using Microsoft Certificate Services to issue your own certificate, do all four procedures in the order listed.

If you are using a certificate purchased from a Certificate Authority (for example, VeriSign), do only the fourth procedure, "To Install the Certificate."

To Create a Certificate Request by Using Microsoft Certificate Services

Step 1 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.

Step 2 Click Internet Services Manager.

Step 3 Expand the name of the Cisco Unity server.

Step 4 Right-click Default Web Site, and click Properties.

Step 5 In the Default Web Site Properties dialog box, click the Directory Security tab.

Step 6 Under Secure Communications, click Server Certificate.

Step 7 In the Web Server Certificate wizard Welcome window, click Next.

Step 8 Click Create a New Certificate, and click Next.

Step 9 Click Prepare the Request Now, But Send It Later, and click Next.

Step 10 Enter a name and a bit length for the certificate.

We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.

Step 11 Click Next.

Step 12 Enter the organization information, and click Next.

Step 13 For the site's common name, enter either the Cisco Unity server's system name or the fully qualified domain name.

Caution The name must exactly match the host portion of any URL that will access this system using a secure connection.

Step 14 Click Next.

Step 15 Enter the geographical information, and click Next.

Step 16 Specify the certificate request file name and location, and write down the file name and location because you will need the information in the next procedure.

Save the file to a disk or to a directory that the Certificate Authority (CA) server can access.

Step 17 Click Next.

Step 18 Verify the request file information, and click Next.

Step 19 Click Finish to close the Web Server Certificate wizard.

Step 20 Click OK to Close the Default Web Site Properties dialog box.

Step 21 Close the Internet Services Manager window.

Step 22 Click Close to exit the Cisco Unity Installation and Configuration Assistant.

To Submit the Certificate Request by Using Microsoft Certificate Services

Step 1 On the server that is acting as the CA, on the Windows Start menu, click Run.

Step 2 Run Certreq.

Step 3 Browse to the directory where you saved the certificate request file, and double-click the file.

Step 4 Click the CA to use, and click OK.

Once the CA submits the certificate request, it assigns a pending status by default for added security. This requires a person to verify the authenticity of the request and to manually issue the certificate.

To Issue the Certificate by Using Microsoft Certificate Services

Step 1 On the server that is acting as the CA, on the Windows Start menu, click Programs > Administrative Tools > Certification Authority.

Step 2 In the left pane of the Certification Authority window, expand Certification Authority.

Step 3 Expand <Certification Authority name>.

Step 4 Click Pending Requests.

Step 5 In the right pane, right-click the request, and click All Tasks > Issue.

Step 6 In the left pane, click Issued Certificates.

Step 7 In the right pane, double-click the certificate to open it.

Step 8 Click the Details tab.

Step 9 In the Show list, choose <All>, and click Copy to File.

Step 10 In the Certificate Export wizard Welcome window, click Next.

Step 11 Accept the default export file format DER encoded binary X.509 (.CER), and click Next.

Step 12 Specify a file name and a location that the Cisco Unity server can access, and click Next.

Step 13 Verify the settings, and click Finish.

Step 14 Click OK to close the Certificate Details dialog box.

Step 15 Close the Certification Authority window.

To Install the Certificate

Step 1 On the Cisco Unity server, double-click the CUICA icon on the desktop.

Step 2 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.

Step 3 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, at Step 3, click Internet Services Manager.

Step 4 In Internet Services Manager, expand the name of the Cisco Unity server.

Step 5 Right-click Default Web Site, and click Properties.

Step 6 In the Properties dialog box, click the Directory Security tab.

Step 7 Under Secure Communications, click Server Certificate.

Step 8 On the Web Server Certificate Wizard welcome screen, click Next.

Step 9 Click Process the Pending Request and Install the Certificate, and click Next.

Step 10 Browse to the directory of the certificate (.cer) file, and double-click the file.

Step 11 Verify the certificate information, and click Next.

Step 12 Click Finish to close the Web Server Certificate wizard window.

Step 13 Click OK to close the Default Web Site Properties dialog box.

Step 14 Close the Internet Services Manager window.

Step 15 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.

Step 16 Close the Cisco Unity Installation and Configuration Assistant.

Re-enabling Virus-Scanning and Cisco Security Agent Services

You re-enable virus-scanning and Cisco Security Agent services now that all of the software installations that could have been affected if the services were running are complete.

To Re-enable and Start Virus-Scanning and Cisco Security Agent Services

Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.

Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.

Step 3 Re-enable and start each virus-scanning service and the Cisco Security Agent service:

a. In the right pane, double-click the service.

b. On the General tab, in the Startup Type list, click Automatic to re-enable the service.

c. Click Start to start the service.

d. Click OK to close the Properties dialog box.

Step 4 When the services have been re-enabled, close the Services MMC.

Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL

Note If you are not setting up Cisco Unity to use SSL, skip this section.

Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco Unity Administrator—are encrypted as the data is sent across the network.

To Set Up the Cisco Unity Administrator and Status Monitor to Use SSL

Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Internet Services Manager.

Step 2 Expand the name of the Cisco Unity server.

Step 3 Expand Default Web Site.

Step 4 Under Default Web Site, right-click Web, and click Properties.

Step 5 In the Properties dialog box, set the Web directory to use SSL:

a. Click the Directory Security tab.

b. Under Secure Communications, click Edit.

c. Check the Require Secure Channel (SSL) check box.

d. Click OK to close the Secure Communications dialog box.

e. Click OK to close the Properties dialog box.

Step 6 Under Default Web Site, right-click SAWeb, and click Properties.

Step 7 Repeat Step 5 to set the SAWeb directory to use SSL.

Step 8 Under Default Web Site, right-click Status, and click Properties.

Step 9 Repeat Step 5 to set the Status directory to use SSL.

Step 10 Under Default Web Site, double-click AvXml.

Step 11 In the right pane, right-click AvXml.dll, and click Properties.

Step 12 In the Properties dialog box, click the File Security tab.

Step 13 Under Secure Communications, click Edit.

Step 14 Check the Require Secure Channel (SSL) check box.

Step 15 Click OK to close the Secure Communications dialog box.

Step 16 Click OK to close the AvXml.dll Properties dialog box.

Step 17 Close the Internet Services Manager window.

Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud

It is possible for a malicious user to dial into Cisco Unity, log on as the Example Administrator or Example Subscriber by using the default extension and password, and configure Cisco Unity to forward calls to phone numbers for which there are charges or to reconfigure greetings so an operator believes the voice messaging system is personally accepting collect-call charges. To help secure Cisco Unity against toll fraud, we strongly recommend that you change the phone password for both accounts after Cisco Unity is installed.

Although the Example Subscriber account is no longer created during Cisco Unity installation in versions 4.0(3) and later, you may still have an Example Subscriber account from an earlier version, as the account is not removed during the upgrade process.

(For information on the accounts, refer to the "Default Accounts" section in the "Default Accounts and Message Handling" chapter of the Cisco Unity System Administration Guide, Release 4.0(3).)

To Change the Password on the Example Administrator and Example Subscriber Accounts

Step 1 In the Cisco Unity Administrator, go to any Subscribers > Subscribers page.

Step 2 Click the Find icon.

Step 3 On the Find and Select Subscriber page, click Find.

Step 4 Click Example Administrator.

Step 5 In the left pane, click Phone Password.

Step 6 In the right pane, check the User Cannot Change Password check box.

Step 7 Check the Password Never Expires check box.

Step 8 Under Reset Phone Password, enter and confirm a new password by using digits 0 through 9.

We recommend that you enter a long and nontrivial password; 20 digits or more is desirable. (The minimum length of the password is set on the Subscribers > Account Policy > Phone Password Restrictions page.) In a nontrivial password:

The digits are not all the same (for example, 9999).

The digits are not consecutive (for example, 1234).

The password is not the same as the extension assigned to the Example Administrator.

The password does not spell Example Administrator, the name of the company, the name of the IT manager, or any other obvious words.

Step 9 Click the Save icon.

Step 10 Repeat Step 2 through Step 9 for Example Subscriber.

Step 11 Close the Cisco Unity Administrator.