Table Of Contents
Upgrading Cisco Unity 3.x Software to the Shipping Version
Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version Without Failover
Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version with Failover Configured
Downloading Software for the Upgrade
Software for All Upgrades
Additional Software for Upgrades with No Cisco Unity DVDs or CDs for the Shipping Version
Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data
Converting from the System Key to License Files
Setting Permissions on an Active Directory Location by Using the Permissions Wizard
Disabling Virus-Scanning and Cisco Security Agent Services
Running the Cisco Unity System Preparation Assistant
Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup
Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity
Extending the Active Directory Schema for Cisco Unity
Determining Whether to Set Up Cisco Unity to Use SSL
Installing the Microsoft Certificate Services Component
Upgrading and Configuring Cisco Unity Software
Starting the Cisco Unity Installation and Configuration Assistant and Upgrading Cisco Unity Software
Installing License Files
Configuring Services
Configuring the Message Store
Converting the Integration with the Phone System to a Cisco Unity Version 4.x Integration
Setting Up the Cisco Personal Communications Assistant to Use SSL
Skipping Cisco PCA Setup for SSL
Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority
Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority
Re-enabling Virus-Scanning and Cisco Security Agent Services
Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL
Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)
Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud
Hardening the Cisco Unity Server
Upgrading Cisco Unity 3.x Software to the Shipping Version
The task lists and procedures in this chapter apply only to upgrading the Cisco Unity software from version 3.x to the currently shipping version. Note that the lists contain some tasks that reference instructions in other Cisco Unity documentation.
For information on adding Cisco Unity features, see the "Adding Features to the Cisco Unity System" chapter after you have finished upgrading the software.
This chapter contains the following sections:
•
Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version Without Failover
•Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version with Failover Configured
•Downloading Software for the Upgrade
•Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data
•Converting from the System Key to License Files
•Disabling Virus-Scanning and Cisco Security Agent Services
•Running the Cisco Unity System Preparation Assistant
•Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup
•Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity
•Extending the Active Directory Schema for Cisco Unity
•Determining Whether to Set Up Cisco Unity to Use SSL
•Installing the Microsoft Certificate Services Component
•Upgrading and Configuring Cisco Unity Software
•Re-enabling Virus-Scanning and Cisco Security Agent Services
•Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL
•Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)
•Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud
•Hardening the Cisco Unity Server
Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version Without Failover
Note If the system is using Cisco Unity Bridge version 2.x, refer instead to the "Upgrading from Bridge 2.x to Bridge 3.x" chapter of the Cisco Unity Bridge Networking Guide, Release 3.0 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/bridge30/bnet/ex/index.htm. The order and timing of upgrade tasks are different.
Caution Windows Server 2003 is supported only with Cisco Unity version 4.0(4) and later. Upgrading from Windows 2000 to Windows Server 2003 is not supported when any additional software has been installed on the server (for example, SQL Server 2000 or MSDE 2000, Exchange or Exchange administration software, or Cisco Unity). Upgrading to Windows Server 2003 on an existing Cisco Unity server is supported only when you back up Cisco Unity data by using the Cisco Unity Disaster Recovery Backup tool, reinstall all software on the Cisco Unity server, and restore Cisco Unity data by using the Cisco Unity Disaster Recovery Restore tool.
Caution Cisco Unity 3.x does not support Exchange 2003. Before you run Exchange 2003 Forestprep to begin an upgrade to Exchange 2003, you must first upgrade Cisco Unity to version 4.0(4) or later. Otherwise, the changes that Forestprep makes to Active Directory will cause Cisco Unity to stop functioning. For information on upgrading to Exchange 2003 after you have upgraded Cisco Unity, see the
"Upgrading Exchange on the Cisco Unity System" chapter.
This task list contains all upgrade tasks for upgrading Cisco Unity 3.x software to the shipping version without failover. Follow the documentation for a successful upgrade.
Do not remove the system key before completing the upgrading and configuration process. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to remove the key during the upgrade process.
The Cisco Unity server will be out of service while the Cisco Unity software is upgraded.
1. Refer to the applicable version of Cisco Unity System Requirements at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html to confirm that the hardware and software that you intend to use for the 4.x system is supported.
2. Download software for the installation. See the "Downloading Software for the Upgrade" section.
3. Confirm that the Cisco Unity server name (netBIOS name) contains only alphabetical characters A to Z and a to z, numerical characters 0 to 9, and hyphens (-). Note that an underscore in the Cisco Unity server name is not supported. (If present, it prevents successful completion of the upgrade and prevents access to the Cisco Unity Administrator.)
Caution Using other characters in the server name is not supported by DNS.
4. If the partner Exchange server is running Exchange 5.5: Upgrade Exchange. Do the procedures in the applicable section in the "Upgrading Exchange on the Cisco Unity System" chapter.
Caution For Cisco Unity 4.2(1) and later, Exchange 5.5 is not supported as the message store.
If you are using Cisco Unity 3.0(x) and if Cisco Unity is configured for Voice Messaging, upgrade to Cisco Unity 3.1(1) or later before you upgrade Exchange. The Cisco Unity Disaster Recovery tools (DiRT), which are required for the Exchange upgrade, are not supported for Cisco Unity 3.0(x). We recommend that you upgrade to Cisco Unity 4.0(5) because that version:
•Is available in a variety of languages.
•Supports Windows Server 2003, so you have the option to install either Windows Server 2003 or Windows 2000 Server.
•Supports Exchange Server 2003, so you have the option to use either Exchange Server 2003 or Exchange 2000 Server.
For more information, see the applicable section in the "Upgrading Exchange on the Cisco Unity System" chapter.
5. If you upgraded to Cisco Unity 4.0(5) in the previous step, continue the upgrade to the shipping version using the procedures in the "Upgrading Cisco Unity 4.x Software to the Shipping Version" chapter. Otherwise, continue with Task 6.
6. Refer to Release Notes for Cisco Unity Release <Version> for additional information on upgrading to the shipping version of Cisco Unity. In particular, note the items in the sections "Installation and Upgrade Notes" and "Limitations and Restrictions." Release notes are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_release_notes_list.html.
7. On the schema master, extend the Active Directory schema. See the "Extending the Active Directory Schema for Cisco Unity" section.
8. Check the consistency of the Cisco Unity database by using the Cisco Unity Directory Walker (DbWalker) utility, and back up Cisco Unity data by using the Disaster Recovery Backup tool. See the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section.
9. Obtain license file(s). See the "Converting from the System Key to License Files" section.
10. If Cisco Unity is not already using SSL: Determine whether to set up Cisco Unity to use SSL. See the "Determining Whether to Set Up Cisco Unity to Use SSL" section.
11. If you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate: Install the Microsoft Certificate Services component. See the "Installing the Microsoft Certificate Services Component" section.
12. The same accounts and permissions are required for installing a new Cisco Unity system and for upgrading from earlier versions to the shipping version. To create the necessary accounts and to set rights and permissions, do all of the tasks in the list at the beginning of the "Creating Accounts for the Installation and Setting Rights and Permissions" chapter of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.)
When you run the Permissions wizard, if you downloaded the latest version from CiscoUnityTools.com, install and run that version. Otherwise, run the version that appears in the Utilities\PermissionsWizard directory on the shipping Cisco Unity CD or DVD. For more information, refer to the Permissions wizard Help file, PWHelp_<language>.htm. Do not refer to the procedure in the Cisco Unity installation guide, which has not been updated with the latest changes to the Permissions wizard.
We recommend that you run the Cisco Unity Permissions wizard during off-peak hours unless you are installing a new Cisco Unity system in a Voice Messaging configuration and you are not creating subscriber accounts in the corporate directory. The new version of Permissions wizard sets permissions at a more granular level that requires more changes to the Active Directory database than previous versions.
The Permissions wizard sets permissions for installation and services accounts in Active Directory, and also sets permissions on the local server. When there is more than one Cisco Unity server in the forest (with or without failover configured), and when you are using the same three Active Directory accounts for installation, directory services, and message store services on multiple servers, the Permissions wizard only needs to set Active Directory permissions once for those accounts. When you run the Permissions wizard on the second and subsequent servers, the Permissions wizard displays a message asking whether you want to reapply permissions to those accounts. Click No, and the Permissions wizard will apply only the permissions required by the local server.
Note When you run the Permissions wizard on a Cisco Unity server that is in a different domain than the installation and services accounts, the Permissions wizard cannot read or write the attribute that it uses to detect that permissions have already been set on those accounts. If you will be running the Permissions wizard on any Cisco Unity servers that are in a different domain than the installation and services accounts, we recommend that you give the account that you are using to run Permissions wizard read and write rights on the ciscoEcsbuUnityInformation property set for the installation and service accounts.
When the Permissions wizard completes, the Lsass.exe process updates the Active Directory database with the new permissions. While Lsass.exe is processing the updates, it uses 100 percent of available processor time on one of the domain controllers in the domain where the Permissions wizard was run. (Other domain controllers in the domain are also affected, but the impact is less significant.) The updates take a few minutes to several hours, depending on the size of the database. Except when the Cisco Unity server is the domain controller and the Lsass.exe process slows the screen refresh, you may continue with the Cisco Unity installation while Lsass.exe is processing changes.
13. If Cisco Unity is configured to automatically create Bridge or VPIM subscribers in a different AD location than regular subscribers: Re-run the Permissions wizard, and specify the domain and location on the Set Active Directory Containers for New Objects page. See the "Setting Permissions on an Active Directory Location by Using the Permissions Wizard" procedure.
14. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.
15. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.
16. Install the latest recommended Exchange 2000 service pack and the latest post-service pack rollup, if any. You must install at least Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup because they resolve an intermittent problem with message notification.
Note When Service Pack 3 and the rollup are not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Such activity is seen by intrusion-detection systems as port scans or attacks.
Install the software on all of the following servers on which either Exchange 2000 or Exchange 2000 administration software is installed:
•The Cisco Unity server.
•The partner Exchange server.
•The Exchange 2000 servers on which Cisco Unity subscribers are homed.
If you are installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup, see the "Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup" section. If you are installing a later service pack and/or rollup, see the Microsoft documentation that you printed when you downloaded the software.
17. Install the Microsoft updates recommended for use with Cisco Unity. In addition, if we recommend any Windows or SQL Server/MSDE service packs later than those that are installed by the Cisco Unity System Preparation Assistant, install the latest recommended service packs. See the "Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity" section.
18. If voice card software is installed: Remove the voice card software. Refer to the "Removing Intel Dialogic Voice Card Software" section in the "Voice Cards and PIMG Units" appendix of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.) The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to install a later version of the software later in the upgrade.
19. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the license files, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.
20. Install the service release for the shipping version of Cisco Unity, if available. For installation instructions, refer to Release Notes for Cisco Unity <Version> Service Release 1 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
21. Remove the system key. Store it where it can be accessed if you need to downgrade the system later from Cisco Unity 4.x to 3.x.
22. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.
23. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.
24. Review the substitute objects on the System > Configuration > Settings page of the Cisco Unity Administrator. The objects are Substitute Recipient, Substitute Owner, Substitute After Message Call Handler, and Substitute Exit Call Handler. Cisco Unity uses the objects to substitute references to any subscriber that is deleted by using the Cisco Unity Administrator without first reassigning such references (for example, ownership of a call handler or distribution list). For new installations, the Example Administrator is configured as the Substitute Recipient and Substitute Owner, and the Goodbye call handler is configured as the Substitute After Message Call Handler and Substitute Exit Call Handler. For upgrades, any changes made to the defaults will not be overwritten. However, we recommend that you review these settings now and update them if you wish to use different substitute objects. Refer to Cisco Unity Administrator Help for a description of each object and where it applies.
25. If Windows Server 2003 is installed on the Cisco Unity Server: Update Internet Explorer security settings. See the "Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)" section.
26. Secure the Example Administrator account, and if applicable, the Example Subscriber account, against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.
27. Optional: If Cisco Security Agent for Cisco Unity is not installed on the Cisco Unity server, install it. Refer to Release Notes for Cisco Security Agent for Cisco Unity for installation and configuration instructions. Release notes for all version are available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
28. If the Cisco Unity server is connected to the corporate network: Harden the Cisco Unity server. See the "Hardening the Cisco Unity Server" section.
29. If the system is using the AMIS or SMTP networking options: Refer to the applicable "Upgrading with <Networking Option>" section in the "Upgrading and Uninstalling Networking Options" chapter of the Networking in Cisco Unity Guide, Release 4.0(5) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/net/net405/ex/index.htm.
Task List for Upgrading Cisco Unity 3.x Software to the Shipping Version with Failover Configured
Note If the system is using Cisco Unity Bridge version 2.x, refer instead to the "Upgrading from Bridge 2.x to Bridge 3.x" chapter of the Cisco Unity Bridge Networking Guide, Release 3.0 at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/bridge30/bnet/ex/index.htm. The order and timing of upgrade tasks are different.
Caution Windows Server 2003 is supported only with Cisco Unity version 4.0(4) and later. Upgrading from Windows 2000 to Windows Server 2003 is not supported when any additional software has been installed on the server (for example, SQL Server 2000 or MSDE 2000, Exchange or Exchange administration software, or Cisco Unity). Upgrading to Windows Server 2003 on an existing Cisco Unity server is supported only when you back up Cisco Unity data by using the Cisco Unity Disaster Recovery Backup tool, reinstall all software on the Cisco Unity server, and restore Cisco Unity data by using the Cisco Unity Disaster Recovery Restore tool.
Caution Cisco Unity 3.x does not support Exchange 2003. Before you run Exchange 2003 Forestprep to begin an upgrade to Exchange 2003, you must first upgrade Cisco Unity to version 4.0(4) or later. Otherwise, the changes that Forestprep makes to Active Directory will cause Cisco Unity to stop functioning.
This task list contains all upgrade tasks for upgrading Cisco Unity 3.x software to the shipping version when failover is configured. Follow the documentation for a successful upgrade.
Do not remove the system key before completing the upgrading and configuration process. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to remove the key during the upgrade process.
The failover feature cannot be used for continuing Cisco Unity service on one server while upgrading the Cisco Unity software on the other server. Both the primary and secondary servers must be out of service while the Cisco Unity software is upgraded. The secondary server cannot handle voice messaging while the primary server is being upgraded. While you do these procedures, callers and subscribers will not be able to record or listen to voice messages. We recommend that you upgrade when phone traffic is light, for example, after business hours.
1. Refer to the applicable version of the Cisco Unity System Requirements at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html to confirm that the hardware and software that you intend to use for the 4.x system is supported.
2. Download software for the installation. See the "Downloading Software for the Upgrade" section.
3. Confirm that the Cisco Unity server name (netBIOS name) contains only alphabetical characters A to Z and a to z, numerical characters 0 to 9, and hyphens (-). Note that an underscore in the Cisco Unity server name is not supported. (If present, it prevents successful completion of the upgrade and prevents access to the Cisco Unity Administrator.)
Caution Using other characters in the server name is not supported by DNS.
4. If the partner Exchange server is running Exchange 5.5: Upgrade Exchange. Do the procedures in the applicable section in the "Upgrading Exchange on the Cisco Unity System" chapter.
Caution For Cisco Unity 4.2(1) and later, Exchange 5.5 is not supported as the message store.
If you are using Cisco Unity 3.0(x) and if Cisco Unity is configured for Voice Messaging, upgrade to Cisco Unity 3.1(1) or later before you upgrade Exchange. The Cisco Unity Disaster Recovery tools (DiRT), which are required for the Exchange upgrade, are not supported for Cisco Unity 3.0(x). We recommend that you upgrade to Cisco Unity 4.0(5) because that version:
•Is available in a variety of languages.
•Supports Windows Server 2003, so you have the option to install either Windows Server 2003 or Windows 2000 Server.
•Supports Exchange Server 2003, so you have the option to use either Exchange Server 2003 or Exchange 2000 Server.
For more information, see the applicable section in the "Upgrading Exchange on the Cisco Unity System" chapter.
5. If you upgraded to Cisco Unity 4.0(5) in the previous step, continue the upgrade to the shipping version using the procedures in the "Upgrading Cisco Unity 4.x Software to the Shipping Version" chapter. Otherwise, continue with Task 6.
6. Refer to Release Notes for Cisco Unity Release <Version> for additional information on upgrading to the shipping version of Cisco Unity. In particular, note the items in the sections "Installation and Upgrade Notes" and "Limitations and Restrictions." Release notes are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_release_notes_list.html.
7. On the schema master, extend the Active Directory schema. See the "Extending the Active Directory Schema for Cisco Unity" section.
8. Check the consistency of the Cisco Unity database by using the Cisco Unity Directory Walker (DbWalker) utility, and back up Cisco Unity data by using the Cisco Unity Disaster Recovery Backup tool. See the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section.
9. Obtain license file(s). See the "Converting from the System Key to License Files" section.
10. If Cisco Unity is not already using SSL: Determine whether to set up Cisco Unity to use SSL. See the "Determining Whether to Set Up Cisco Unity to Use SSL" section.
11. If you plan to set up Cisco Unity to use SSL and want to use the Microsoft Certificate Services available with Windows to issue your own certificate: Install the Microsoft Certificate Services component. See the "Installing the Microsoft Certificate Services Component" section.
12. The same accounts and permissions are required for installing a new Cisco Unity system and for upgrading from earlier versions to the shipping version. To create the necessary accounts and to set rights and permissions for a failover system:
a. On the primary server, do all of the tasks in the list at the beginning of the "Creating Accounts for the Installation and Setting Rights and Permissions" chapter of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.)
When you run the Permissions wizard, if you downloaded the latest version from CiscoUnityTools.com, install and run that version. Otherwise, run the version that appears in the Utilities\PermissionsWizard directory on the shipping Cisco Unity CD or DVD. For more information, refer to the Permissions wizard Help file, PWHelp_<language>.htm. Do not refer to the procedure in the Cisco Unity installation guide, which has not been updated with the latest changes to the Permissions wizard.
We recommend that you run the Cisco Unity Permissions wizard during off-peak hours unless you are installing a new Cisco Unity system in a Voice Messaging configuration and you are not creating subscriber accounts in the corporate directory. The new version of Permissions wizard sets permissions at a more granular level that requires more changes to the Active Directory database than previous versions.
The Permissions wizard sets permissions for installation and services accounts in Active Directory, and also sets permissions on the local server. When there is more than one Cisco Unity server in the forest (with or without failover configured), and when you are using the same three Active Directory accounts for installation, directory services, and message store services on multiple servers, the Permissions wizard only needs to set Active Directory permissions once for those accounts. When you run the Permissions wizard on the second and subsequent servers, the Permissions wizard displays a message asking whether you want to reapply permissions to those accounts. Click No, and the Permissions wizard will apply only the permissions required by the local server.
Note When you run the Permissions wizard on a Cisco Unity server that is in a different domain than the installation and services accounts, the Permissions wizard cannot read or write the attribute that it uses to detect that permissions have already been set on those accounts. If you will be running the Permissions wizard on any Cisco Unity servers that are in a different domain than the installation and services accounts, we recommend that you give the account that you are using to run Permissions wizard read and write rights on the ciscoEcsbuUnityInformation property set for the installation and service accounts.
When the Permissions wizard completes, the Lsass.exe process updates the Active Directory database with the new permissions. While Lsass.exe is processing the updates, it uses 100 percent of available processor time on the root domain controller in the domain and on one of the global catalog servers in the site where the Permissions wizard was run. (Other domain controllers in the domain and other global catalog servers in the forest are also affected, but the impact is less significant.) The updates take a few minutes to several hours, depending on the size of the database. Except when the Cisco Unity server is the domain controller and the Lsass.exe process slows the screen refresh, you may continue with the Cisco Unity installation while Lsass.exe is processing changes.
b. On the secondary server, do Task 3 and Task 4 in the same list. When you run the Permissions wizard on the secondary server, Lsass.exe does not affect performance on domain controllers.
13. On the primary server, do the following five tasks:
a. If Cisco Unity is configured to automatically create Bridge or VPIM subscribers in a different AD location than regular subscribers: Re-run the Permissions wizard on the primary server, and specify the domain and location on the Set Active Directory Containers for New Objects page. See the "Setting Permissions on an Active Directory Location by Using the Permissions Wizard" procedure.
b. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the primary Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.
c. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.
d. Install the latest recommended Exchange 2000 service pack and the latest post-service pack rollup, if any. You must install at least Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup because they resolve an intermittent problem with message notification.
Note When Service Pack 3 and the rollup are not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Such activity is seen by intrusion-detection systems as port scans or attacks.
Install the software on all of the following servers on which either Exchange 2000 or Exchange 2000 administration software is installed:
•The Cisco Unity primary server.
•The partner Exchange server.
•The Exchange 2000 servers on which Cisco Unity subscribers are homed.
If you are installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup, see the "Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup" section. If you are installing a later service pack and/or rollup, see the Microsoft documentation that you printed when you downloaded the software.
e. Install the Microsoft updates recommended for use with Cisco Unity. In addition, if we recommend any Windows or SQL Server service packs later than those that are installed by the Cisco Unity System Preparation Assistant, install the latest recommended service packs. See the "Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity" section.
14. On the secondary server, do the following four tasks:
a. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the secondary Cisco Unity server: Disable virus-scanning services and the Cisco Security Agent service. See the "Disabling Virus-Scanning and Cisco Security Agent Services" section.
b. Run the Cisco Unity System Preparation Assistant to update the required Windows components, browser, database, and service packs. See the "Running the Cisco Unity System Preparation Assistant" section.
c. On the Cisco Unity secondary server, install the latest recommended Exchange 2000 service pack and the latest post-service pack rollup, if any. If you are installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup, see the "Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup" section. If you are installing a later service pack and/or rollup, see the Microsoft documentation that you printed when you downloaded the software.
d. Install the Microsoft updates recommended for use with Cisco Unity. In addition, if we recommend any Windows or SQL Server/MSDE service packs later than those that are installed by the Cisco Unity System Preparation Assistant, install the latest service packs. See the "Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity" section.
15. On the primary server, do the following seven tasks:
a. If voice card software is installed: Remove the voice card software. Refer to the "Removing Intel Dialogic Voice Card Software" section in the "Voice Cards and PIMG Units" appendix of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.) The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to install a later version of the software later in the upgrade.
b. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the license files, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.
c. Install the service release for the shipping version of Cisco Unity, if available. For installation instructions, refer to Release Notes for Cisco Unity <Version> Service Release 1 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
d. Run the Configure Cisco Unity Failover wizard. Refer to the "Configuring Failover on the Primary and Secondary Servers" section in the "Configuring Cisco Unity Failover" chapter of the Cisco Unity Failover Configuration and Administration Guide, Release 4.x. (The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/fail/fail401/ex/index.htm.)
e. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the primary Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.
f. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.
g. If Windows Server 2003 is installed on the Cisco Unity Server: Update Internet Explorer security settings. See the "Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)" section.
16. On the secondary server, do the following seven tasks:
a. If voice card software is installed: Remove the voice card software. Refer to the "Removing Intel Dialogic Voice Card Software" section in the "Voice Cards and PIMG Units" appendix of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.) The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to install a later version of the software later in the upgrade.
b. Run the Cisco Unity Installation and Configuration Assistant to upgrade the software, install the default license file, specify the accounts for services, connect the message store, upgrade the Cisco Unity integration with the phone system, and configure the Cisco Personal Communications Assistant to use SSL, if applicable. See the "Upgrading and Configuring Cisco Unity Software" section.
c. Install the service release for the shipping version of Cisco Unity, if available. For installation instructions, refer to Release Notes for Cisco Unity <Version> Service Release 1 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
d. Run the Configure Cisco Unity Failover wizard. Refer to the "Configuring Failover on the Primary and Secondary Servers" section in the "Configuring Cisco Unity Failover" chapter of the Cisco Unity Failover Configuration and Administration Guide, Release 4.x. (The guide is available at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/fail/fail401/ex/index.htm.)
e. If virus-scanning software or Cisco Security Agent for Cisco Unity is installed on the secondary Cisco Unity server: Re-enable virus-scanning services and the Cisco Security Agent service for Cisco Unity. See the "Re-enabling Virus-Scanning and Cisco Security Agent Services" section.
f. If you are setting up Cisco Unity to use SSL: Set up the Cisco Unity Administrator and Status Monitor to use SSL. See the "Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL" section.
g. If Windows Server 2003 is installed on the Cisco Unity Server: Update Internet Explorer security settings. See the "Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)" section.
17. On the primary server, review the substitute objects on the System > Configuration > Settings page of the Cisco Unity Administrator. The objects are Substitute Recipient, Substitute Owner, Substitute After Message Call Handler, and Substitute Exit Call Handler. Cisco Unity uses the objects to substitute references to any subscriber that is deleted by using the Cisco Unity Administrator without first reassigning such references (for example, ownership of a call handler or distribution list). For new installations, the Example Administrator is configured as the Substitute Recipient and Substitute Owner, and the Goodbye call handler is configured as the Substitute After Message Call Handler and Substitute Exit Call Handler. For upgrades, any changes made to the defaults will not be overwritten. However, we recommend that you review these settings now and update them if you wish to use different substitutes. Refer to Cisco Unity Administrator Help for a description of each object and where it applies.
18. On the primary server, secure the Example Administrator account, and if applicable, the Example Subscriber account, against toll fraud. See the "Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud" section.
19. Remove the system keys from the primary and secondary Cisco Unity servers. Store them where they can be accessed if you later need to downgrade the system from Cisco Unity 4.x to 3.x.
20. If the Cisco Unity server is connected to the corporate network: Harden both the primary and secondary Cisco Unity servers. See the "Hardening the Cisco Unity Server" section.
21. If the system is using the AMIS or SMTP networking options: Refer to the applicable "Upgrading with <Networking Option>" section in the "Upgrading and Uninstalling Networking Options" chapter of the Networking in Cisco Unity Guide, Release 4.0(5) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/net/net405/ex/index.htm.
Downloading Software for the Upgrade
This section lists the software needed to upgrade Cisco Unity. Note that if you do not have Cisco Unity DVDs or CDs for the shipping version, you must download additional software.
•Software for All Upgrades
•Additional Software for Upgrades with No Cisco Unity DVDs or CDs for the Shipping Version
Software for All Upgrades
Download the following software for all upgrades. Even if you have Cisco Unity DVDs or CDs for the shipping version, we recommend that you download the software, which may have been updated since the discs were produced or which is not included on the discs.
Cisco Unity Service Release
The Cisco Unity service release (a rollup of Cisco Unity engineering specials) for the shipping version, if available. Refer to the "Downloading Service Release 1" section of Release Notes for Cisco Unity <Version> Service Release 1 at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html. Note that if there are no release notes available, the service release for the shipping version has not been released yet.
Microsoft Service Packs
The latest service packs recommended for use with Cisco Unity, if any were qualified after the shipping version of Cisco Unity was released. Available on the Microsoft website. Also download or print the installation instructions.
To determine the service packs that are recommended, refer to Recommended Service Packs and Updates for Use with Cisco Unity and the Cisco Unity Bridge at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/cmptblty/msupdate.htm. (Service packs that were recommended when the shipping version of Cisco Unity was released are available on the Cisco Unity 4.x Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity-40.)
Microsoft Updates
The latest updates recommended for use with Cisco Unity. Available on the Microsoft Updates for Cisco Unity Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity_msft_updates. (Updates that were recommended when the shipping version of Cisco Unity was released are on the Cisco Unity<Version> Post-Install CD, but the download page is updated monthly, so you should check for new updates even if you have the CD.)
Caution If the partner Exchange server is running Exchange 2000, you must install the Exchange 2000 Server Post-Service Pack 3 Update Rollup (KB 870540) on the Cisco Unity server, or you will not be able to install or upgrade to the shipping version of Cisco Unity.
Note To access the software download page, you must be logged on to Cisco.com as a registered user.
Cisco Security Agent for Cisco Unity (Optional)
Cisco Security Agent for Cisco Unity is available on the Cisco Unity Crypto Software Download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/unity3d. Refer to Release Notes for Cisco Security Agent for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html for information on supported configurations, and for download and installation instructions.
Because of export controls on strong encryption, the first time you download Cisco Security Agent for Cisco Unity, you need to fill out a brief questionnaire. Follow the on-screen prompts.
Cisco Unity Directory Walker Utility and Cisco Unity Disaster Recovery Tools
The latest versions of the Cisco Unity Directory Walker (DbWalker) utility and the Cisco Unity Disaster Recovery tools (DiRT). DbWalker is used to check the consistency of and correct errors in the Cisco Unity database before the upgrade. DiRT is used to back up Cisco Unity data before the upgrade and to restore Cisco Unity data, if necessary. (All are included on the Cisco Unity discs, but updates are posted regularly to the Cisco Unity Tools website.)
DbWalker for Cisco Unity 3.x is available at http://ciscounitytools.com/App_DirectoryWalker3.htm. DiRT is available at http://ciscounitytools.com/App_DisasterRecoveryTools.htm.
Cisco Unity Permissions Wizard
The latest version of the Cisco Unity Permissions wizard. The Permissions wizard for Cisco Unity 4.2(1) and later is available at http://ciscounitytools.com/App_PW_421.htm.
Additional Software for Upgrades with No Cisco Unity DVDs or CDs for the Shipping Version
If you do not have Cisco Unity DVDs or CDs for the shipping version, you also need to download the following software.
Cisco Unity CDs
Cisco Unity CDs for the shipping version. Refer to the "Downloading Software for Cisco Unity <Version>" section of Release Notes for Cisco Unity Release <Version> at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
Cisco Unity Service Pack CDs
Cisco Unity Service Pack CD 1, which includes the Cisco Unity System Preparation Assistant.
Cisco Unity Service Pack CD 2, if you are using Exchange 2000 and if Exchange 2000 Service Pack 3 is not already installed.
Cisco Unity Service Pack CD 3, if you are using Exchange 2003 and if Exchange 2003 Service Pack 1 is not already installed.
Refer to the "Downloading Software for Cisco Unity <Version>" section of Release Notes for Cisco Unity Release <Version> at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
Microsoft Updates for Cisco Unity
Microsoft updates recommended for use with Cisco Unity. Refer to the "Downloading Software for Cisco Unity <Version>" section of Release Notes for Cisco Unity Release <Version> at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
Caution If the partner Exchange server is running Exchange 2000, you must install the Exchange 2000 Server Post-Service Pack 3 Update Rollup (KB 870540) on the Cisco Unity server, or you will not be able to install or upgrade to the shipping version of Cisco Unity.
Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data
Before you upgrade Cisco Unity, we recommend that you run the DbWalker utility to check the consistency of the Cisco Unity database. Running DbWalker fixes most minor errors automatically and flags any major errors.
On a system with a few hundred subscribers, running DbWalker takes only a few minutes. However, on a large system, running DbWalker may take several hours. The duration depends on the speed of the processor, the amount of RAM in the server, the number of calls that Cisco Unity is taking, and other variables.
We also recommend that you back up Cisco Unity data by using the Disaster Recovery Backup tool. Running the tool takes only a few minutes, and having a DiRT backup allows you to restore Cisco Unity data easily, if necessary.
To Check the Consistency of the Cisco Unity Database
Step 1 On the Cisco Unity server, install the latest version of DbWalker, if it is not already installed.
If Cisco Unity failover is configured, do this procedure on the primary server.
Step 2 Run DbWalker, and correct all errors that the utility finds. Refer to DbWalker Help for detailed instructions on running the utility and on correcting errors in the database. (The Help file, DbWalker.htm, is in the same directory as DbWalker.exe.)
If you choose to back up messages as well as Cisco Unity data in the next procedure, backing up takes longer, the size of the backup is significantly larger, and the account with which you log on to Windows requires additional permissions. Refer to DiRT Help for detailed information.
To Back Up Cisco Unity Data
Step 1 On the Cisco Unity server, install the latest versions of DiRT, if the tools are not already installed.
If Cisco Unity failover is configured, do this procedure on the secondary server.
Step 2 Back up Cisco Unity data by using the Disaster Recovery Backup tool. Refer to DiRT Help for detailed instructions. (The Help file, UnityDisasterRecovery.htm, is in the same directory as UnityDisasterRecoveryBackup.exe.)
Caution Follow Help carefully. DiRT includes a variety of options that you must understand to use the tools successfully. In addition, the account you are logged on as when you back up Cisco Unity data must have sufficient permissions or the backup will fail.
Converting from the System Key to License Files
Cisco Unity has changed its license-control process from using a physical system key to using electronic license files. License files, which enable the features purchased by the customer, are now required for installing Cisco Unity software, for some upgrades, and for adding or changing licensed features. A system key is no longer required.
For an upgrade to Cisco Unity version 4.0, you obtain the license files by completing registration information on Cisco.com. Shortly after registration, Cisco e-mails the license files. The e-mail from Cisco contains instructions on how to save and store the files. The Cisco Unity Reconfiguration and Upgrade Guide provides specific instructions later in the upgrade process on the use of the license files and when to remove the system key. (For more information on licensing, refer to White Paper: Licensing for Cisco Unity (All Versions) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/whitpapr/licenses.htm.)
Note If the system is using failover, install the license files only on the primary server.
The following information is required during registration:
•The MAC address (physical address) for the network interface card (NIC) in the Cisco Unity server.
•The serial number of the currently installed system key.
•The currently installed system key code.
•The product authorization key (PAK), which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1.
Do the following four procedures in the order listed.
To Get the MAC Address of the Cisco Unity Server
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Accessories > Command Prompt.
Step 2 In the Command Prompt window, enter ipconfig /all, and press Enter.
Step 3 Write down the value of Physical Address, excluding the hyphens, or save it to a file that you can access during online registration. (For example, if the physical address is 00-A1-B2-C3-D4-E5, record 00A1B2C3D4E5.)
If the server contains more than one NIC, one value will appear for each NIC. Write down the value for the NIC that you will use to connect the Cisco Unity server to the network.
Step 4 Close the Command Prompt window.
To Get the Serial Number of the Currently Installed System Key
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Cisco Unity > Key Dump.
Step 2 Write down the value for Serial Number, or save it to a file that you can access during online registration.
Step 3 Click Exit to close the Key Dump window.
To Get the Currently Installed System Key Code
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Cisco Unity > Upgrade License.
Step 2 Click Generate Current System Code. Do not change the code type.
Step 3 Click Save to File, and save the system code to a file that you can access during online registration. (The default name of the file is AvSysCode.txt.)
Step 4 Click Exit to close the Generate Current System Code window.
Step 5 Click Exit to close the Upgrade License window.
To Register and Obtain the License Files
Step 1 Browse to http://www.cisco.com/go/license (the URL is case sensitive).
Note You must be a registered user to access this web page. If you are not a registered user, go to http://tools.cisco.com/RPF/register/register.do to register and obtain a Cisco.com user ID.
Step 2 Enter the PAK or software serial number, and click Submit.
Step 3 Follow the on-screen prompts.
Step 4 Shortly after registration, you will receive an e-mail with the Cisco Unity license files.
If the license files are lost, it can take up to one business day to get another copy.
If you do not receive the license file(s) within 1 hour or to get another copy of a license file, call the Cisco Technical Assistance Center (TAC) and ask for the Licensing Team:
Or send e-mail to licensing@cisco.com.
You will need to provide information to verify Cisco Unity ownership—for example, the purchase order number or the PAK (which appears on the sticker located on the front of the sleeve for Cisco Unity DVD 1 or CD 1).
Note Cisco Unity software comes with a default license file that has a minimal number of settings. The license file allows installation of a Cisco Unity demonstration system. For information and instructions on installing a demonstration system, refer to the "Cisco Unity Demonstration System" section of the Cisco Unity release notes.
Setting Permissions on an Active Directory Location by Using the Permissions Wizard
You re-run the Permissions Wizard to update the permissions on the Active Directory location where Cisco Unity automatically creates Bridge and/or VPIM subscribers, if it is different from the location where Cisco Unity creates regular subscribers. If Cisco Unity is configured to automatically create both Bridge and VPIM subscribers in different locations, do the following procedure for the Bridge subscriber location, and repeat the procedure for the VPIM subscriber location.
Run the Permissions wizard during off-peak hours. The Permissions wizard now sets permissions at a more granular level than previous versions did, which requires more changes to the Active Directory database.
Caution When the Permissions wizard completes, the Lsass.exe process updates the Active Directory database with the new permissions. While Lsass.exe is processing the updates, it uses 100% of available processor time on the root domain controller in the domain and on one of the global catalog servers in the site where the Permissions wizard was run. (Other domain controllers in the domain and other global catalog servers in the forest are also affected, but the impact is less significant.) The updates take a few minutes to several hours, depending on the size of the database. Do not continue with the Cisco Unity upgrade until Lsass.exe has finished processing the changes, or Cisco Unity Setup may fail.
To Set Permissions on the AD Location by Using the Permissions Wizard
Step 1 If you downloaded the latest version of Permissions wizard from CiscoUnityTools.com, install and run that version. Otherwise, run the version that appears in the Utilities\PermissionsWizard directory on the shipping Cisco Unity CD or DVD.
Step 2 Click Next without changing any options until you arrive at the Set Active Directory Containers for New Objects page.
Step 3 Select the domain and the applicable container or organizational unit in which Cisco Unity automatically creates Bridge or VPIM subscribers.
Note The Permissions wizard only has the ability to grant permissions—it does not remove any permissions. Following this procedure will add the necessary permissions on the container or OU that you select, but will not remove permissions that are already granted on other containers for Cisco Unity.
Step 4 Click Next and follow the prompts to complete the Permissions wizard.
Disabling Virus-Scanning and Cisco Security Agent Services
Note If the system is not using virus-scanning software or Cisco Security Agent for Cisco Unity, skip this section.
You disable virus-scanning and Cisco Security Agent services on the server so that they do not slow down the installation of software or cause the installations to fail. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to re-enable the services after all of the installation procedures that can be affected are complete.
To Disable and Stop Virus-Scanning and Cisco Security Agent Services
Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.
Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.
Step 3 Disable and stop each virus-scanning service and the Cisco Security Agent service:
a. In the right pane, double-click the service.
b. On the General tab, in the Startup Type list, click Disabled. This prevents the service from starting when you restart the server.
c. Click Stop to stop the service immediately.
d. Click OK to close the Properties dialog box.
Step 4 When the services have been disabled, close the Services MMC.
Running the Cisco Unity System Preparation Assistant
The Cisco Unity System Preparation Assistant is a program that helps customize the platform for Cisco Unity by checking for and installing Windows 2000 Server components, Microsoft service packs and updates, and other software required by Cisco Unity. For a detailed list, refer to Components and Software Installed by the Cisco Unity Platform Configuration Discs and the Cisco Unity System Preparation Assistant at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/pcd/pcd_inst.htm.
Caution Do not run the Cisco Unity System Preparation Assistant remotely by using Windows Terminal Services or other remote-access applications, or the installation of required software may fail.
Note If a Microsoft AutoMenu window appears when the assistant is installing an application, close the window and allow the assistant to continue.
To Run the Cisco Unity System Preparation Assistant
Step 1 Log on to Windows by using an account that is a member of the Local Administrators group.
Step 2 On Cisco Unity Service Packs CD 1, or from the location to which you saved the downloaded Service Packs CD 1 image files, browse to the Cuspa directory, and double-click Cuspa.vbs.
If you are accessing the Cisco Unity System Preparation Assistant files on another server, use Windows Explorer or the "net" command to map the network drive to a drive letter on the Cisco Unity server before you run Cuspa.vbs.
Step 3 If prompted, double-click the language of your choice to continue the installation.
Step 4 On the Welcome screen, click Next.
Step 5 On the Cisco Unity Server Characteristics page, set the following fields:
Configuration
|
Click Unified Messaging or Voice Messaging Only, depending on the Cisco Unity configuration.
|
Failover
|
Check the This Is a Primary or Secondary Failover Server check box if the system is using failover.
|
Number of Ports
|
Enter the number of voice ports that you are connecting with the Cisco Unity server.
|
Step 6 Click Next. The assistant lists the components and indicates whether or not they are installed.
Step 7 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to customize the Cisco Unity platform.
Step 8 If MSDE Service Pack 4is being installed, skip to Step 9.
If SQL Server Service Pack 4 is being installed, install it now:
a. On the Welcome screen, click Next.
b. Follow the on-screen prompts until you are prompted to choose the authentication mode.
c. Choose Windows authentication, and click Next.
d. If the SA Password Warning dialog box appears, enter and confirm the password, and click Next.
e. On the Backward Compatibility Checklist page, do not check the Enable Cross-Database Ownership Chaining for All Databases [Not Recommended] check box.
f. Follow the on-screen prompts to continue.
g. If you are prompted about shutdown tasks before continuing with the installation, click Next.
h. Click Finish to begin installing components.
i. When the Setup message appears, click OK.
j. Click Finish to restart the server.
k. Skip to Step 10.
Step 9 If MSDE Service Pack 4 is being installed, install it now:
a. Follow the on-screen prompts.
b. When the installation is complete, click Yes to restart the server.
Step 10 Follow the on-screen prompts in the Cisco Unity System Preparation Assistant to install the additional software required by Cisco Unity.
Step 11 When the Cisco Unity System Preparation Assistant has completed, click Finish.
Installing Exchange 2000 Service Pack 3 and the Post-Service Pack 3 Rollup
Exchange 2000 Service Pack 3 and the Exchange 2000 Server Post-Service Pack 3 Rollup that is described in Microsoft Knowledge Base article 824282 resolve an intermittent problem with message notification.
Note If Service Pack 3 and the rollup are not installed, Exchange 2000 Server sends extra UDP packets to ports on the Cisco Unity server that are not listening for packets. Such activity is seen by intrusion-detection systems as port scans or attacks.
This section contains two procedures. Do both in the order listed on the following servers on which either Exchange 2000 or Exchange 2000 administration software is installed:
•The Cisco Unity server.
•The partner Exchange server.
•The Exchange 2000 servers on which Cisco Unity subscribers are homed.
To Install Exchange 2000 Service Pack 3
Step 1 On Cisco Unity Service Packs CD 2 or from the location to which you saved the downloaded Service Packs CD 2 image files, browse to the directory Exchange_2000_SP3\Setup\I386, and double-click Update.exe.
Step 2 Follow the on-screen prompts to complete the installation.
Step 3 Restart the server.
Step 4 If you have not already done so, repeat this procedure on the partner Exchange server and on every Exchange 2000 server on which Cisco Unity subscriber mailboxes are homed.
To Install the Exchange 2000 Post-Service Pack 3 Rollup
Step 1 From the location to which you extracted the latest Exchange 2000 updates recommended for use with Cisco Unity, browse to the directory Post-SP3 Rollup, and double-click Exchange2000-KB824282-x86-<language>.exe.
or
On the Cisco Unity Post-Install CD, browse to the directory Exchange_2000_Post_SP3_Rollup\Setup\I386, and double-click Update.exe.
Step 2 Follow the on-screen prompts to complete the installation.
Step 3 Restart the server.
Step 4 If you have not already done so, repeat this procedure on the partner Exchange server and on every Exchange 2000 server on which Cisco Unity subscriber mailboxes are homed.
Installing the Latest Microsoft Service Packs and Updates Recommended for Use with Cisco Unity
Some Microsoft updates can be installed only after a prerequisite service pack has been installed. Install all service packs, if any, before you install updates.
To Install the Latest Microsoft Service Packs Recommended for Use with Cisco Unity
Follow the instructions that you printed or downloaded from the Microsoft website when you downloaded the service packs.
To Install the Latest Microsoft Updates Recommended for Use with Cisco Unity
Step 1 Insert the Cisco Unity Post-Install disc in the CD-ROM drive.
Step 2 Browse to each of the applicable directories and install the correct language version of each update: English (ENU), French (FRA), German (DEU), or Japanese (JPN). (For example, if the French version of Windows 2000 Server is installed on the Cisco Unity server, install the French version of any Windows 2000 Server updates.)
To speed the installation, you may want to:
•Install each update at a command prompt by using the /z option, so you do not have to restart the computer after installing each update.
•Install each update at a command prompt by using the /m option, so the update installs without displaying any dialog boxes.
•Create a batch file that installs all of the updates at once.
Step 3 Restart the Cisco Unity server.
Extending the Active Directory Schema for Cisco Unity
Several changes to the Active Directory schema are required for Cisco Unity to work properly. To see the changes that the schema update program makes, browse to the directory Schema\LdifScripts on Cisco Unity CD 1, and view the file Avdirmonex2k.ldf.
Changes to the Active Directory schema may take 15 minutes or more to replicate throughout the forest. These changes must finish replicating before you can install Cisco Unity.
To Extend the Active Directory Schema
Step 1 Confirm that all domain controllers are on line. (The Active Directory schema extensions replicate only when all domain controllers are on line.)
Step 2 On the computer that has the schema master role (typically the first DC/GC in the forest), log on to Windows as a user who is a member of the Schema Admins group.
Step 3 On Cisco Unity DVD 1 or CD 1, or from the location to which you saved the downloaded Cisco Unity CD 1 image files, browse to the directory ADSchemaSetup, and double-click ADSchemaSetup.exe.
Step 4 In the Active Directory Schema Setup dialog box, check the Exchange 2000 or Exchange 2003 Directory Monitor check box.
Step 5 If you have ever used, are currently using, or plan to use VPIM Networking or Bridge Networking, check the applicable boxes.
Caution If the schema has ever been updated with Bridge Connector and/or VPIM Connector extensions (for Bridge Networking and VPIM Networking, respectively) from an earlier version of Cisco Unity, you must update those extensions and the Directory Monitor extensions even if you are no longer using the Bridge or VPIM.
Step 6 Click OK.
Step 7 When the schema extension has finished, Ldif.log and Ldif.err files are saved to the desktop. View the contents of these files to confirm that the extension completed successfully.
Determining Whether to Set Up Cisco Unity to Use SSL
Note If Cisco Unity is already using SSL, skip this section.
When subscribers log on to the Cisco Personal Communications Assistant (PCA), their credentials are sent across the network to Cisco Unity in clear text. The same is true in the following situations:
•When the Cisco Unity Administrator and the Status Monitor are configured to use the Anonymous authentication method.
•With the Mobile Message Access for BlackBerry feature, when data is sent between the Cisco Unity server and the BlackBerry server.
In addition, the information that subscribers enter on the pages of the Cisco PCA and of the Cisco Unity Administrator (regardless of which authentication method it uses) is not encrypted.
For increased security, we recommend that you set up Cisco Unity to use the Secure Sockets Layer (SSL) protocol. SSL uses public/private key encryption to provide a secure connection between servers and clients, and uses digital certificates to authenticate servers or servers and clients. (A digital certificate is a file that contains encrypted data that attests to the identity of an organization or entity, such as a computer.)
Using the SSL protocol ensures that all Cisco Unity subscriber credentials—as well as the information that a subscriber enters on any page of the Cisco Unity Administrator and the Cisco PCA—are encrypted as the data is sent across the network. In addition, when you set up Cisco Unity to use SSL, each time that a subscriber tries to access any Cisco Unity web application, the browser will confirm that it is connected with the real Cisco Unity server—and not an entity falsely posing as such—before allowing the subscriber to log on.
To set up a web server such as Cisco Unity to use SSL, you can either obtain a digital certificate from a certificate authority (CA) or use Microsoft Certificate Services available with Windows to issue your own certificate. (A CA is a trusted organization or entity that issues and manages certificates at the request of another organization or entity.) Cost, certificate features, ease of setup and maintenance, and the security policies practiced by the organization are some of the issues to consider when determining whether you should purchase a certificate from a CA or issue your own.
Information on third-party CAs, Microsoft Certificate Services, and SSL is widely available on the Internet, as well as in the Windows and IIS online documentation. Such sources can help you determine whether to use SSL and how to set up a web server to use it.
Installing the Microsoft Certificate Services Component
Note If you do not plan to set up Cisco Unity to use SSL or if you want to use a digital certificate from a Certificate Authority to set up Cisco Unity to use SSL, skip this section.
Do the procedure in this section if you plan to set up Cisco Unity to use SSL and you want to use the Microsoft Certificate Services available with Windows to issue your own certificate. You may install the component on the Cisco Unity server or on another server.
To Install the Microsoft Certificate Services Component
Step 1 On the server that will act as your certificate authority (CA) and issue certificates, on the Windows Start menu, click Settings > Control Panel > Add/Remove Programs.
Step 2 Click Add/Remove Windows Components.
Step 3 In the Windows Components dialog box, check the Certificate Services check box. Do not change any other items. When the warning appears about not being able to rename the computer, or to join or be removed from a domain, click Yes.
Step 4 Click Next.
Step 5 Click Stand-alone Root CA, and click Next. (A stand-alone CA is a CA that does not require Active Directory.)
Step 6 Follow the on-screen prompts to complete the installation. For information, refer to the Windows documentation.
If a message appears that Internet Information Services is running on the computer and must be stopped before proceeding, click OK to stop the services.
Step 7 In the Completing the Windows Components Wizard dialog box, click Finish.
Step 8 Close the Add Remove Programs dialog box and Control Panel.
Upgrading and Configuring Cisco Unity Software
To upgrade and configure Cisco Unity software from version 3.x to the shipping version, you use the Cisco Unity Installation and Configuration Assistant to run six programs in a specific order. The programs:
•Check the system and upgrade the software.
•Install the Cisco Unity licenses.
•Configure the services.
•Configure the message store.
•Upgrade the Cisco Unity integration with the phone system.
•Configure the Cisco Personal Communications Assistant to use SSL.
Do the procedures in the following six subsections in the order listed.
Starting the Cisco Unity Installation and Configuration Assistant and Upgrading Cisco Unity Software
From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Setup program first to upgrade Cisco Unity. The Setup program checks the system, then upgrades the Cisco Unity software.
Caution Do not install features for which the system is not licensed, or Cisco Unity will shut down.
Caution If the Cisco Unity server contains voice cards, confirm that you have removed the old version of the voice card software before you run the Cisco Unity Installation and Configuration Assistant. Otherwise, the new version of the voice card software cannot be installed.
To Start the Assistant and Upgrade Cisco Unity Software
Step 1 Log on to Windows by using the Cisco Unity installation account.
Caution If you have not already done so, disable virus-scanning and Cisco Security Agent services on the server, if applicable. Otherwise, the installation may fail.
Step 2 On Cisco Unity DVD 1 or CD 1, or from the location to which you saved the downloaded Cisco Unity CD 1 image files, browse to the root directory and double-click Setup.exe.
Step 3 If prompted, double-click the language of your choice to continue the installation.
Step 4 On the Cisco Unity Installation and Configuration Assistant Welcome screen, click Continue.
Step 5 In the main window of the assistant, click Run the Cisco Unity Setup Program.
If the Pre-Installation Requirements screen appears instead, saying that you need to run the Permissions wizard, close the Cisco Unity Installation and Configuration Assistant and refer to the "Setting Rights and Permissions with the Cisco Unity Permissions Wizard" section in the "Creating Accounts for the Installation and Setting Rights and Permissions" chapter of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.) After the wizard is run, log on to Windows by using the Cisco Unity installation account, and return to Step 2.
Step 6 If prompted, double-click the language of your choice to continue the installation.
Step 7 On the Welcome screen, click Next.
Step 8 If a message to stop services appears, click OK.
Step 9 If you already checked the consistency of the Cisco Unity database by using DbWalker, as recommended in the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section, click Skip DbWalker, click OK, and skip to Step 10.
If you have not checked the consistency of the Cisco Unity database recently, we recommend that you do so now. On a system with a few hundred subscribers, running DbWalker takes only a few minutes. However, on a large system, running DbWalker may take several hours. The duration depends on the speed of the processor, the amount of RAM in the server, the number of calls that Cisco Unity is taking, and other variables. Click Run DbWalker from the Installation Media, click Continue, and follow the on-screen prompts.
Step 10 If you have already backed up Cisco Unity data by using the Disaster Recovery Backup tool, as recommended in the "Checking the Consistency of the Cisco Unity Database, and Backing Up Cisco Unity Data" section, click Skip DiRT, click OK, and skip to Step 11.
If you have not backed up Cisco Unity data recently, we recommend that you do so now. Running the Disaster Recovery Backup tool takes only a few minutes, and having a DiRT backup allows you to restore Cisco Unity data easily, if necessary. Click Run DiRT from the Installation Media, click Continue, and follow the on-screen prompts.
Step 11 Click Next or Continue without changing values until the Select Features dialog box appears.
Step 12 In the Select Features dialog box:
a. Check the Upgrade Cisco Unity check box.
b. If the Cisco Unity license includes text to speech, check the Enable TTS check box.
If not, uncheck the Enable TTS check box.
c. If the Cisco Unity server or an attached expansion chassis contains voice cards, check the Install Voice Card Software check box.
If not, uncheck the Install Voice Card Software check box.
Step 13 Click Next or Continue without changing values until you are prompted to restart the Cisco Unity server.
Caution Do not cancel Cisco Unity Setup, or you may have to uninstall and reinstall Cisco Unity. In some cases, nothing may appear to be happening for long periods. To confirm that Cisco Unity Setup is still working, right-click the Windows taskbar and click
Task Manager, click the
Processes tab, click
Image Name to sort by process name, and find
Setup.exe. It should be using more than 0% of the CPU.
Step 14 The remainder of the procedure depends on whether the server contains Intel Dialogic D/120JCT-Euro or D/240PCI-T1 voice cards:
If the server does not contain
Intel Dialogic D/120JCT-EURO
or D/240PCI-T1 voice cards
|
Check the Yes, I Want to Restart My Computer Now check box, and click Finish. Cisco Unity software is now upgraded.
|
If the server contains
Intel Dialogic D/120JCT-EURO
or D/240PCI-T1 voice cards
|
a. Uncheck the Yes, I Want to Restart My Computer Now check box, and click Finish.
Caution If the Cisco Unity server contains Intel Dialogic D/120JCT-EURO or D/240PCI-T1 voice cards, do not restart the server now or you will not be able to access the Cisco Unity Administrator after Cisco Unity is installed.
b. Do the procedure under "Software Settings" for your voice card in the "Voice Cards and PIMG Units" appendix of the applicable Cisco Unity installation guide for your configuration. (Installation guides are available at http://www.cisco.com/en/US/partner/products/sw/voicesw/ps2237/prod_installation_guides_list.html.)
c. Restart the Cisco Unity server.
The Cisco Unity License Installation screen appears in the main window.
|
Installing License Files
From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Install License File wizard second to install the Cisco Unity license files.
If you are installing license files for a Cisco Unity system without failover or on the primary server for a Cisco Unity system with failover configured, do the first procedure, "To Install the License Files."
If you are upgrading the secondary Cisco Unity server now, do the second procedure, "To Install the Default License File on the Secondary Cisco Unity Server."
To Install the License Files
Step 1 Log on to Windows by using the Cisco Unity installation account.
Step 2 In the main window of the assistant, click Run the Cisco Unity Install License File Wizard.
Step 3 On the Welcome screen, click Next.
Step 4 Click Add.
Step 5 Insert the Cisco Unity license file disk, if applicable.
(When Cisco Unity was registered on Cisco.com, Cisco replied with an e-mail containing attached file(s) with license(s) for Cisco Unity features. The instructions in the e-mail directed that the attached files be saved. For more information, see the "Converting from the System Key to License Files" section.)
Step 6 Browse to drive A or to the location where the license file(s) have been stored.
Step 7 Double-click the license file to add it to the License Files list.
If prompted, click Yes to copy the license file to the local system.
Step 8 If you are adding more than one license file, click Add, and repeat Step 6 and Step 7 for each license file.
Step 9 Click Next.
Step 10 In the Licenses list, confirm that the license information is correct.
Step 11 Click Next.
Step 12 Click Finish.
Step 13 If a dialog box appears and reports that there is a licensing violation, click Yes to display the Unity Licensing MMC. In the left pane, click Alerts to see a list of any problems, and double-click each alert to display a detailed problem description and troubleshooting tip.
The most common violation is actually an upgrade problem related to the Cisco Unity Inbox (known in Cisco Unity 3.x as the Visual Messaging Interface, or VMI). Systems that were upgraded from Cisco Unity 3.x to 4.x automatically have the Cisco Unity Inbox (Visual Messaging Interface) check box checked for all classes of service even if the customer never purchased licenses for it. Cisco Unity requires that there be enough Cisco Unity Inbox licenses for all Cisco Unity subscribers, and if the number of licenses is 0, the system is violating the license. If this problem occurs, in the Cisco Unity Administrator, go to the Subscribers > Class of Service > Licensed Features page, and uncheck the Cisco Unity Inbox (Visual Messaging Interface) check box for all classes of service.
Another possible problem is with the number of available licenses. Licensing for the Cisco Unity 3.x VMI was per session, while licensing for the Cisco Unity Inbox is per subscriber. If a customer has 100 VMI licenses and 500 subscribers on the 3.x system and upgrades to 4.x, there will not be enough Cisco Unity Inbox licenses for all subscribers after the upgrade. If this problem occurs, in the Cisco Unity Administrator, go to the Subscribers > Class of Service > Licensed Features page, and uncheck the Cisco Unity Inbox (Visual Messaging Interface) check box for classes of service until the number of subscribers with Cisco Unity Inbox access no longer exceeds the number of available Cisco Unity Inbox licenses.
For help with licensing problems, contact licensing@cisco.com. For help with other problems, contact Cisco TAC.
Caution If you do not resolve licensing violations, Cisco Unity will stop working after four hours.
Do the following procedure if you are upgrading the secondary server now for a Cisco Unity system with failover configured. Otherwise, do the first procedure, "To Install the License Files."
To Install the Default License File on the Secondary Cisco Unity Server
Step 1 Log on to Windows by using the Cisco Unity installation account.
Step 2 In the main window of the assistant, click Run the Cisco Unity Install License File Wizard.
Step 3 On the Welcome screen, click Next.
Step 4 When the message appears, saying that you do not have to run the wizard on a secondary server, click Next.
Step 5 Click Add.
Step 6 Install the default license file:
a. Browse to the CommServer\Licenses directory.
b. Double-click CiscoUnity40.lic.
Step 7 Click Next.
Step 8 In the Licenses list, confirm that the license information is correct.
Step 9 Click Next.
Step 10 Click Finish.
The Configure the Cisco Unity Services screen appears in the main window of the assistant.
Configuring Services
From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Services Configuration wizard third to associate the directory, message store, and local services with accounts you specify.
To Configure Services
Step 1 In the main window of the assistant, click Run the Cisco Unity Services Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)
Step 2 On the Welcome screen, click Next.
Step 3 Select the message store type, and click Next.
Step 4 Follow the on-screen prompts to complete the services configuration.
The Configure the Cisco Unity Message Store screen appears in the main window of the assistant.
Configuring the Message Store
From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Message Store Configuration wizard fourth to configure the message store.
To Configure the Message Store
Step 1 In the main window of the assistant, click Run the Cisco Unity Message Store Configuration Wizard. (Note that you should be logged on to Windows with the Cisco Unity installation account.)
Step 2 Confirm that the message store server is running. If the message store server is not running, configuring the message store will fail.
Step 3 On the Welcome screen, click Next.
Step 4 Follow the on-screen prompts.
Step 5 When message store configuration is complete, click Finish.
The Integrate the Phone System with Cisco Unity screen appears in the main window of the assistant.
Converting the Integration with the Phone System to a Cisco Unity Version 4.x Integration
From the Cisco Unity Installation and Configuration Assistant, you run the Cisco Unity Telephony Integration Manager (UTIM) fifth to convert the existing integration between Cisco Unity and the phone system to a Cisco Unity version 4.x integration.
To Convert the Integration with the Phone System to a Cisco Unity Version 4.x Integration
Step 1 In the main window of the assistant, click Run the Cisco Unity Telephony Integration Manager. (Note that you should be logged on to Windows with the Cisco Unity installation account.)
When the conversion is complete, a message appears explaining that the integration has been converted.
Step 2 Click Yes to restart Cisco Unity services.
The Set Up the Cisco Personal Communications Assistant to Use SSL screen appears in the main window.
Setting Up the Cisco Personal Communications Assistant to Use SSL
From the Cisco Unity Installation and Configuration Assistant, you can set up the Cisco PCA to use SSL. Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco PCA—are encrypted as the data is sent across the network.
After the Cisco Unity Installation and Configuration Assistant is finished and the Cisco PCA is set up to use SSL, you manually set up the Cisco Unity Administrator and Status Monitor to use SSL. The Cisco Unity Reconfiguration and Upgrade Guide alerts you when to do the procedure.
If you do not want to set up the Cisco PCA to use SSL, see the "Skipping Cisco PCA Setup for SSL" section.
To set up the Cisco PCA to use SSL, do the procedures in the applicable section, depending on whether you are using a certificate authority:
•Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority
•Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority
If the Cisco Unity server is running Windows Server 2003, you can set up the Cisco Personal Communications Assistant to use SSL now. However, the option to do so by creating a local certificate without a certificate authority has not been automated for Windows Server 2003. If you want to set up the Cisco PCA to use SSL by using this method, you must do so manually. Refer to the "Using SSL to Secure Client/Server Connections" chapter of the Cisco Unity Security Guide at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/usg/ex/index.htm.
Skipping Cisco PCA Setup for SSL
Do the procedure in this section if you do not want to set up the Cisco PCA to use SSL. (Note that without SSL when subscribers log on to the Cisco PCA, their credentials will be sent across the network to Cisco Unity in clear text. In addition, the information that subscribers enter on the pages of the Cisco PCA will not be encrypted.)
To Skip Cisco PCA Setup for SSL
Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, Click Do Not Set Up Cisco Personal Communications Assistant to Use SSL.
Step 2 Click Continue.
Step 3 Click Close to exit the Cisco Unity Installation and Configuration Assistant.
Setting Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority
To Set Up the Cisco PCA to Use SSL by Creating a Local Certificate Without a Certificate Authority
Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, click Create a Local Certificate Without a Certificate Authority.
Step 2 Click Internet Services Manager.
Step 3 Expand the name of the Cisco Unity server.
Step 4 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.
If not, skip to Step 5.
Step 5 Right-click Default Web Site, and click Properties.
Step 6 In the Default Web Site Properties dialog box, click the Directory Security tab.
Step 7 Under Secure Communications, click Server Certificate.
Step 8 On the Web Server Certificate wizard Welcome page, click Next.
Step 9 Click Create a New Certificate, and click Next.
Step 10 Click Prepare the Request Now, But Send It Later, and click Next.
Step 11 Enter a name and a bit length for the certificate.
We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.
Step 12 Click Next.
Step 13 Enter the organization information, and click Next.
Step 14 For the common name of the site, enter either the system name of the Cisco Unity server or the fully qualified domain name.
Caution The name must exactly match the host portion of any URL that will access the system by using a secure connection.
Step 15 Click Next.
Step 16 Enter the geographical information, and click Next.
Step 17 Specify the certificate request file name and location, and write down the file name and location because you will need the information later in this procedure.
Step 18 Click Next.
Step 19 Verify the request file information, and click Next.
Step 20 Click Finish to exit the Web Server Certificate wizard.
Step 21 Click OK to Close the Default Web Site Properties dialog box.
Step 22 Close the Internet Services Manager window.
Step 23 In the Cisco Unity Installation and Configuration Assistant, in the Enter Certificate Request File box, enter the full path and file name of the certificate request file that you specified in Step 17.
Step 24 Click Create Certificate.
Step 25 Click Internet Services Manager.
Step 26 Expand the name of the Cisco Unity server.
Step 27 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.
If not, skip to Step 28.
Step 28 Right-click Default Web Site, and click Properties.
Step 29 In the Default Web Site Properties dialog box, click the Directory Security tab.
Step 30 Under Secure Communications, click Server Certificate.
Step 31 On the Web Server Certificate wizard Welcome page, click Next.
Step 32 Click Process the Pending Request and Install the Certificate.
Step 33 Click OK.
Step 34 In the Process a Pending Request dialog box, click OK to accept the default path and file name of the pending certificate request.
Step 35 In the Certificate Summary dialog box, click Next.
Step 36 Click Finish to exit the Web Server Certificate wizard.
Step 37 Click OK to Close the Default Web Site Properties dialog box.
Step 38 Close the Internet Services Manager window.
Step 39 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.
Step 40 Click Internet Services Manager.
Step 41 Right-click the name of the Cisco Unity server, and click Restart IIS.
Step 42 In the Stop/Start/Restart dialog box, click Restart Internet Services on <Servername>.
Step 43 Click OK.
Step 44 Close the Internet Services Manager window.
Step 45 In the Cisco Unity Installation and Configuration Assistant, click Continue.
Step 46 Click Close to exit the Cisco Unity Installation and Configuration Assistant.
Setting Up the Cisco PCA to Use SSL by Using a Certificate Authority
This section contains four procedures.
If you are using Microsoft Certificate Services to issue your own certificate, do all four procedures in the order listed.
If you are using a certificate purchased from a Certificate Authority (for example, VeriSign), do only the fourth procedure, "To Install the Certificate."
To Create a Certificate Request by Using Microsoft Certificate Services
Step 1 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, click Use a Certificate Authority.
Step 2 Click Internet Services Manager.
Step 3 Expand the name of the Cisco Unity server.
Step 4 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.
If not, skip to Step 5.
Step 5 Right-click Default Web Site, and click Properties.
Step 6 In the Default Web Site Properties dialog box, click the Directory Security tab.
Step 7 Under Secure Communications, click Server Certificate.
Step 8 On the Web Server Certificate wizard Welcome page, click Next.
Step 9 Click Create a New Certificate, and click Next.
Step 10 Click Prepare the Request Now, But Send It Later, and click Next.
Step 11 Enter a name and a bit length for the certificate.
We strongly recommend that you choose a bit length of 512. Greater bit lengths may decrease performance.
Step 12 Click Next.
Step 13 Enter the organization information, and click Next.
Step 14 For the common name of the site, enter either the system name of the Cisco Unity server or the fully qualified domain name.
Caution The name must exactly match the host portion of any URL that will access the system by using a secure connection.
Step 15 Click Next.
Step 16 Enter the geographical information, and click Next.
Step 17 Specify the certificate request file name and location, and write down the file name and location because you will need the information in the next procedure.
Save the file to a disk or to a directory that the certificate authority (CA) server can access.
Step 18 Click Next.
Step 19 Verify the request file information, and click Next.
Step 20 Click Finish to exit the Web Server Certificate wizard.
Step 21 Click OK to Close the Default Web Site Properties dialog box.
Step 22 Close the Internet Services Manager window.
Step 23 Click Close to exit the Cisco Unity Installation and Configuration Assistant.
To Submit the Certificate Request by Using Microsoft Certificate Services
Step 1 On the server that is acting as the CA, on the Windows Start menu, click Run.
Step 2 Run Certreq.
Step 3 Browse to the directory where you saved the certificate request file, and double-click the file.
Step 4 Click the CA to use, and click OK.
Once the CA submits the certificate request, it assigns a pending status by default for added security. This requires a person to verify the authenticity of the request and to manually issue the certificate.
To Issue the Certificate by Using Microsoft Certificate Services
Step 1 On the server that is acting as the CA, on the Windows Start menu, click Programs > Administrative Tools > Certification Authority.
Step 2 In the left pane of the Certification Authority window, expand Certification Authority.
Step 3 Expand <Certification Authority name>.
Step 4 Click Pending Requests.
Step 5 In the right pane, right-click the request, and click All Tasks > Issue.
Step 6 In the left pane, click Issued Certificates.
Step 7 In the right pane, double-click the certificate to open it.
Step 8 Click the Details tab.
Step 9 In the Show list, choose <All>, and click Copy to File.
Step 10 On the Certificate Export wizard Welcome page, click Next.
Step 11 Accept the default export file format DER encoded binary X.509 (.CER), and click Next.
Step 12 Specify a file name and a location that the Cisco Unity server can access, and click Next.
Step 13 Verify the settings, and click Finish.
Step 14 Click OK to close the Certificate Details dialog box.
Step 15 Close the Certification Authority window.
To Install the Certificate
Step 1 On the Cisco Unity server, double-click the CUICA icon on the desktop.
Step 2 In the Cisco Unity Installation and Configuration Assistant, click Use a Certificate Authority.
Step 3 On the Set Up the Cisco Personal Communications Assistant to Use SSL page, at Step 3, click Internet Services Manager.
Step 4 Expand the name of the Cisco Unity server.
Step 5 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.
If not, skip to Step 6.
Step 6 Right-click Default Web Site, and click Properties.
Step 7 In the Default Web Site Properties dialog box, click the Directory Security tab.
Step 8 Under Secure Communications, click Server Certificate.
Step 9 On the Web Server Certificate wizard Welcome page, click Next.
Step 10 Click Process the Pending Request and Install the Certificate, and click Next.
Step 11 Browse to the directory of the certificate (.cer) file, and double-click the file.
Step 12 Verify the certificate information, and click Next.
Step 13 Click Finish to exit the Web Server Certificate wizard.
Step 14 Click OK to close the Default Web Site Properties dialog box.
Step 15 Close the Internet Services Manager window.
Step 16 In the Cisco Unity Installation and Configuration Assistant, click Enable Cisco PCA to Use SSL.
Step 17 Restart IIS:
a. Click Internet Services Manager.
b. Right-click the name of the Cisco Unity server, and click Restart IIS.
c. In the Stop/Start/Restart dialog box, click Restart Internet Services on <Servername>.
d. Click OK.
e. Close the Internet Services Manager window.
Step 18 Click Close to exit the Cisco Unity Installation and Configuration Assistant.
Re-enabling Virus-Scanning and Cisco Security Agent Services
Note If the system is not using virus-scanning software or Cisco Security Agent for Cisco Unity, skip this section.
You re-enable virus-scanning and Cisco Security Agent services now that all of the software installations that could have been affected if the services were running are complete.
To Re-enable and Start Virus-Scanning and Cisco Security Agent Services
Step 1 Refer to the virus-scanning software documentation to determine the names of the virus-scanning services.
Step 2 On the Windows Start menu, click Programs > Administrative Tools > Services.
Step 3 Re-enable and start each virus-scanning service and the Cisco Security Agent service:
a. In the right pane, double-click the service.
b. On the General tab, in the Startup Type list, click Automatic to re-enable the service.
c. Click Start to start the service.
d. Click OK to close the Properties dialog box.
Step 4 When the services have been re-enabled, close the Services MMC.
Setting Up the Cisco Unity Administrator and Status Monitor to Use SSL
Note If you are not setting up Cisco Unity to use SSL, skip this section.
Using the SSL protocol ensures that all subscriber credentials—as well as the information that a subscriber enters on any page in the Cisco Unity Administrator—are encrypted as the data is sent across the network.
To Set Up the Cisco Unity Administrator and Status Monitor to Use SSL
Step 1 On the Cisco Unity server, on the Windows Start menu, click Programs > Administrative Tools > Internet Services Manager.
Step 2 Expand the name of the Cisco Unity server.
Step 3 If the Cisco Unity server is running Windows Server 2003, expand Web Sites.
If not, skip to Step 4.
Step 4 Expand Default Web Site.
Step 5 Under Default Web Site, right-click Web, and click Properties.
Step 6 In the Properties dialog box, set the Web directory to use SSL:
a. Click the Directory Security tab.
b. Under Secure Communications, click Edit.
c. Check the Require Secure Channel (SSL) check box.
d. Click OK to close the Secure Communications dialog box.
e. Click OK to close the Properties dialog box.
Step 7 Under Default Web Site, right-click SAWeb, and click Properties.
Step 8 Repeat Step 6 to set the SAWeb directory to use SSL.
Step 9 Under Default Web Site, right-click Status, and click Properties.
Step 10 Repeat Step 6 to set the Status directory to use SSL.
Step 11 Under Default Web Site, double-click AvXml.
Step 12 In the right pane, right-click AvXml.dll, and click Properties.
Step 13 In the Properties dialog box, click the File Security tab.
Step 14 Under Secure Communications, click Edit.
Step 15 Check the Require Secure Channel (SSL) check box.
Step 16 Click OK to close the Secure Communications dialog box.
Step 17 Click OK to close the AvXml.dll Properties dialog box.
Step 18 Close the Internet Services Manager window.
Configuring Internet Explorer to Display the Cisco Unity Administrator When You Use the Cisco Unity Administration Account (Windows Server 2003 Only)
This section applies only when Windows Server 2003 is installed on the Cisco Unity server.
If you created a Cisco Unity administration account as recommended by the Cisco Unity installation guide, and if you log on to Windows using that account, the changes that Windows Server 2003 Service Pack 1 makes to default Internet Explorer security settings cause the Cisco Unity Administrator to display a blank page. Do the following procedure to configure Internet Explorer to display the Cisco Unity Administrator when you log on to Windows using the administration account.
To Configure Internet Explorer to Display the Cisco Unity Administrator
Step 1 Log on to the Cisco Unity server using the Cisco Unity administration account.
Step 2 Right click the Cisco Unity icon in the system tray, and click Launch System Admin.
Step 3 If you are prompted to provide a user name and password, click Cancel.
Step 4 On the Internet Explorer Tools menu, click Internet Options.
Step 5 Click the Security tab.
Step 6 Under Select a Web Content Zone to Specify Its Security Settings, click the Trusted Sites icon.
Step 7 Click Sites.
Step 8 In the Trusted Sites dialog box, in the Add This Website to the Zone field, enter the applicable value depending on whether the Cisco Unity Administrator is set up to use SSL:
If the Cisco Unity Administrator is set up to use SSL
|
Enter https:\\<CiscoUnityServerName>
|
If the Cisco Unity Administrator is not set up to use SSL
|
Enter http:\\<CiscoUnityServerName>
|
Step 9 If the Cisco Unity Administrator is set up to use SSL, check the Require Server Verification (https:) for All Sites in This Zone check box. If not, uncheck the check box.
Step 10 Click Add.
Step 11 Click Close to close the Trusted Sites dialog box.
Step 12 On the Security tab, click Custom Level.
Step 13 In the Security Settings dialog box, change the value of the Reset To list to Low.
Step 14 Click Reset, and click Yes to confirm that you want to change the security settings for this zone.
Step 15 Click OK to close the Security Settings dialog box.
Step 16 If the Security Settings dialog box does not close:
a. Close the dialog box by clicking the X in the upper-right corner.
b. In the "not responding" message box, click End Now. (The "not responding" message box may take a few seconds to appear.)
Step 17 Restart the Cisco Unity Administrator.
Securing the Example Administrator and Example Subscriber Accounts Against Toll Fraud
It is possible for a malicious user to dial into Cisco Unity, log on as the Example Administrator or Example Subscriber by using the default extension and password, and configure Cisco Unity to forward calls to phone numbers for which there are charges or to reconfigure greetings so an operator believes the messaging system is personally accepting collect-call charges. To help secure Cisco Unity against toll fraud, we strongly recommend that you change the phone password for both accounts after Cisco Unity is installed.
Although the Example Subscriber account is no longer created during Cisco Unity installation in versions 4.0(3) and later, you may still have an Example Subscriber account from an earlier version, as the account is not removed during the upgrade process.
(For information on the accounts, refer to the "Default Accounts" section in the "Default Accounts and Message Handling" chapter of the Cisco Unity System Administration Guide, Release 4.0(5) at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/sag/sag405/ex/index.htm.)
To Change the Password on the Example Administrator and Example Subscriber Accounts
Step 1 In the Cisco Unity Administrator, go to any Subscribers > Subscribers page.
Step 2 Click the Find icon.
Step 3 On the Find and Select Subscriber page, click Find.
Step 4 Click Example Administrator.
Step 5 In the left pane, click Phone Password.
Step 6 In the right pane, check the User Cannot Change Password check box.
Step 7 Check the Password Never Expires check box.
Step 8 Under Reset Phone Password, enter and confirm a new password by using digits 0 through 9.
We recommend that you enter a long and nontrivial password; 20 digits or more is desirable. (The minimum length of the password is set on the Subscribers > Account Policy > Phone Password Restrictions page.) In a nontrivial password:
•The digits are not all the same (for example, 9999).
•The digits are not consecutive (for example, 1234).
•The password is not the same as the extension assigned to the example account.
•The password does not spell the name of the example account, the name of the company, the name of the IT manager, or any other obvious words.
Step 9 Click the Save icon.
Hardening the Cisco Unity Server
Note If the Cisco Unity server is not connected to the corporate network, skip this section.
We strongly recommend that you secure Cisco Unity and the Cisco Unity server. Refer to the Cisco Unity Security Guide at http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/unity40/usg/ex/index.htm.
Feedback