Avaya Support Forums  

Go Back   Avaya Support Forums > Contact Center Applications

Thread Tools Search this Thread Display Modes
Old 12-06-2014, 03:39 AM
stphnwd's Avatar
stphnwd stphnwd is offline
Join Date: Jan 2011
Location: USA
Posts: 52
stphnwd has 10 reputation points

This thread has good solutions and items to look at on your server. There have been to major items that I've seen:

Machine Keys
Security Policies

One of these items is probably the culprit.

The short answer is that there is a configuration on the server which is preventing you from logging in. If you have the security policy setting "run all administrators in admin approval mode" and you have an issue logging into CCMA then most likely there is a domain policy setting which has changed from default; iceAdmin is common one that gets removed from the policies. It is really hard to say which one will effect your installation. The best way is to compare policies from an installation of AACC where no policies are being set. I would ask the customer to remove the policies from the server so you can then test the CCMA login. If it works then you can examine the policies closer to see which one is restricing the login.

You can view the policies set by the domain by running gpresult -h <filename>.html

I have done enough installations of AACC that I am confident the installation of AACC is solid. An issue like your're indicating is server configuration related and not something with the installation itself. (assuming your're using the same password as entered into the installer.)

Just an example:
Below is a defualt setup of the User Rights Assignments. You can see where iceAdmin is called specifically. A lot of times iceAdmin is removed from the policy and replaced by the group Administrators which is OK since iceAdmin is an administrator. There are times where a customer will change a policy that doesn't include iceAdmin and this will cause issues with CCMA.

Policy Security Setting
Access Credential Manager as a trusted caller
Access this computer from the network Everyone,Administrators,Users,Backup Operators
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process LOCAL SERVICE,NETWORK SERVICE,Administrators,Classic .NET AppPool,DefaultAppPool
Allow log on locally Administrators,Users,Backup Operators
Allow log on through Remote Desktop Services Administrators,Remote Desktop Users
Back up files and directories Administrators,Backup Operators
Bypass traverse checking Everyone,LOCAL SERVICE,NETWORK SERVICE,Administrators,Users,Backup Operators
Change the system time LOCAL SERVICE,Administrators
Change the time zone LOCAL SERVICE,Administrators
Create a pagefile Administrators
Create a token object
Create global objects LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE
Create permanent shared objects
Create symbolic links Administrators
Debug programs Administrators
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system Administrators
Generate security audits LOCAL SERVICE,NETWORK SERVICE,Classic .NET AppPool,DefaultAppPool
Impersonate a client after authentication LOCAL SERVICE,NETWORK SERVICE,Administrators,IIS_IUSRS,SERVICE
Increase a process working set Users
Increase scheduling priority Administrators
Load and unload device drivers Administrators
Lock pages in memory
Log on as a batch job iceAdmin,Administrators,Backup Operators,Performance Log Users,IIS_IUSRS
Log on as a service IUSR,iceAdmin,NT SERVICE\ALL SERVICES,DefaultAppPool
Manage auditing and security log Administrators
Modify an object label
Modify firmware environment values Administrators
Perform volume maintenance tasks Administrators
Profile single process Administrators
Profile system performance Administrators,NT SERVICE\WdiServiceHost
Remove computer from docking station Administrators
Replace a process level token LOCAL SERVICE,NETWORK SERVICE,Classic .NET AppPool,DefaultAppPool
Restore files and directories Administrators,Backup Operators
Shut down the system Administrators,Backup Operators
Synchronize directory service data
Take ownership of files or other objects Administrators
Reply With Quote
Old 12-09-2014, 02:57 AM
frade2 frade2 is offline
Join Date: Jan 2014
Posts: 38
frade2 has 11 reputation points
Default the problem still there..

Thank you stphnwd, for your response..

Taking your advises into account, i have been collecting my policies.

Comparing the default policies you posted and mine, all are the same but "Log on as a service", because IUSR was not in the group. I added but problem still exist when i try to log on to CCMA.

I have run the gpresult command. I attached the result: Do you see something wrong? THANKS A LOT!
Attached Files
File Type: txt a.txt (365.7 KB, 9 views)
Reply With Quote
Old 12-16-2014, 02:18 AM
frade2 frade2 is offline
Join Date: Jan 2014
Posts: 38
frade2 has 11 reputation points

just for help. I try install AACC6.4 in workgroup, changing the policies related on passwords and the installations finish OK with no errors.

Maybe later i can add the server to domain, but not necesary in my case because was just for lab enviroment.

Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -7. The time now is 07:38 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.