Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya Messaging/IX Messaging web access denied

Status
Not open for further replies.

avayaguy23

Systems Engineer
May 30, 2018
489
US
I am wondering if anyone has encountered an error when logging into the UC web access of IX messaging? The specific error I am seeing is "access denied" when using either Windows SSO or UC login. I can see in the logs I am properly authenticating against both UC and SSO but I am getting "access denied." I have no problems logging into web admin. The voicemail account has the proper permissions with web access (Web client User) enabled. The desktop capabilities is set to "messaging." I am not sure if the desktop capabilities is the issue as it won't let me select Advanced or Collaboration. I am running the latest 10.8 SP1 SU2.
 
Here is some helpful information for anyone that needs to setup IX messaging.
The following are REQUIRED for installation to be successful.
Before the installation perform the following:
1. Disable the windows firewall for domain, private, and public. This may need to be set by group policy. I had issues with the installation even though the windows firewall showed disabled. I recommend running the following commands in powershell: Get-NetFirewallProfile | select name enabledGet-NetFirewallProfile | select name enabled
Domain, Private, and Public should be blank.
Execute the following command: Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled false

2. Disable UAC. Again this may need to be set by group policy
Disable the following: User Account Control: Run all administrators in Admin Approval Mode
Set UAC to never notify

3. You can enable UAC and windows firewall after the installation

4. Check to see if FIPS is enforced by group policy. FIPS is required to be disabled permanently! Below is how you can find out if it is enabled or not.
Local Security Policy - Security Settings - Local Policies - Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing in the computers local Security Policies.
Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ in registry and check the value in “Enabled”.


 
avayaguy23 - Did you ever figure out what was the issue with the Web Access being denied? I checked the 3 things listed. Firewall is disabled, UAC is disabled and FIPS Enabled is set to 0. Didn't know if you ever got into the web access tab after that.
 
The access denied issue was related to FIPS. It is enabled by default via Group policy in my environment. I was able to login after it was disabled.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top