Backup and Restoration of Mailboxes

This topic lists some instances that require restoration of an individual mailbox or a server.

When restoring an individual Exchange mailbox, do the following:

  • Disable the unified message account (service capability) of the user until the email mailbox is fully restored.

In the event of a complete loss of an Exchange Server, do the following:

  • Stop all Unified Messaging services by disabling the service.
  • Once the Exchange Servers and mailboxes have been restored, enable the Cisco Unity Connection Unified Messaging service again.

During a restoration process on the Exchange infrastructure, disable the Unified Messaging account for a certain user or disable the Unified Messaging service itself if a complete Exchange Server is down.

After restoring the Exchange Server or a mailbox, enable the Cisco Unity Connection Unified Messaging service again for all or for a single user.

For more information, see Restoring Microsoft Exchange Mailboxes in Cisco Unity Connection 10.x When with Single Inbox at

Exchange Mailbox Moves

This topic describes what happens if the Exchange administrator moves a mailbox in the Exchange environment.

Allowing Cisco Unity Connection to search for Exchange servers:

  • Automatically detects mailbox moves
  • Automatically updates Cisco Unity Connection user settings

Choosing a specific Exchange server:

  • Cisco Unity Connection can sometimes detect a mailbox move.
  • When Cisco Unity Connection cannot detect a mailbox move, user settings (Unified Messaging server) must be updated manually.

The option to specify an Exchange Server or allow Cisco Unity Connection to search for an Exchange Server depends on whether Cisco Unity Connection supports the detection of moved mailboxes.


If you want to support Exchange 2003, 2007, 2010, or 2013 mailboxes, you may have to create multiple Unified Messaging services to support the various versions at the same time.

Exchange administrators often move mailboxes, especially when migrating to a new software version. If Cisco Unity Connection is set up to search for the Exchange Servers automatically, it will automatically detect mailbox moves.

However, if you specify an Exchange Server, the move may not be detected. The Cisco Unity Connection administrator may have to manually update the user mailbox settings for the Unified Messaging servers.

Task List to Set Up Unified Messaging Single Inbox

This topic describes how to configure Unified Messaging in Cisco Unity Connection and gives an overview of the configuration requirements in Exchange.

The following is a configuration check list for implementing single inbox:

  • Add a Smart Host and change the SMTP proxy address if it is not set correctly.
  • If LDAP synchronization is used, make sure that the mail ID is synchronized. Otherwise use either of the following:
    1. The Corporate Email Address field in the User Basics page
    2. The email address in the Unified Messaging account
  • Modify and assign class of service to allow single inbox access.
  • Define communication with a specific Exchange server or let Cisco Unity Connection search for servers (requires DNS).
    1. Choose the authentication method and web-based protocol
  • Create an Active Directory account for Unified Messaging services and assign access rights to the account.
  • Configure, assign, and test Unified Messaging services to the users.
  • Upload SSL certificates for encryption, if required.

Besides checking that you have the correct software version in place for Unified Messaging, follow these steps to set up single inbox:

  • Add a Smart Host and modify the SMTP domain.
  • When integrating with LDAP, make sure that the Cisco Unified Communications Manager Mail ID field is synchronized with the LDAP mail field. During the integration process, this synchronization causes values in the LDAP mail field to appear in the Corporate Email Address field in Cisco Unity Connection. Unified Messaging requires that you enter the Exchange email address for each Unity Connection user. Use the Unified Messaging Account page to configure each user to use either of the following values:
    1. The Corporate Email Address that is specified on the User Basics page
    2. The email address that is specified on the Unified Messaging Account page
  • Update class of service settings as required and enable single inbox.
  • Decide if you want Cisco Unity Connection to communicate with a specific Exchange 2013, Exchange 2010, or Exchange 2007 client access server or Exchange 2003 server, or if you want Unity Connection to be able to search for and communicate with different Exchange Servers as required. Unity Connection determines whether to use the HTTP or HTTPS protocol and whether to validate certificates based on settings in the applicable Unified Messaging service.
  • Confirm that all of the Exchange Servers that Unity Connection will access are configured to use the desired authentication mode (basic, digest, or Microsoft NTLM) and web-based protocol (HTTPS or HTTP). If you want to configure SSL to encrypt the communication between Unity Connection and Exchange, configure Exchange to use HTTPS for the web-based protocol.
  • Create an Active Directory account for Unity Connection Unified Messaging services, and grant the applicable permissions to the account.
  • Add proxy addresses to Unity Connection user accounts.
  • Configure one or more Unity Connection Unified Messaging services and assign them to the users. Then test the Unified Messaging services.
  • For security, upload certificates to the servers.

Connection Refused

This topic describes how to configure Integrated Messaging in Cisco Unity Connection.

For Integrated Messaging, configure the following:

  • On Cisco Unity Connection, allow connections from untrusted IP addresses on the SMTP Server Configuration page.
  • In the Class of Service template, check the box Allow Users to Access Voicemail Using an IMAP Client.

Configure the following in the mail client if the user exists on Cisco Unity Connection:

  • Create a new mail account.
  • Set the mail server protocol to IMAP and set the incoming and outgoing mail server IP addresses.
  • Enter the account name and credentials.

Integrated Messaging does not require many configuration steps compared to Unified Messaging. In Cisco Unity Connection Administration, configure the SMTP server to allow incoming connections from untrusted IP addresses, which is not the default setting. Otherwise, the mail client will answer with an error message “550 5.5.0 Connection Refused,” indicating that the connection is refused by the server.

Go to the Class of Service template and allow the users to access their voice messages via IMAP by checking the Allow Users to Access Voice Mail Using an IMAP Client and/or Single Inbox check box. This parameter has three subparameters:

  • Allow IMAP Users to Access Message Bodies: Users have access to the entire voicemail.
  • Allow IMAP Users to Access Message Bodies Except on Private Messages: Users have access to the entire voicemail, unless the message is marked private, in which case they have access only to the message header.
  • Allow IMAP Users to Access Message Headers Only: Users have access only to message headers.

The parameter to allow IMAP access to messages must also be enabled for Unified Messaging or if you want to allow Cisco Jabber users to access voice messages.

Assuming that the user exists in Cisco Unity Connection with the minimum requirements of a configured alias and an extension, you can start setting up the mail client.

Depending on the mail client, the setup might be slightly different. When using, for example, Outlook Express, enter the name and the mail address. Then configure the IMAP protocol and the incoming and outgoing mail server IP address or hostname. Then enter the account name (Cisco Unity Connection alias) and the password. Finish the account setup wizard and synchronize the folders from the mail server.

Account Verification

After adding the account in the mail client, synchronize the mail folders:

  • Integrated Messaging requires a second account to be set up in the mail client.
  • Leave a message for the user to test Integrated Messaging.

To test Integrated Messaging, leave a voice message for the user. After the message is left, the mail client should instantly show a new message. As shown in the figure, John received a voice message from Jane. The audio file is attached. You can double-click the attached audio file and play the message with a media player. MWI also is synchronized when the voicemail status is set to Read.

The SMTP domain that you see in the figure also can be changed in the SMTP server configuration. The name is generated by the hostname that you entered during the Cisco Unity Connection installation.

Message Synchronization Architecture

This topic describes the dual-store message architecture in detail.

Cisco Unity Connection does not use Exchange as the only message store. When Exchange is not available, Cisco Unity Connection uses Cisco Unity Message Repository, which allows callers to leave messages for users when their primary Exchange Server is offline. New messages are logged and synchronized after the connection to Exchange is re-established.

Cisco Unity Connection uses APIs to move messages into the Exchange store. The web-based APIs that are used by Cisco Unity Connection are EWS for Exchange 2007 or later and WebDAV for Exchange 2003.

In summary, the message synchronization architecture is based on the following:

  • Message synchronization is used instead of moving the messages off-box.
  • Web APIs are used instead of MAPI.

    Cisco Unity Connection does not use MAPI because Microsoft no longer supports MAPI.

  • Microsoft EWS is used for Microsoft Exchange 2007 and later.
  • WebDAV is used for Microsoft Exchange 2003.

The figure also shows what the Unified Messaging architecture looks like from the perspective of a developer. The synchronization service in Cisco Unity Connection interfaces with Exchange. Cisco Unity Connection clients continue to access Cisco Unity Connection via their commonly used interfaces.

Synchronization Behavior

Cisco Unity Connection is the authoritative message store:

  • Voice messages are pushed from Cisco Unity Connection.
  • Messages that are deleted from Exchange are deleted in Cisco Unity Connection.
  • A message that is in Exchange but is not in Cisco Unity Connection is pushed to Cisco Unity Connection; for example, moved to the inbox from the PST folder.
  • Message properties are synchronized (read, deleted, priority, subject).
  • Message sensitivity and security are initially synchronized, but not subsequently.
  • MWI is synchronized.

A voice message that is received in Cisco Unity Connection is synchronized to Exchange. If a voice message is deleted in Exchange by using a Microsoft Outlook client, or in Cisco Unity ViewMail for Outlook, the voice message is also deleted in Cisco Unity Connection. A voice message marked as read on the phone is marked as read in Microsoft Outlook. The message state is also synchronized.

If a user moves a voice message from the inbox into an Outlook (.pst) file or folder, the voice message is deleted in Cisco Unity Connection. If the user moves that message from the .pst file back into the inbox, the voice message is resynchronized with Cisco Unity Connection and appears as a new message or indicates the state of the voice message. Users can move voicemails in and out of personal folders. Once the user moves the voice message out of the inbox, the voice message is not synchronized with Cisco Unity Connection and the voice message is deleted.


The message properties are synchronized and the status of the voice message as read, deleted, or new is synchronized. Therefore, the MWI is synchronized.

What happens when a voicemail is set to expire—for example, in 20 days—but the user drops the message into an Outlook folder before the expiration? The voice message will expire on Cisco Unity Connection and the message is deleted, but the message will not expire in Microsoft Exchange. If a customer is concerned about that message still being in Exchange, the administrator must turn on secure voicemail for voice messages to keep the voicemails out of the Exchange store. In that case, the subject line is synchronized. If a user changes the subject on the voice message, this change is synchronized and the priority is also synchronized. The message sensitivity and security are only initially synchronized, but if these parameters are changed in Microsoft Outlook later, that change is not synchronized.

Security, Compliance, and Discoverability

This topic describes the security, compliance, and discoverability considerations.

Secure messaging architecture allows access to secure voice messages from the email inbox or Internet Message Access Protocol inbox:

  • Secure voice messages are stored on Cisco Unity Connection.
  • Secure voice messages never leave Cisco Unity Connection.
  • Secure voice messages are streamed securely to supported clients (for example, VMO).

Compliance and discoverability concerns about having voicemails in the email store:

  • Concerns about accidental disclosure of voice messages outside the customer organization
  • Concerns about voicemail increasing storage requirements for the email store
  • Concerns about voicemail increasing the load on the email store

The Cisco Unity Connection Unified Messaging architecture supports secure messages and private messages. The unencrypted messages are kept on the Cisco Unity Connection server, and Cisco Unity Connection sends the messages securely to the client. Cisco Unity Connection does not synchronize a secure message into the Microsoft Exchange message store, but instead provides only a pointer to the message in Cisco Unity Connection. To stream these messages from the mail client, use the Cisco Unity VMO plug-in.

Organizations that are concerned about compliance and discoverability of voicemail in their email systems might not want to use Unified Messaging. Those customers can still offer Unified Messaging from a client perspective in which voicemails are not synchronized in the Microsoft Exchange store.

Cisco Unity Connection Deployment Options

This topic describes the different Cisco Unity Connection deployment options.

  • Cisco Unity Connection allows deployment of voicemail-only, Integrated Messaging, and Unified Messaging.
  • Active Directory and Exchange infrastructure is not required for voicemail-only and Integrated Messaging deployments.
  • Active Directory schema extensions are not required for any solution.

Cisco Unity Connection can be deployed as a voicemail-only solution where the users receive their messages only via the phone. The message is indicated with MWI lights on the phone.

With Integrated Messaging, the voice messages are sent to a mail client via IMAP, but the voice messages appear in a separate inbox folder in the mail client when it is also used for company mail.

Cisco Unity Connection Unified Messaging brings many functions together: Users can still use the phone but also get voice messages in their company mail account. With Unified Messaging, MWI is synchronized on the phone when messages are read or listened to in the mail client.

Exchange Integration Options

This topic describes the mail systems that are supported for the single inbox feature.

  • Cisco Unity Connection supports synchronizing voice messages with Exchange 2003, 2007, 2010, and 2013.
    1. In combination with other features (for example, IPv6), not all Exchange versions are supported.
  • Office 365 is supported.
  • Lotus Notes is supported with third-party products.
  • Always check the compatibility for the mail solution including service packs and Cisco Unity Connection.

Cisco Unity Connection supports Exchange 2003 or later and also supports different versions running at the same time. If you are migrating from Exchange 2003 to 2010, and you are moving mailboxes over to the migrated Exchange Server, Cisco Unity Connection must track these moves. Cisco Unity Connection can autodetect mailbox moves in the Exchange infrastructure. Cisco Unity Connection can be local or placed across geographical boundaries from the Exchange Servers with which it is synchronizing.

Office 365 and Lotus Notes also are supported. However, additional third-party software is required for Lotus Notes. Go to for more information.

Unified Messaging Benefits

This topic describes the benefits of using Unified Messaging in Cisco Unity Connection.

Unified Messaging decouples Cisco Unity Connection from the Exchange infrastructure and dependencies in the following ways:

  • Does not stop functioning if a global catalog is unavailable.
  • Does not require schema extensions to the Active Directory.
  • Does not depend on hub transport and edge transport server roles for mail transfer agent functionality (that is, delivery or receipt of voice mails).
  • Does not depend on mailbox server roles for voice message storage.
  • Does not depend on client access server for front-ending client requests.
  • Cisco clients still have complete access to voice messages if any or all of the Exchange infrastructure is down.

If the global catalog is not available, Cisco Unity (not Cisco Unity Connection) or Exchange Unified Messaging stops working. With Cisco Unity Connection Unified Messaging, a schema extension is not required.

Cisco Unity Connection does not rely on the hub transport (the edge transport servers in Exchange) to deliver voicemails from Cisco Unity Connection. Cisco Unity Connection does not depend on the mailbox server rules because Cisco Unity Connection is just synchronizing the messages into Exchange.

Cisco Unity Connection Unified Messaging reduces the dependencies on Exchange and Active Directory. If the message synchronization is not working because the Exchange infrastructure is not available, callers can still leave messages and users can still receive their messages. The communication between Cisco Unity Connection and Exchange is a two-way synchronization.

Cisco Unity Connection is the authoritative message store. However, a message deleted in Exchange via Microsoft Outlook, for example, is also deleted in Cisco Unity Connection and vice versa.

If a user sends a message to an Exchange distribution list (for example, a voicemail using ViewMail for Outlook), the message is received in a Cisco Unity Connection inbox and in Exchange. The message will be synchronized between both systems.

When secure messages are used in Cisco Unity Connection, the messages are not synchronized into Exchange. Cisco Unity Connection synchronizes a pointer instead, so that the message can be streamed from Cisco Unity Connection. Secure messaging does not allow audio files to leave the system, for example, as an attachment to an email.

Single Inbox Functionality

This topic describes the single inbox functionality with Exchange integration and voice message synchronization.

The single inbox feature performs these functions:

  • Synchronizes voice messages with the Exchange inbox:
    1. MWI is synchronized.
    2. Status (read, new, deleted, and others) and priority are synchronized.
    3. Secure and private messages are supported.
    4. Mobile client support.
  • Calendar integration allows you to configure personal call transfer rules that are based on calendar status.

Unified Messaging provides single inbox access to your voice mails. With single inbox, the MWI is synchronized on both systems. When an unread voice message is opened in the email client—for example, the company Microsoft Outlook inbox folder—MWI is turned off on the phone.

The status for messages is also synchronized. A message in Exchange read by the user is marked as read in Cisco Unity Connection. The new, deleted, or priority status is also synchronized, as is the subject line. Secure and private messages are supported. Mobile clients such as iPhone and Blackberry work automatically because the voice mail comes into the Microsoft Exchange box and the message is picked up by the mobile phone client.

The personal call transfer rules can be based on the calendar information concerning the user’s free or busy status.