Office 365 Hybrid Exchange 2013 with Cisco Unity Connection 9.1.2 Single Inbox


I have a fully functional Hybrid setup between my on-premise Exchange 2013 and my Office 365 exchange Online tenant. I can migrate mailboxes without issue.

Single Inbox works for my on-premise mailboxes. If I take a mailbox that is on-premise, which has SIB functionality working, as soon as I migrate it, SIB no longer works. We do not use Viewmail, and we are not using Text to Speech.

I have followed the guidance here: Configuring Cisco Unity Connection 9.x and Microsoft Office 365 for Unified Messaging

and here: Cisco Unity Connection with Office 365 (Hybrid)

and here: O365 Integration with Unity Connection

I have tried,, and I have tried, as per the recommendations in the referenced URLs above.

If I choose the search option, as the Cisco documentation recommends, all of them fail.

If I choose to specify the server, the only one that works is

When I go to test an actual user that has been migrated, and was working prior to being migrated, and the messaging service has been updated on the user's inbox in Unity for O365, it fails, as though it is an invalid username or password. (401, I believe).

I am pulling my hair out - Unity Connection is the only thing standing in my way of finally migrating 1,000 mailboxes to O365.

Any advice would be very much appreciated.


JonathanSpitfireSenior Solutions EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed HamadaSenior IT ConsultantCommented:
So what you wanna do is simply replicate the voice messages from Cisco single inbox to O365 user's UM service?

How are you syncing users from your on-premises AD to O365 ? are you using AADsync or Dirnsync or a different method?

I don't know much about single box but it would be good to know if it whether adds anything to the user's attributes? these might need to be synced after the user's migrated to the cloud.

Have you tried to check for error logs on Cisco's side?

Did you enable the UM to users because by default UM is not enabled after migration.

o365 UM
JonathanSpitfireSenior Solutions EngineerAuthor Commented:
Thanks, Mohammed.

We are using the Windows Azure Active Directory Sync Tool, but I do not believe that has any bearing on this issue. Allow me to explain why.

We also do not have UM enabled on the Exchange/O365 side....but again, that has no bearing on this issue.

Unity Connection Single Inbox does not modify the AD/Exvhange user in any way.

The way Single Inbox works is that you create a user in AD (which I have - one in the on-premise environment, and one in the O365 tenant) and you assign it the impersonate permission. When a voicemail is left for a user, Unity Connection connects into the Exchange mailbox using the AD account specifically created for this purpose, and deposits the message in the form of an email with the actual voicemail being a wav attachment to the email. It is not sent via smtp, which is why people troubleshooting delivery get confused when message trace yields no results.

Voicemail delivery works just fine for on-premise, but Unity Connection can't seem to connect and/or authenticate to my O365 tenant even though I know the credentials for the tenant account are correct and the account has the proper permissions.

We don't need to check error logs on the Cisco side, because the error presents itself on the screen every time we test within the Unity Connection GUI.

Within Unity Connection, using the domains, we get a DNS error when we configure the service and can't even test the user. With the domain, the service test passes, however we get a 401 login error when we test the user.

I think I know what the issue might be, but it is only a hunch - the way the username is formatted. Unfortunately I won't be able to test my theory until Monday when I can get one of my Unity admins back on the line.

In the mean time, please keep the ideas coming.


Mohammed HamadaSenior IT ConsultantCommented:
So the issue might be with the DNS or with the logon credentials! I wonder in the case of migrated user do you setup Cisco unity to connect to the user's mailbox with the local AD or O365 credentials ? does Cisco unity uses Email and password to login or uses the UPN ?

Try testing your login credentials on with the same format you're using on Cisco unity.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

JonathanSpitfireSenior Solutions EngineerAuthor Commented:
Thanks again.

You setup two services in Cisco Unity when you have a hybrid setup with Exhange on-premise and O365:

One for on-premise...along with an on-premise AD account that has the impersonate permission.
One for the O365 tenant......along with a tenant account that has the impersonate permission.

DNS works on Unity, as we can resolve, however we cannot resolve the other two, even though they are valid and were setup by Microsoft/O365....and are what is recommended to be used in the Cisco documentation.

The RCA ( works as expected with the UPN for the migrated mailbox.

In theory we should be using the UPN for login from Unity Connection, however the format I have to use in my Android to connect with ActiveSync is as follows:\

So I am wondering if we need to use that format in Unity Connection as well.

Nothing like good old Microsoft and Cisco to make things difficult.


Mohammed HamadaSenior IT ConsultantCommented:
Indeed. hope this goes well for you.
JonathanSpitfireSenior Solutions EngineerAuthor Commented:
I figured it out:

1. In Unity Connection, you must use the default Office 365 service address ( to fill in the "Hosted Exchange Server":

Cisco Unity Connection Administration - Unified Messaging Service for O365
2. Make sure that the default SMTP address for the user in AD/Exchange on-premise is correct for your organization. In order for impersonation to work, in Unity Connection, the service account (in my example above: will only work if it is trying to impersonate the account using the DEFAULT/PRIMARY SMTP address. If you use an alias, it will not be able to logon/impersonate the account of the user. Make certain that in Cisco Unity Connection, in the setup for the individual user, that the Unified Messaging account is configured with the primary/SMTP address for the user.

EWS Editor was invaluable in helping me to figure this out. EWS Editor

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JonathanSpitfireSenior Solutions EngineerAuthor Commented:
Figured it out on my own. points awarded for effort
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.