Wednesday, September 30, 2009 9:12 PMI am having issues with external users and the "Cannot Syncronize address book" error. Internal users are working fine. I have verified the "Address Book Server Settings" for the external URL and it points to my WebFarmURL on the reverse proxy (https://ocsrp.domain.com/Abs/Ext/Handler). I have also verified this with wbemtest. I CAN download the file https://ocsrp.domain.com/Abs/Ext/files/F-0c7a.lsabs from IE. Currently I am using a certificate signed from the domain and testing with a laptop as a member of the domain and when going to the URL https://ocsrp.domain.com/Abs/Handler I show the LOCK and no errors.
The only thing that seems suspicious is when I CTRL+right-click the communicator tray icon and look at the configuration Information I am showing the Internal Address Book URL in "GAL Status - https://ocs1.child.internaldomain.com/Abs/Int/Handler - Cannot Synchronize..."
Please help as I have been struggling through this for many days now.
Below are my enviroment details:
Front End Server - OCS 207 R2 x64, Windows 2008 SP1
Access Edge - OCS 2007 R2 x64, Windows 2008 SP1
Reverse Proxy - Windows 2003 SP2 x32, ISA Server 2006 Version 5.0.5723.493
Also, not sure if this is related (I think it is) or helpful, but when I try to connect to LiveMeeting I get "Live Meeting cannot connect to the meeting. Wait a few..."
Please let me know if there is any additional info I may be able to give.
Thursday, October 01, 2009 9:50 AMPlease verify the settings and use LCSCMD
Lcscmd /web /action:ListWMISettings /poolname:<poolName>
- Belgian Unified Communications Community : http://www.pro-exchange.be -
Thursday, October 01, 2009 12:03 PMModerator
What do you have configured as your External Web Farm FQDN? You can verify it be following the steps at the end of this article:
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
Thursday, October 01, 2009 3:18 PMI have run the command, and the log chcks out:
Class MSFT_SIPDataMCUCapabilitySetting - ExternalClientContentDownloadURL: https://ocsrp.domain.com/etc/place/null
Class MSFT_SIPGroupExpansionSetting - ExternalDLExpansionWebURL: https://ocsrp.domain.com/GroupExpansion/Ext/service.asmx
Class MSFT_SIPAddressBookSetting - ExternalURL: https://ocsrp.domain.com/Abs/Ext/Handler
Class MSFT_SIPPSTNConferencingSetting - ExternalURL: http://ocsrp.domain.com/PhoneConferencing/Ext/
Class MSFT_SIPClientUpdaterSetting - ExternalURL: https://ocsrp.domain.com/AutoUpdate/Ext/Handler/OCUpgrade.aspx
Class MSFT_SIPUpdatesServerSetting - ExternalUpdatesStoreURL: https://ocsrp.domain.com/DeviceUpdateFiles_Ext
All of the above points to my reverse proxy that is publicly know as ocsrp.domain.com
Thursday, October 01, 2009 3:22 PMI looked at what was reported in the GUI by going pool->properties->web component properties and under address book I do show the correct URL: https://ocsrp.domain.com/GroupExpansion/Ext/service.asmx
I also have checks in the "Enable Address book query" and "Enable distribution groups expansion"
Thursday, October 01, 2009 10:19 PM
BUMP (Sorry, I am desperate)
Thursday, October 01, 2009 11:24 PM
This looks like an proxy misconfiguration issue, probably with the certificate on the Web Listener (if ISA) or on the FE server IIS cert. Can you provide information on your cert, is it a SAN cert, was is the CN, SANs? Are you using ISA? What is the CN and SAN on the IIS virtual directory?
I see that you have a parent domain and a child domain. Is the OCS server a member of the parent or child?
Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
Friday, October 02, 2009 5:58 PMPlease correct me if my understanding is wrong. I see that you can download the abs file when you are using a domain joined machine, internally. You are also able to access the external URL and do not get an error. I wanted to know if you are using a non domain-joined machine when testing externally ? In that case the certificate wouldn't be validated and hence you will get this error. Can you please let me know what error you get when you open the external ABS URL in IE ? (You might have to disable "Show friendly error messages in IE).
Monday, October 05, 2009 3:34 PMMark,
I should have been more clear in my representation of my domain. Our root domain for activedirectory is corp.domain.com. Its not really a child of another domain. I should have shown sub.domain.com or root.domain.com
When I view the certificate on the client I do not have a SAN. This was done on purpose as I read about issues regarding certs on ISA 2006 with SAN's. If this is incorrect please let me know.
I can download the abs file EXTERALLY with a domain member machine. I have not tested with a non-domain member pc due to the fact the cert is domain signed and I would have to install the root cert and be in the same place as I am now.
Friday, October 09, 2009 9:33 AMModeratorHi
I have do some test to reproduce your issue, you can do below and try again.
Per your above description.
From the external, please use IE to access the https://ocsrp.domain.com/Abs/Ext/Handler (https://ocsrp.domain.com/GroupExpansion/Ext/service.asmx) that you have referred.
Then you will need to install a certificate, please confirm you do it successfully.
Then log out you OC and then log in again.
May be it will be solved.
The method is based on you have confiured the cert on your servers correctly.
That is, the issue is caused by the CERT!
If there still any issue please tell us!
Friday, October 16, 2009 7:00 AMModeratorHi
Any update for your issue?