Asked by:
ABS IIS Directory Recreation + Address Book not syncing

Question
-
We just completed our installation of OCS 2007 Standard Edition. Below are our ABS Settings:
Address Book Server Settings
Synchronization time: 1:30:00 AM
IOutput location: D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files\Files
File share location for internal connections: https://server.domain.net/Abs/Int/Handler
File share URL for external connections: https://meeting.domain.com/Abs/Ext/Handler1) The Address Book server successfully creates the address book files on the OCS server and stores them in:
D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files\Files
2) When starting Office Communicator, it will sign the user in but then present you with a prompt to download the address book. From my understanding, there should not be a prompt and Communicator should download the address book seamlessly. This prompt will not accept any credentials so you must click cancel to stop the address book download.
At this time, OC 2007 works, but isn't using the address book.
Investigation
3) When I browse to https://server.domain.net/Abs/Int/Handler/, I receive a 403 permission denied...
4) When I ran the Web Component Validation tool, it errored under Check HTTP URL under Checking Address Book Server configuration. It looks for https://server.domain.net/Abs/Int/Handler/Company_Phone_Number_Normalization_Rules.txt.
5) Therefore, I copied, the Company_Phone_Number_Normalization_Rules.txt file from the Files folder (output folder) to the handler folder.
6) I then reran the Web Component Validation and is was successful. (at some point, I changed the permission on handler directory with IIS to browse)
7) I continued on and thought to share the Files folder and point the Handler virtual directory to this shared files (output) folder.
8) I then reran the Web Component Validation and is was successful again.
9) Finally, I was still receiving a login prompt on my communicator 2007. Therefore, I enabled Anonamous access, in addition to Windows Authentication and Require SSL under the Int/Handler directory in IIS.
10) ONLY after "Allow Anonomous Authentication" is set within IIS can the OC client download the GalContacts.db successfully.
(as a side note, I have tested importing the certificates into the Trusted Root Authority on the local machine and changed the IE setting without any luck)
Since OCS generates everything successfully, I am 98% sure this is IIS related. Therefore, I have the following questions....
A) What is the exact IIS hierarchy for the ABS folder? What specific permissions need to be set? What specific paths should the folders in the ABS IIS hierarchy point to?
B) What is the "best practice" configuration for address book download??? Please keep in mind that once I have internal works working, I need to set this for external users...
Thanks,
Keenan
Friday, October 19, 2007 10:58 PM
All replies
-
You can find the default NTFS permissions for AB folder in the Microsoft Office Communications Server 2007 Enterprise Edition Deployment Guide, Appendix B: Permissions Created During Create Pool Task:
For the IIS permissions and settings, look at this article from the TechNet Enterprise Network Team blog:
You must check that your WWW SSL certificate in IIS match the name of your UC pool, and verify that your AB virtual directory use the RTCGuestAccessUser.
Yann Espanet
Tuesday, October 23, 2007 4:13 PM -
Yann,
Thank you for your response. After reviewing the websites above, I noticed our IIS hierarchy isn't the same as the graphics on the blogs.technet site. Here are the differences between our hierarchy and the one in the graphic:
-
We are missing both "Files" folders under Int and Ext (I assume that's bad)
-
We have "Int" and "Ext" folder along with the "Handler" folder under "Ext", but they are NOT designated as application directories (they don't have the turncrank on the folder)
-
The "Int" and "Ext" folders and the "Handler" folder below "Int" are designated as Virtual Directories (with the world on the folder)
If this is too confusing I would gladely e-mail you a screenshot.
I guess I'm not sure how to create the appropriate Application Directories and make sure everything is linked properly.
Thanks for your help. FYI: Keenan and I are working on the same project together.
Seth (and Keenan)
Wednesday, October 24, 2007 5:31 PM -
-
I tried that but i have no RTCGuestAccessUser.
A lot of other RTCxxxxxx, but not that one.
Bjorne
Tuesday, November 6, 2007 5:31 PM -
Bjorne,
You probably have a Standard Edition installation as the Enterprise Edition "Add Server to Pool Wizard" is what typically creates the RTCGuestAccessUser account.
Tuesday, November 6, 2007 10:55 PMModerator -
if we are using ocs 2007 standard. what should we do?Friday, April 17, 2009 9:01 AM