Asked by:
cannot synchronize with the corporate address book

Question
-
Hi Everyone,
External Users can not download the address book.Their communicators show "Cannot cannot synchronize with the corporate address book".
When i put https://externalwebfqdn/abs/ext it show me a Windows Authentication and I put "Domain\User" and Password. But after i put user and password i can not donwload nothing tha IE show me this:
The website declined to show this webpage
HTTP 403 Most likely causes:
- This website requires you to log in.
What you can try:
Go back to the previous page. More information This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
For more information about HTTP errors, see Help.
Somebody can Help me, Please
Thanks.
Saturday, December 6, 2008 2:20 PM
All replies
-
I deployed this:
OCS Enterprise (Internal Server) Consolidated Topology and OCS Edge Server Consolidated Topology.
My internal domain is acme.corp and my public domain es acme.com
The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.
OCS Internal Server has this certificate:
CN=ocspool.acme.corp
SN=owc.acme.com
serv01.acme.corp ----> (OCS Server Name)
ocspool.acme.corp
I have to create a certificate with CN=owc.acme.com to publish the OCS Internal Server (Reverse Proxy) over ISA 2006. Also I Have to Upgrade ISA 2006 for publish (Web Publishing Rule) the OCS Internal Server.
Now as i explained the external Users can access to their communicators but their communicators show the message "cannot synchronize with the corporate address book" and it show a windows authentication that is matching to the Exchange Server.
The Internal Users don't have any problems.
Someone can Help me.
Thanks
Saturday, December 6, 2008 8:44 PM -
Hi,
Also when i access to https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that archive.
Thanks
Saturday, December 6, 2008 9:01 PM -
Jose - it sounds to me like the wrong URL is being passed to the client. Run a web components validation against the server in question and make sure you get the correct URL. Here's the part you should look at:
WMI Class MSFT_SIPAddressBookSetting WMI Class Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting
WMI Instance Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting.Backend="SQLSERVER\\instance",InstanceID="{D265A402-BD08-4BCB-BEB3-CC7AFBD47C08}"
Backend (String): SQLSERVER\instance
DaysToKeep (UInt32): 30
ExternalURL (String): https://wcfqdn.domain.com/Abs/Ext/HandlerIn your case the ExternalURL should be https://owc.acme.com/abs/ext/handler.
Sunday, December 7, 2008 11:09 PMModerator -
Hi Mike,
I ran the web components validation and it was successful.
the validation show me this:
ExternalURL (String): https://owc.acme.com/abs/ext/handler
I am testing from a Windows Vista Ultimate x64.
Thanks for Reply.
Monday, December 8, 2008 12:06 AM -
That looks good. Do you get any certificate or other IE warnings when you browse to that site from your PC?
Monday, December 8, 2008 3:19 AMModerator -
Hi Mike,
I Just have the Root CA Certificate.
As I said when I access to https://externalwebfqdn/abs/ext and put my domain/user and password it show me this:
The website declined to show this webpage
HTTP 403 Most likely causes:
- This website requires you to log in.
What you can try:
Go back to the previous page. More information This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
For more information about HTTP errors, see Help.
Also when i access to https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that file.
That is very strange.
Monday, December 8, 2008 5:19 AM -
I assume the PC where you are downloading the file from IE is the same one that is running Communicator. Practically speaking, if you can get the file from IE with no security or certificate warnings and that URL matches the web components URL then it should work. I'll even go so far as to say that I've never seen ABS downloads fail to work when both of these were the case.
Monday, December 8, 2008 6:07 AMModerator -
Hi Mike,
Yes is tha same PC. I would like you can explain me what is correct configuration of certificates in OCS, because i think this is certificate problem.
Well I explain my Enviroment:
My internal domain is acme.corp and my public domain es acme.com. I have a CA called ca.acme.corp
- OCS 2007 Enterprise (Consolidated Topology) Internal Server - serv01.acme.corp
The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.
The OCS Internal Server has this certificate:
CN=ocspool.acme.corp
SN=owc.acme.com
serv01.acme.corp
ocspool.acme.corp
- OCS 2007 Enterprise Edge Server (Access Edge and Web Conferencing) - serv02.acme.corp (Stand Alone Server)
Internal Certificate: CN= serv02.acme.corp
Access Edge Certificate: CN= sip.itgsolutions.com.pe
SN= sip.itgsolutions.com.pe
serv02.acme.corp
Conference Edge Certificate CN= conference.itgsolutions.com.pe
SN= conference.itgsolutions.com.peserv02.acme.corp
Is that configuration OK?
Tuesday, December 9, 2008 12:15 AM -
Try to run a trace on ABSserverhandler using the logging tool included with OCS. You should be able to start it from the OCS console on the front end server (from the top of my head rightclick your poolname and select start new trace).
In the logging tool window select absserverhandler on the left and realtime logging on the right. Hit Start and see a blue logging window appear. Now start you external communicator.
The logging window should now display absserverhandler finding the right address book file.
You might want to try this as well from an internal client, just too see it working. Also try fetching the file with your browser.
Thursday, December 18, 2008 6:49 PM -
Jose,
I have almost the same setup as you and I'm experiencing the same problems. Did you manage to find a solution for this?
Thanks in advance for an answer.
Alex.Tuesday, January 13, 2009 10:48 PM -
I too have the same problem. All the URL's are excessable externally with no certificate error which indicates the ISA reverse proxy is working. I do however get a logon challenge. If I enter my domain credentials I can see the page. The only thing I can think is that theses pages need to be accessable with a logon challenge. I have the same problem in both OCS 2007 R1 and R2.
AndrewWednesday, March 4, 2009 8:17 AM -
Did anyone ever find a solution to synchronizing the address book when the domains do not match?
Tuesday, October 6, 2009 4:44 PM -
Since the address book is only a web-based file transfer, it is pretty simple.
For starters, I suggest, users to open the page on their ISA server, and see the routing. ISA server is responsible for not only HTTPS-HTTPS bridging, but also all routing.
Additionally, it is very useful, if you disable "Show friendly HTTP error message" in IE --> Tools --> Settings --> Advanced
This should be done on every machine that you have issues on.
Please provide some more information, if this doesnt help you.Monday, October 12, 2009 8:11 PM