All replies

• 

  

  0

  Sign in to vote

  I deployed this:

   

  OCS Enterprise  (Internal Server) Consolidated  Topology  and OCS Edge Server Consolidated  Topology.

   

  My internal domain is acme.corp and my public domain es acme.com

   

  The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.

   

  OCS Internal Server has this certificate:

   

  CN=ocspool.acme.corp

  SN=owc.acme.com

        serv01.acme.corp ----> (OCS Server Name)

        ocspool.acme.corp

   

  I have to create a certificate with CN=owc.acme.com to publish the OCS Internal Server (Reverse Proxy) over ISA 2006. Also I Have to Upgrade ISA 2006 for publish (Web Publishing Rule) the OCS Internal Server.

   

  Now as i explained the external Users can access to their communicators but their communicators show the message "cannot synchronize with the corporate address book" and it show a windows authentication that is matching to the Exchange Server. 

   

  The Internal Users don't have any problems.

   

  Someone can Help me.

   

  Thanks

   

   

  Saturday, December 6, 2008 8:44 PM
• 

  

  0

  Sign in to vote

  Hi,

  Also when i access to https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that archive.

   

  Thanks

   

  Saturday, December 6, 2008 9:01 PM
• 

  

  0

  Sign in to vote

  Jose - it sounds to me like the wrong URL is being passed to the client.  Run a web components validation against the server in question and make sure you get the correct URL.  Here's the part you should look at:

   

  WMI Class MSFT_SIPAddressBookSetting

  WMI Class Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting WMI Instance Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting.Backend="SQLSERVER\\instance",InstanceID="{D265A402-BD08-4BCB-BEB3-CC7AFBD47C08}" Backend (String): SQLSERVER\instance DaysToKeep (UInt32): 30 ExternalURL (String): https://wcfqdn.domain.com/Abs/Ext/Handler

   

  In your case the ExternalURL should be https://owc.acme.com/abs/ext/handler.

  Sunday, December 7, 2008 11:09 PM

  Moderator
• 

  

  0

  Sign in to vote

   

  Hi Mike,

   

  I ran the web components validation and it was successful.

   

  the validation show me this:

   

   

  ExternalURL (String): https://owc.acme.com/abs/ext/handler

   

  I am testing from a Windows Vista Ultimate x64.

   

  Thanks for Reply.

   

   

  Monday, December 8, 2008 12:06 AM
• 

  

  0

  Sign in to vote

  That looks good.  Do you get any certificate or other IE warnings when you browse to that site from your PC?

  Monday, December 8, 2008 3:19 AM

  Moderator
• 

  

  0

  Sign in to vote

   

  Hi Mike,

   

  I Just have the Root CA Certificate.

   

  As I said when I access to https://externalwebfqdn/abs/ext and put my domain/user and password it show me this:

   

  The website declined to show this webpage
  HTTP 403
  	Most likely causes: This website requires you to log in.
  	What you can try:
  	Go back to the previous page.
  	More information This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage. For more information about HTTP errors, see Help.

   

  Also when i access to  https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that file.

   

  That is very strange.

  Monday, December 8, 2008 5:19 AM
• 

  

  0

  Sign in to vote

  I assume the PC where you are downloading the file from IE is the same one that is running Communicator.  Practically speaking, if you can get the file from IE with no security or certificate warnings and that URL matches the web components URL then it should work.  I'll even go so far as to say that I've never seen ABS downloads fail to work when both of these were the case.

  Monday, December 8, 2008 6:07 AM

  Moderator
• 

  

  0

  Sign in to vote

   

  Hi Mike,

   

  Yes is tha same PC. I would like you can explain me what is correct configuration of certificates in OCS, because i think this is certificate problem.

   

  Well I explain my Enviroment:

  My internal domain is acme.corp and my public domain es acme.com. I have a CA called ca.acme.corp

   

  - OCS 2007 Enterprise (Consolidated  Topology)  Internal Server - serv01.acme.corp

    The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.

   

  The OCS Internal Server has this certificate:

   

  CN=ocspool.acme.corp

  SN=owc.acme.com

        serv01.acme.corp

        ocspool.acme.corp

   

  - OCS 2007 Enterprise Edge Server  (Access Edge and Web Conferencing) - serv02.acme.corp (Stand Alone Server)

   

  Internal Certificate: CN= serv02.acme.corp

   

  Access Edge Certificate: CN= sip.itgsolutions.com.pe

         SN= sip.itgsolutions.com.pe

                 serv02.acme.corp

   

  Conference Edge Certificate CN= conference.itgsolutions.com.pe

                                               SN= conference.itgsolutions.com.pe

                                                      serv02.acme.corp

   

  Is that configuration OK?

   

  Tuesday, December 9, 2008 12:15 AM
• 

  

  1

  Sign in to vote

  Try to run a trace on ABSserverhandler using the logging tool included with OCS. You should be able to start it from the OCS console on the front end server (from the top of my head rightclick your poolname and select start new trace).
  
  In the logging tool window select absserverhandler on the left and realtime logging on the right. Hit Start and see a blue logging window appear. Now start you external communicator.
  
  The logging window should now display absserverhandler finding the right address book file.
  
  You might want to try this as well from an internal client, just too see it working. Also try fetching the file with your browser.
  

  Thursday, December 18, 2008 6:49 PM
• 

  

  0

  Sign in to vote

  Jose,
  
  I have almost the same setup as you and I'm experiencing the same problems. Did you manage to find a solution for this?
  
  Thanks in advance for an answer.
  
  Alex.

  Tuesday, January 13, 2009 10:48 PM
• 

  

  0

  Sign in to vote

  I too have the same problem. All the URL's are excessable externally with no certificate error which indicates the ISA reverse proxy is working. I do however get a logon challenge. If I enter my domain credentials I can see the page. The only thing I can think is that theses pages need to be accessable with a logon challenge. I have the same problem in both OCS 2007 R1 and R2.
  
  Andrew

  Wednesday, March 4, 2009 8:17 AM
• 

  

  0

  Sign in to vote

  Did anyone ever find a solution to synchronizing the address book when the domains do not match?

  Tuesday, October 6, 2009 4:44 PM
• 

  

  0

  Sign in to vote

  Since the address book is only a web-based file transfer, it is pretty simple.
  
  For starters, I suggest, users to open the page on their ISA server, and see the routing. ISA server is responsible for not only HTTPS-HTTPS bridging, but also all routing.
  
  Additionally, it is very useful, if you disable "Show friendly HTTP error message" in IE --> Tools --> Settings --> Advanced
  
  This should be done on every machine that you have issues on.
  
  Please provide some more information, if this doesnt help you.

  Monday, October 12, 2009 8:11 PM