locked
cannot synchronize with the corporate address book

    Question

  •  

    Hi Everyone,

     

    External Users can not download the address book.Their communicators show "Cannot cannot synchronize with the corporate address book".

     

    When i put https://externalwebfqdn/abs/ext it show me a Windows Authentication and I put "Domain\User" and Password. But after i put user and password i can not donwload nothing tha IE show me this:

     

    The website declined to show this webpage

     HTTP 403
     

    Most likely causes:

    • This website requires you to log in.
     

    What you can try:

     

    Go back to the previous page.

     

    More information

    This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

    For more information about HTTP errors, see Help.

     

    Somebody can Help me, Please

     

    Thanks.

    Saturday, December 6, 2008 2:20 PM

All replies

  • I deployed this:

     

    OCS Enterprise  (Internal Server) Consolidated  Topology  and OCS Edge Server Consolidated  Topology.

     

    My internal domain is acme.corp and my public domain es acme.com

     

    The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.

     

    OCS Internal Server has this certificate:

     

    CN=ocspool.acme.corp

    SN=owc.acme.com

          serv01.acme.corp ----> (OCS Server Name)

          ocspool.acme.corp

     

    I have to create a certificate with CN=owc.acme.com to publish the OCS Internal Server (Reverse Proxy) over ISA 2006. Also I Have to Upgrade ISA 2006 for publish (Web Publishing Rule) the OCS Internal Server.

     

    Now as i explained the external Users can access to their communicators but their communicators show the message "cannot synchronize with the corporate address book" and it show a windows authentication that is matching to the Exchange Server. 

     

    The Internal Users don't have any problems.

     

    Someone can Help me.

     

    Thanks

     

     

    Saturday, December 6, 2008 8:44 PM
  • Hi,

    Also when i access to https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that archive.

     

    Thanks

     

    Saturday, December 6, 2008 9:01 PM
  • Jose - it sounds to me like the wrong URL is being passed to the client.  Run a web components validation against the server in question and make sure you get the correct URL.  Here's the part you should look at:

     

    WMI Class MSFT_SIPAddressBookSetting   WMI Class Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting
    WMI Instance Path: \\OCSSERVER\root\cimv2:MSFT_SIPAddressBookSetting.Backend="SQLSERVER\\instance",InstanceID="{D265A402-BD08-4BCB-BEB3-CC7AFBD47C08}"
    Backend (String): SQLSERVER\instance
    DaysToKeep (UInt32): 30
    ExternalURL (String): https://wcfqdn.domain.com/Abs/Ext/Handler

     

    In your case the ExternalURL should be https://owc.acme.com/abs/ext/handler.

    Sunday, December 7, 2008 11:09 PM
    Moderator
  •  

    Hi Mike,

     

    I ran the web components validation and it was successful.

     

    the validation show me this:

     

     

    ExternalURL (String): https://owc.acme.com/abs/ext/handler

     

    I am testing from a Windows Vista Ultimate x64.

     

    Thanks for Reply.

     

     

    Monday, December 8, 2008 12:06 AM
  • That looks good.  Do you get any certificate or other IE warnings when you browse to that site from your PC?

    Monday, December 8, 2008 3:19 AM
    Moderator
  •  

    Hi Mike,

     

    I Just have the Root CA Certificate.

     

    As I said when I access to https://externalwebfqdn/abs/ext and put my domain/user and password it show me this:

     

    The website declined to show this webpage

     HTTP 403
     

    Most likely causes:

    • This website requires you to log in.
     

    What you can try:

     

    Go back to the previous page.

     

    More information

    This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

    For more information about HTTP errors, see Help.

     

    Also when i access to  https://owc.acme.com/abs/ext/handler/f-0b50.lsabs i can download that file.

     

    That is very strange.

    Monday, December 8, 2008 5:19 AM
  • I assume the PC where you are downloading the file from IE is the same one that is running Communicator.  Practically speaking, if you can get the file from IE with no security or certificate warnings and that URL matches the web components URL then it should work.  I'll even go so far as to say that I've never seen ABS downloads fail to work when both of these were the case.

    Monday, December 8, 2008 6:07 AM
    Moderator
  •  

    Hi Mike,

     

    Yes is tha same PC. I would like you can explain me what is correct configuration of certificates in OCS, because i think this is certificate problem.

     

    Well I explain my Enviroment:

    My internal domain is acme.corp and my public domain es acme.com. I have a CA called ca.acme.corp

     

    - OCS 2007 Enterprise (Consolidated  Topology)  Internal Server - serv01.acme.corp

      The Internal Web for Address Book is ocspool.acme.corp and the External Web for Address Book is owc.acme.com.

     

    The OCS Internal Server has this certificate:

     

    CN=ocspool.acme.corp

    SN=owc.acme.com

          serv01.acme.corp

          ocspool.acme.corp

     

    - OCS 2007 Enterprise Edge Server  (Access Edge and Web Conferencing) - serv02.acme.corp (Stand Alone Server)

     

    Internal Certificate: CN= serv02.acme.corp

     

    Access Edge Certificate: CN= sip.itgsolutions.com.pe

           SN= sip.itgsolutions.com.pe

                   serv02.acme.corp

     

    Conference Edge Certificate CN= conference.itgsolutions.com.pe

                                                 SN= conference.itgsolutions.com.pe

                                                        serv02.acme.corp

     

    Is that configuration OK?

     

    Tuesday, December 9, 2008 12:15 AM
  • Try to run a trace on ABSserverhandler using the logging tool included with OCS. You should be able to start it from the OCS console on the front end server (from the top of my head rightclick your poolname and select start new trace).

    In the logging tool window select absserverhandler on the left and realtime logging on the right. Hit Start and see a blue logging window appear. Now start you external communicator.

    The logging window should now display absserverhandler finding the right address book file.

    You might want to try this as well from an internal client, just too see it working. Also try fetching the file with your browser.
    Thursday, December 18, 2008 6:49 PM
  • Jose,

    I have almost the same setup as you and I'm experiencing the same problems. Did you manage to find a solution for this?

    Thanks in advance for an answer.

    Alex.
    Tuesday, January 13, 2009 10:48 PM
  • I too have the same problem. All the URL's are excessable externally with no certificate error which indicates the ISA reverse proxy is working. I do however get a logon challenge. If I enter my domain credentials I can see the page. The only thing I can think is that theses pages need to be accessable with a logon challenge. I have the same problem in both OCS 2007 R1 and R2.

    Andrew
    Wednesday, March 4, 2009 8:17 AM
  • Did anyone ever find a solution to synchronizing the address book when the domains do not match?

    Tuesday, October 6, 2009 4:44 PM
  • Since the address book is only a web-based file transfer, it is pretty simple.

    For starters, I suggest, users to open the page on their ISA server, and see the routing. ISA server is responsible for not only HTTPS-HTTPS bridging, but also all routing.

    Additionally, it is very useful, if you disable "Show friendly HTTP error message" in IE --> Tools --> Settings --> Advanced

    This should be done on every machine that you have issues on.

    Please provide some more information, if this doesnt help you.

    Monday, October 12, 2009 8:11 PM