locked
Cannot Synchronize Address Book ( Cannot synchronize with the corporate address book) Proxy Server Setting In Web Browser

    Question

  • The purpose currently is to use communication server internally.

     

    Hi, just set up office communication server 2007 and then on the same server installed Certificate Server and create a internal certificate. This server also has exchange server 2003 on it.

     

    When a clients install the office communicator program and then restarts his pc, he can successfully log in with no hassle, chat, send files and have audio conference etc.

     

    But i get this notification "Cannot Synchronize Address Book ( Cannot synchronize with the corporate address book) Proxy Server Setting In Web Browser ". Our ISA server is acting as proxy server. When i trying viewing the page in the Internet Explorer, https://office.schs.org.ae/Abs/Int/Handler/F-0b36.dabs i get

     

    Network Access Message: The page cannot be displayed
    Technical Information (for Support personnel)
    • Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
    • IP Address: 192.168.0.250
    • Date: 11/11/2008 10:04:53 AM [GMT]
    • Server: schs-isa.schs.org.ae
    • Source: proxy

     

    I dont know what rule i should create here. The logs for example show me

     

    Denied Enterprise Default Rule Destination Port 443 Protocol SSL-tunnel

    For office.schs.org.ae:443

     

    Can anyone help to solve this issue, will greatly appreciate it.

    Tuesday, November 11, 2008 10:39 AM

All replies

  • In your scenario are you forcing internal users to go through an ISA server to get to the ABS IIS site on the Front-end server?

     

    Internal clients should be contacting the Front-End server directly, using the internal FQDN.

    Tuesday, November 11, 2008 12:37 PM
    Moderator
  • I agree with Jeff that your internal clients do not need to go through an ISA proxy.

    You can check the URL's you have configured for internal and external users by following these instructions found at this KB article. http://support.microsoft.com/kb/938288

    To list the external Web farm FQDNs, follow these steps:
    1. Log on to the server in the pool by using an account that is a member of RTCUniversalServerAdmins group or that has equivalent permissions.
    2. Open a command prompt.
    3. Move to the "Program Files\Common Files\Microsoft Office Communications Server 2007" directory.
    4. To list the external URLs for the Web farm, type the following command:
    Lcscmd /web /action:ListWMISettings /poolname:poolName
    For example, type the following:
    Lcscmd /web /action: ListWMISettings /poolnameStick out tongueool2
    This command creates a remote list of WMI setting values and outputs the location of the report.
    5. Open the file by using Internet Explorer or another Web browser, and then look up the values for the external URLs:
    Lcscmd /web /action:ListWMISettings /poolname:poolName
    For example, look up the following:
    Lcscmd /web /action: ListWMISettings /poolnameStick out tongueool2

    I would suggest that you check that your internal URL's point directly to the internal DNS FQDN of the respective OCS Server Role and the external URL's should point to the external DNS FQDN of the ISA proxy. If you still have issues with downloading the address book, then you may need to set an SPN. See the link below.

    http://blogs.technet.com/jitreddy/archive/2008/08/07/unable-to-download-address-book-from-office-communicator-2007-prompting-for-credentials.aspx


    Jamie Schwinn
    www.systmsny.net

    Tuesday, November 11, 2008 12:54 PM
  •  

    Yes currently all the clients internet explorer browsers are using use a proxy server : 192.168.0.250 (ISA SERVER IP) and the port number 8080.

     

     

    Tuesday, November 11, 2008 7:19 PM
  • Under WMI SETTINGS:-

     

    Namespace: ROOT\CIMV2
    InternalURL: https://office.schs.org.ae/Abs/Int/Handler
    ExternalURL: NULL
    OutputLocation: \\schs-exchange\backup\Meeting\Address
    Instance: Ready

    Not sure i understood this I would suggest that you check that your internal URL's point directly to the internal DNS FQDN of the respective OCS Server Role and the external URL's should point to the external DNS FQDN of the ISA proxy.

     

     

    InternalURL: https://office.schs.org.ae/Abs/Int/Handler

    Dns Record: office.schs.org.ae and the IP it is set to is of the OCS Server

     

    Please advice

    Wednesday, November 12, 2008 4:06 AM
  • In your original post, you said:

    When i trying viewing the page in the Internet Explorer, https://office.schs.org.ae/Abs/Int/Handler/F-0b36.dabs i get:
    Network Access Message: The page cannot be displayed

    Technical Information (for Support personnel)
    • Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
    • IP Address: 192.168.0.250
    • Date: 11/11/2008 10:04:53 AM [GMT]
    • Server: schs-isa.schs.org.ae
    • Source: proxy
    And you also said that:

    InternalURL: https://office.schs.org.ae/Abs/Int/Handler

    Dns Record: office.schs.org.ae and the IP it is set to is of the OCS Server



    If the hostname office.schs.org.ae resolves to the internal IP of the OCS server, then you should not be getting an error for ISA.  Are your internal Communicator clients using an internal DNS server? What IP does office.schs.org.ae resolve to?


    Jamie Schwinn
    www.systmsny.net


    Wednesday, November 12, 2008 9:15 AM
  • Yes the DNS server is an internal one and the IP office.schs.org.ae is 192.168.0.253 which is the IP for the DC and also the DNS server.

     

    On this same server Exchange Server 2003 and now Office communication server also exists.

     

    What i managed to do was to remove SSL from the applicaiton pool of the address book. Then used WMI editor and change the string from https to http. Next in the Internet explorer changed the advanced option for proxy server in which i typed http://office.schs.org.ae.

     

    Logged in the client and it works. Oh and i had to changed integrated authentication to basic.

    The strange this is that on most clients that i log in after hitting login button it ask for username and password and then login.

     

    But for one client it does not do this, it automatically log me when i hit login button. Plus this client it ask also for credentials when connecting to address book while the others it doesnt.

     

     

    Any ideas whats going on here?

    Saturday, November 15, 2008 11:40 AM