locked
Cannot Synchronize Address Book ( Cannot synchronize with the corporate address book) Proxy Server Setting In Web Browser RRS feed

  • Question

  • Communicator Error message:

    "Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book.If the problem persists, contact your system administrator"

     

    Issues With This Error:

    1.  We do not have / use a proxy server.
    2. This occurs when using Communicator on the OCS2007 server as well as the client.:
    • The Address Book Server Starts And Synchronizes on the OCS2007server (WORKS).
    • There is no GalContacts.db file in the directory 
      • C:\Documents and Settings\UserName\Local Settings\Application Data\Microsoft\Communicator\
    • I am able to connect to the file in the Address Book Server through the client browser by disabling the SSL and setting it for Basic Authentication.
    • Outlook is the default profile

    Actions taken which did not work:

    *Note* In this section, the following actions might eventually get the communicator to work. I am just saying that when I did this it did not fix it at the time.

    1. IE on XP clients the parameter "check for server certificate revocation (requires restart)"  has been checked and unchecked on Windows 2003 and restarted with both selections.
    2. Disable SSL for EXT and INT in the ABS directory.
    3. Change the user back to <DOMAIN>\RTCGuestAccessUser under "Connect As" for the INT directory, and go into AD users and computers and change the account settings to "Password never Expires" under the account tab. - RTCGuestAccessUser is a ( Group ) on the server so I was unable to set the password to never expire.
    4. Using WMI Tester I changed  the MSFT_SIPGroupExpansionSetting section entitled ExternalDLExpansionWebURL and inserted the folowing serveraddress\Abs\Int\Handler\services.asmx

    Communicator:

    Version: 2.0.6362.0

    Server: OCS2007 Standard Edition

     

    Questions:

    1. Can Office Communications Server 2007 run with Exchange Server 2003 ?
    Friday, September 21, 2007 9:42 PM

All replies

  • STATUS: We were able to resolve the issue, please see the post here.


    http://forums.microsoft.com/OCS2007/ShowPost.aspx?PostID=2199352&SiteID=57&mode=1


    1. IE on XP clients the parameter "check for server certificate revocation (requires restart)"  has been checked and unchecked on Windows 2003 and restarted with both selections. (LEFT UNCHECKED)
    2. Disable SSL for EXT and INT in the ABS directory. (SEE POST ABOVE)
    3. Change the user back to <DOMAIN>\RTCGuestAccessUser under "Connect As" for the INT directory, and go into AD users and computers and change the account settings to "Password never Expires" under the account tab. - RTCGuestAccessUser is a ( Group ) on the server so I was unable to set the password to never expire. (REMOVED THIS CHANGE SEE PREVOIUS POST AND CLICK ITS SUPPORT LINK)
    4. Using WMI Tester I changed  the MSFT_SIPGroupExpansionSetting section entitled ExternalDLExpansionWebURL and inserted the folowing serveraddress\Abs\Int\Handler\services.asmx (REMOVED THIS CHANGE SINCE THIS IS A TEST SERVER AND WAS CONCERNED WITH INTERNAL COMMUNICATIONS)

    Thursday, September 27, 2007 1:42 PM
  • Also, check the ABS site in IIS and make sure that it has the correct CA Certificate associated with it.

    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/59152a38-e526-40fc-a6ad-71f0d148e962.mspx?mfr=true

    Installing Server Certificates (IIS 6.0)

    After you have obtained a server certificate, you can install it. When you use the Server Certificate Wizard to install a server certificate, the process is referred to as assigning a server certificate.

      Important

    You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

    Procedures

    To install a server certificate using the Web Server Certificate Wizard

    1.

    In IIS Manager, expand the local computer, and then expand the Web Sites folder.

    2.

    Right-click the Web site or file that you want, and then click Properties.

    3.

    On the Directory Security or File Security tab, under Secure communications, click Server Certificate.

    4.

    In the Web Server Certificate Wizard, click Assign an existing certificate.

    5.

    Follow the Web Server Certificate Wizard, which will guide you through the process of installing a server certificate.


    Wednesday, October 3, 2007 5:59 PM
  • Ok,

     

    I had the same issue for past few days since after the installation. Everything in my test environment worked but for some reason after deployment in production, every one is getting this message in their communicator but myself.

     

    After much research, nothing. I accidently came upon this. If you are creating a certificate from your company's CA, you must add that certificate on local machines. Try this and this might help...

     

    Go to site http://<CAServer>/certsrv

    Select the option to "Retrieve the CA certificate or certificate revocation list", click Next

    Download CA Certificate to your computer and save it to your desktop

     

    Click Start -> Run

    type in "mmc" and press enter

    Click File, Add/Remove Snap in

    Click Add, Select Certificates and click Add

    Select Computer Account, Local Computer

    Click Finish, Close, and Ok.

    Expand certificates, Trusted Root Certification Authorities

    Right Click Certificates, All Tasks, Import

    Click Next, Browse the cert you just saved on your desktop, click Next, Next, Finish

     

    Communicator now should start working without restart or logging off.

     

    Good luck.

     

     

     

    Friday, October 5, 2007 4:42 AM
  • I am not sure if your question has been answered yet or not, but here is my input on this matter

     

    Can Office Communications Server 2007 run with Exchange Server 2003 ?

    Yes. My deployment works great with Exchange 2003. I have seen no problems whatsoever either with Outlook 2003 clients. Though you have to download and install a patch that Communicator is helpful and lets you konw, everything works fine with 03 environment.

     

    Good luck.

     

    Friday, October 5, 2007 4:52 AM
  • I have gone through every option suggested in this thread and I still cannot get my clients to sync with the address book.

    My situation:

    Service account passwords expired.  After I figured out what was going on, i reset the passwords, set to never expire, and restarted all services.  Shortly after I was getting log messages that the address book was synchronizing successfully on the OCS server.

    Once I noticed that the clients were not updating, i started searching and found this thread, i have gone through all the suggestions, most recent being resetting the password on the IIS virtual folders for the Connect As user "RTCGuessAccessUser".

    I've also found this article:

    http://support.microsoft.com/kb/938286

    And verified all the settings in that article, this did not help either.

    Finally, i applied the OCS 2007 hotfix found here:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=1ad57f8f-78f7-45f6-a8c0-805936f46645&displaylang=en

    This did not help either.


    Any further help would be GREATLY appreciated!


    Tuesday, December 18, 2007 3:17 PM
  • I had exactly the same issue. I have fixed it now, I had to rebuild the address book on the OCS server. try re-sync of the Address Book on the OCS server and if that doesnt work try rebuilding the address book on the OCS server. use abserver.exe located in core directory of OCS installation.

    Friday, December 28, 2007 4:01 AM
  •  Emailguy wrote:

    I had exactly the same issue. I have fixed it now, I had to rebuild the address book on the OCS server. try re-sync of the Address Book on the OCS server and if that doesnt work try rebuilding the address book on the OCS server. use abserver.exe located in core directory of OCS installation.

     

    FYI, I have some details around manually updating the Address Book in one of my blogs: https://blogs.pointbridge.com/Blogs/schertz_jeff/Lists/Posts/Post.aspx?ID=17

    Monday, January 7, 2008 9:55 PM
    Moderator
  •  

    I am having this issue as well.  At first, everything worked fine then for some reason, it's broken again.  This error is driving me crazier...
    Tuesday, February 12, 2008 9:16 PM
  • I had the same issue - it use to work and then broke.  It turned out that after I installed Communicator Web Access, the certificate I had on my Default Web Site (used by the Address Book) disappeared.  You might want to check that - go to the Default Web Site and make sure there is a valid certificate on the Default Web Site.

    If that doesn't work, run the "Web Components" Validation wizard from the OCS Administration console (select your server under the Web Components) tree node and the Validation wizard is on the right hand side.

    Post the results here - usually it gives some good clues.

    You can also pop open a browser and try navigating to the URL below and see what return code it gives:

    <!--[if !supportLists]-->-          <!--[endif]-->https://<pool FQDN>/Abs/Int/Handler/D-0a25-0a26.dabs






    fdf





    Wednesday, February 13, 2008 4:15 PM

  • FYI - I just read a note in the Communicator Web Access Deployment Guide:

    "Installing Communicator Web Access (2007 release) and any server role of Office Communications Server 2007 on the same physical server is not supported."

    I had installed it on the same server that my Address Book was installed on, and it broke my address book. I uninstalled CWA and re-established my certificate for the ABS and everything works now.

    • Proposed as answer by Zer0 G Friday, January 9, 2009 5:06 PM
    Wednesday, February 13, 2008 4:51 PM
  • hi

     

     

    i got the result .....  if you need the answer for (cannot synchronize with the corporate address book (client side cummunicator)) ,mail to draj-lak@hotmail.com..

     

    bye

    Saturday, March 15, 2008 5:07 AM
  • I have the same error but I think I figured out why, just not quite sure how to fix it.  We have and EDGE server and have setup reverse proxy back to the front-end server for address book services.  We installed an external certificate on it so that it can be used with anonymous users.  External the address book works but internaly, you get a certificate error becuse you are connecting with the internal name ie. computername.domain.local instead of abs.domainname.com.  How can I change teh internal connection URL from internal to external name? I believe this will solve the problem.

    Monday, May 19, 2008 3:35 PM
  • Does the third-party certificate you've attached to your Front-End server's web site contain any SIP domains in the SAN?  You'll want to have the internal webfarm FQDN in the SAN field as well as the external webfarm FQDN.
    Monday, May 19, 2008 3:51 PM
    Moderator
  • No, our certificate does not allow for SAN, I am sure we can get one to do that.  Would it be easier to install a cert on the internal server from our internal Microsoft CA that has a SAN for the external URL?  Not sure if that is possible but sounds like and easier solution.

    Monday, May 19, 2008 3:57 PM
  • That would be a more common configuration, but then external clients that are not part of your domain will not (be default) trust the certififcate issuer.  Utiilization of SAN fields are the best way to deploy the least amount of certificates while still allow for the flexibilty of using both internal and external FQDNs.

     

    If you are using ISA then read through this article for one supported scenario: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19.  I've detailed the certificate configuration when bridging SSL.

    Monday, May 19, 2008 4:10 PM
    Moderator
  • OK, I think I will just contact Verisign about creating a new cert with the SAN of the internal name.  So is it not possible to change the internal URL that OCS has for the addressbook to the external FQDN?

     

    Monday, May 19, 2008 9:08 PM
  • In short, it's possible, but it would create further problems.

     

    If you are running a split-DNS configuration then you could configure internal name resolution to resolve that external FQDN to the internal IP address, hence routing traffic to that box.  But when clients are internally connected, they don't reference the external Web Farm FQDN, they know they are internal and connect to the Front-End server's Address Book service using the internal FQDN automatically.

     

    All those stuff is basically two part, (1) getting name resolution to point the client to the correct interfaces, and (2) getting the names used by the client to match up with certificates so that there are no name mis-matches.

    Monday, May 19, 2008 9:33 PM
    Moderator
  •  renewv wrote:

    i am getting the same Cannot Synchronize Address Book ( Cannot synchronize with the corporate address book) Proxy Server Setting In Web Browser, everythin was working ok but when i installed the communicator web access, the message started to appear, i ve checked the logs and tried the abserver sync, actually the server synchronize ok But clients not.
    i changed the certificate but did not work out.
    when i try to open the https://ocs07xxx.local/abs/int/handler
    i just can't browse it, unless i use a local account (for instance ocs\localuser). when i use a domain account eventhough is a domain admin and full administrator at the IIS ABS/int/handler.

    I think the problem might be permissions, but i don't know why the domain users are not authorized to browse this folder



    Wednesday, June 25, 2008 1:41 AM
  • you can take care of this problem by " typing FIXMAPI.exe from run  on the start menu.
    Thursday, July 31, 2008 10:00 PM
  • Sorry i forgot to add you do this on the client computer after synchronizing ur address book by runing the abserver.exe -syncnow tool from the core directory
    Thursday, July 31, 2008 10:06 PM
  •  Software Coding Monkey wrote:

    Communicator Error message:

    "Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book.If the problem persists, contact your system administrator"

     

     

    Questions:

    1. Can Office Communications Server 2007 run with Exchange Server 2003 ?

     

    First of all Yes - OCS 2007 can run with Exchange 2003 (we have it running fine)

     

    In answer to the overall question we had the very same problem and spent many many hours trying fixes and searching the net for answers.

     

    Finally we cam accross this very usefull page and this worked for us. (we had to reboot OCS for it to take effect)

     

    http://communicatorteam.com/archive/2008/05/12/226.aspx

     

     

    • Proposed as answer by Felix1357 Monday, April 6, 2009 1:07 PM
    Thursday, August 28, 2008 2:11 PM
  •  
    Curtis Johnstone said:


    FYI - I just read a note in the Communicator Web Access Deployment Guide:

    "Installing Communicator Web Access (2007 release) and any server role of Office Communications Server 2007 on the same physical server is not supported."

    I had installed it on the same server that my Address Book was installed on, and it broke my address book. I uninstalled CWA and re-established my certificate for the ABS and everything works now.



    Curtis, thank you. That resolved the issue I was having with this problem.
    Friday, January 9, 2009 5:06 PM
  • I had this same exact issue, but the cause of my problem was not installing IIS using a slipstreamed version of server 2003 SP2.  Once I reinstalled SP2 (no need to reinstall IIS) the problem was resolved.
    Thursday, March 12, 2009 5:55 PM
  • I too am having this issue..  and am starting to pull my hair out....

    I am running IIS 7 on server 08.. I can path out to the adress book share.. i changed the path in the app pool to the share.. checked the service accounts passwords... the only warning i see in the logs is

    Communicator was unable to locate the login server. No DNS SRV records exist for domain udtonline.net, so Communicator was unable to login.

    but i am able to log in automatically...

    Confused..

    Dave

    i can aslo do this..
    P:\Program Files\LCS07\Server\Core>abserver -syncnow
    Triggering Address Book Server synchronization pass - successful.
    You might have to wait up to 5 minutes for it to actually complete.

    • Proposed as answer by Felix1357 Monday, April 6, 2009 1:09 PM
    Tuesday, March 17, 2009 8:08 PM
  • Wednesday, April 8, 2009 3:34 PM
  • Hi

    What is the right procedure to uninstall CWA collocated with FrontEnd server in OCSR2
    without affecting IIS and FE??

    I went to OCSR2 administrative tools and found that Deactivate web component server is grayed, cannot click on it.

    Thanks
    Thursday, June 18, 2009 1:25 PM
  • hi,

    I as u mentioned in the forum that  problem : cannot synchronize with the corporate address book (client side cummunicator) u hv the solution for this, plz can u provide the solution as I got struck for the past 5 days.
    bye.
    Wednesday, September 30, 2009 8:53 AM
  • Have you had a look at http://blog.danovich.com.au/2009/11/04/office-communicator-error-cannot-synchronize-address-book/ ?
    Wednesday, November 4, 2009 1:34 PM
  • May be this one can help!!!

    http://support.microsoft.com/kb/953113
    Wednesday, November 25, 2009 5:23 PM