Cannot synchronize with the corporate address book on OCS 2007

I am still having problems with this. I will follow up tomorrow with the results from your suggestions.

I forgot to say how you can check if the SSL certificate on the OCS is the problem.
- Open the Office Communications Server 2007 management console
- Expand to the server that is running the web components
- Select the FQDN of the server (server.domain.com)
- On the right you see available tasks --> validation. Expand
- Select Web Components Server and complete the wizard. If it fails with errors on connectivity, you probably see that iis default web site needs a valid certificate even if you do NOT require SSL on the ABS component. In that case submit a request to an internal or external CA and install the certificate on the default web site (using the button 'server certificate...' on the directory security tab

I had the same problem and solved it with the help of the validation wizard.

If you have other errors, you can always post them here

Attached is the error log from the web components validation.

Error is:
Received a failure HTTP response.: InternalServerError
Suggested Resolution: Check whether the Web Server or Office
Communications Server component is running and also listening on
the specified url. If server is behind a load balancer, please make
sure the loopback connection is allowed from load balancer FQDN.
Suggested Resolution: Check the Web Proxy setting in this
machine and ensure that it is correctly configured

Do you use a proxy server?
Do you have sharepoint installed on the same server?
Check all the services regarding OCS2007 and IIS and see if they are started.
Check the permissions on the IIS server on the default website.
Did you have a certificate on the ABS component? start --> run --> inetmgr --> expand default website --> do you see the ABS component? Properties of default website --> directory security tab --> can you view the certificate?

I do not use a proxy server.
Sharepoint Services is installed on the machine.
All OCS and IIS services are started.
I can view the OCS certificate I created in the default website of IIS.

Check the user on the applicationspools in IIS -> Apllicationpools -> LSGroupExpAppPool -> Properties -> Identity -> the User should be RTCComponentService
UCdeviceUpdater -> Properties -> Identity -> the User should be RTCComponentService

Also check the permissions on the ABS component in IIS. Anonymous access should be disabled, but you can enable integrated windows auth. and basic authentication.

Test the URL in the browser on a client: https://computername.domainname.local/Abs/ and see if you can log in or if you get another error message.

You could also try and enable anonymous access for testing purposes and see if it works then.

The user under the Identity tab is RTCService. Should I change it to RTCComponentService?

If I go to https://computername.domainname.local/Abs/  and login with my personal user credentials I recieve the message:
The website declined to show this webpage


The title of the webpage is HTTP 403 Forbidden.


Thanks for all the help and quick responses!!!!

Should the username in the identity tab be in the form domainname\rtcservice or localcomputername\rtcservice?

You're welcome!
First of all, we narrowed the problem down to the security settings (Forbidden)

Yes, change to RTCComponentservice. It should look like domainname\RTCComponentService.

Test the URL again, test also without SSL (http://computername.domainname.local/Abs/)

If that doesn't work, allow anonymous access

Don't forget to restart IIS.
Did you solve the problem?

Currently we're having similar issues here.  

-Office Communicator works just fine, it's just the synchronization with the corporate address book is the issue.  
-I've tried all the suggestions from above and still no go.  

-Certificates are working fine, RTCComponentService is being used but we still can't get to the <server>/Abs website either through SSL or not, even with anonymous access.

Let's start from the beginning:
- Can you ping the webserver from the clients?
- IIS services are all up and running?
- Do you see the ABS website in IIS on the OCS server?

If you can't access the abs website through https://server.domain.com/abs, you probably have an IIS issue or a problem with a firewall.

Yeah we were having an IIS issue, that's been resolved now.  

Still also banging my head like the original poster on this issue.  

I've tried all suggested above. Still no luck...

Might want to try this link to see if it helps you at all

http://communicationsserverteam.com/archive/2007/12/17/52.aspx

I personally went through and verified some of those permission settings with the RTC usergroups to the directories local on the server where OCS is running and it didn't help.  Still have the warning message.  

Should note that any user in our organization can right now download to an address file manually through Internet Explorer so the permissions seem to be setup ok on that end, but the actual application itself still has the error from the initial poster.

Check the NTFS permissions on the folder of the ABS and the folders below. Authenticated users should have read rights.

Enable in IIS only integrated windows authentication and restart IIS.

In IE, put the Ocs URL in the Trusted Sites in your Internet Explorer and test again.

Oh, you might want to turn off friendly http error messages: in IE (if you are using IE of course) --> internet options --> advanced --> turn off 'display user friendly http errors'. It will give more information on the problem. You can post the error here.

Hi Edmond,
Did you turn on directory browsing in IIS?
The users can access the ABS website from IE? They see three directories listed: Ext, Files and Int
If they can see this directories and directory browsing is enabled, the OCS client should access the address book files. For testing, you have to restart the ocs client, also in the system bar on the right.

If this and above does not help you, could you provide more info on your situation and in brief the steps you took?

Thrain,  Thanks for your responses:

To clarify what we're running into:  If I turn on directory browsing in IIS any user in our organization can browse the files/directories if they connect to https://<servername>/abs.  I'm not having any issue with that which is what is so bizarre.  The certificate for SSL and permissions for accessing those directories are working fine as they can browse to those directories just fine through a web browser.  

Even with that part working fine, every user of communicator still receieves the original error described (cannot synchronize address book information).  Based on everything I've seen, what we've done should have resolved the issue.  I'll type up some more information about our situation tonight as well.  

Should the ABS Folder be a share?  Also, I just noticed that I am receiving the following error message on the server:

Event Type:      Warning
Event Source:      ASP.NET 2.0.50727.0
Event Category:      Web Event
Event ID:      1310
Date:            3/27/2008
Time:            8:26:40 AM
User:            N/A
Computer:      COMPUTERNAME
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 3/27/2008 8:26:40 AM
Event time (UTC): 3/27/2008 12:26:40 PM
Event ID: bd5da63f2f434168817a1a28d1ec86c8
Event sequence: 1
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1/Root/Abs/Int/Handler-31-128510944005532414
    Trust level: Full
    Application Virtual Path: /Abs/Int/Handler
    Application Path: D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files\Int\Handler\
    Machine name: COMPUTERNAME
 
Process information:
    Process ID: 6520
    Process name: w3wp.exe
    Account name: domainname\RTCComponentService
 
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: An error occurred loading a configuration file: Access to the path 'C:\inetpub\wwwroot\web.config' is denied. (C:\inetpub\wwwroot\web.config)
 
Request information:
    Request URL: https://computername.domainname.local:443/Abs/Int/Handler/D-08d5-0a52.lsabs
    Request path: /Abs/Int/Handler/D-08d5-0a52.lsabs
    User host address: 192.168.84.31
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: domainname\RTCComponentService
 
Thread information:
    Thread ID: 6
    Thread account name: domainname\RTCComponentService
    Is impersonating: False
    Stack trace:    at System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags)

I already had Integrated Auth turned on.  I turned it off and Restarted IIS and then Turned it back on and restarted IIS again...still no luck.

I tried Setspn -A HTTP/{servername} {domainname}\RTCComponentService and restarted OCS...still no luck.

We have not found a solution for this yet, however since we have not had the time to invest in fixing it, I am going to close this question to make the EE gods happy, and open a new question later.
Thanks for your help all.