Question

Cannot synchronize with the corporate address book on OCS 2007

Asked by: pghzooit

After installing Office Communicator 2007 users are not able to access the corporate address book. Everything else seems to work as expected. I have attached the error messages they recieve upon logon.  The first box asking for credintials pops up everytime the user logs into the machine, even if you type in the correct credentials.
Any help in solving this will be greatly appreciated.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-03-05 at 06:10:15ID23215944
Tags

Microsoft

,

Office Communication Server

,

2007

Topics

Live/Office Communications Server

,

Microsoft IIS Web Server

Participating Experts
6
Points
500
Comments
30

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. 10 Minute Logon When Not On Corporate Network
    XP Professional, latest levels. Dell Latitude D600 with wireless built in. In the office, I am on the corporate LAN with no Wireless connections available and everything works fine. I can access LAN resources, no problem. Our Domain login is in the registry of the laptop, it...
  2. Logon Failure: Unknown User or Bad Password ... w…
    I get "Logon Failure: Unknown User or Bad Password" ... when trying to access files on a corporate network from an ASP.Net program using code shown below. I have IIS set up for "Windows Authentication" and I can access the files from Windows Explorer with ...
  3. Deploy an corporative signature.
    I have Small Bussines Server 2003, With Exchange server 2003 And all clients have Outlook 2003 I want that all my Outlook clients use an unified corporative signature. I made this signature in HTML but how can I deploy it fast trought all my outlook clients.
  4. Deploy corporate screensaver
    I have looked through the many threads on here regarding getting screensavers to work via a GP but i have not found anything which would suit my needs. We want to deploy a corporate screensaver to a number of XP machines, I have set up a group policy however i have now learnt...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ThrainSonOfTimorPosted on 2008-03-13 at 09:27:32ID: 21117904

I don't know if you still need help with this one, but maybe you could try the microsoft solution to your problem:
http://support.microsoft.com/kb/938286

Or if that doesn't solve your problem, you have to check if you have an SSL certificate installed for the address book website in IIS. It seems that it is obliged to have one (http://support.microsoft.com/kb/939530/en-us)

 

by: pghzooitPosted on 2008-03-13 at 12:52:31ID: 21120162

I am still having problems with this. I will follow up tomorrow with the results from your suggestions.

 

by: ThrainSonOfTimorPosted on 2008-03-13 at 16:37:50ID: 21121833

I forgot to say how you can check if the SSL certificate on the OCS is the problem.
- Open the Office Communications Server 2007 management console
- Expand to the server that is running the web components
- Select the FQDN of the server (server.domain.com)
- On the right you see available tasks --> validation. Expand
- Select Web Components Server and complete the wizard. If it fails with errors on connectivity, you probably see that iis default web site needs a valid certificate even if you do NOT require SSL on the ABS component. In that case submit a request to an internal or external CA and install the certificate on the default web site (using the button 'server certificate...' on the directory security tab

I had the same problem and solved it with the help of the validation wizard.

If you have other errors, you can always post them here

 

by: pghzooitPosted on 2008-03-14 at 05:52:15ID: 21124952

Attached is the error log from the web components validation.

 

by: ThrainSonOfTimorPosted on 2008-03-14 at 06:18:20ID: 21125170

Error is:
Received a failure HTTP response.: InternalServerError
Suggested Resolution: Check whether the Web Server or Office
Communications Server component is running and also listening on
the specified url. If server is behind a load balancer, please make
sure the loopback connection is allowed from load balancer FQDN.
Suggested Resolution: Check the Web Proxy setting in this
machine and ensure that it is correctly configured

Do you use a proxy server?
Do you have sharepoint installed on the same server?
Check all the services regarding OCS2007 and IIS and see if they are started.
Check the permissions on the IIS server on the default website.
Did you have a certificate on the ABS component? start --> run --> inetmgr --> expand default website --> do you see the ABS component? Properties of default website --> directory security tab --> can you view the certificate?

 

by: pghzooitPosted on 2008-03-14 at 07:28:12ID: 21125795

I do not use a proxy server.
Sharepoint Services is installed on the machine.
All OCS and IIS services are started.
I can view the OCS certificate I created in the default website of IIS.

 

by: ThrainSonOfTimorPosted on 2008-03-14 at 07:44:08ID: 21125974

Check the user on the applicationspools in IIS -> Apllicationpools -> LSGroupExpAppPool -> Properties -> Identity -> the User should be RTCComponentService
UCdeviceUpdater -> Properties -> Identity -> the User should be RTCComponentService

Also check the permissions on the ABS component in IIS. Anonymous access should be disabled, but you can enable integrated windows auth. and basic authentication.

Test the URL in the browser on a client: https://computername.domainname.local/Abs/ and see if you can log in or if you get another error message.

 

by: ThrainSonOfTimorPosted on 2008-03-14 at 07:46:01ID: 21125990

You could also try and enable anonymous access for testing purposes and see if it works then.

 

by: pghzooitPosted on 2008-03-14 at 07:57:31ID: 21126112

The user under the Identity tab is RTCService. Should I change it to RTCComponentService?

If I go to https://computername.domainname.local/Abs/  and login with my personal user credentials I recieve the message:
The website declined to show this webpage


The title of the webpage is HTTP 403 Forbidden.


Thanks for all the help and quick responses!!!!

 

by: pghzooitPosted on 2008-03-14 at 08:00:55ID: 21126140

Should the username in the identity tab be in the form domainname\rtcservice or localcomputername\rtcservice?

 

by: ThrainSonOfTimorPosted on 2008-03-14 at 08:04:14ID: 21126174

You're welcome!
First of all, we narrowed the problem down to the security settings (Forbidden)

Yes, change to RTCComponentservice. It should look like domainname\RTCComponentService.

Test the URL again, test also without SSL (http://computername.domainname.local/Abs/)

If that doesn't work, allow anonymous access

 

by: ThrainSonOfTimorPosted on 2008-03-20 at 11:53:41ID: 21174568

Don't forget to restart IIS.
Did you solve the problem?

 

by: EdmondadmPosted on 2008-03-24 at 06:56:44ID: 21193533

Currently we're having similar issues here.  

-Office Communicator works just fine, it's just the synchronization with the corporate address book is the issue.  
-I've tried all the suggestions from above and still no go.  

-Certificates are working fine, RTCComponentService is being used but we still can't get to the <server>/Abs website either through SSL or not, even with anonymous access.

 

by: ThrainSonOfTimorPosted on 2008-03-24 at 10:41:40ID: 21195174

Let's start from the beginning:
- Can you ping the webserver from the clients?
- IIS services are all up and running?
- Do you see the ABS website in IIS on the OCS server?

If you can't access the abs website through https://server.domain.com/abs, you probably have an IIS issue or a problem with a firewall.

 

by: EdmondadmPosted on 2008-03-25 at 06:20:33ID: 21201604

Yeah we were having an IIS issue, that's been resolved now.  

Still also banging my head like the original poster on this issue.  

 

by: pghzooitPosted on 2008-03-25 at 06:26:36ID: 21201654

I've tried all suggested above. Still no luck...

 

by: EdmondadmPosted on 2008-03-25 at 09:19:35ID: 21203341

Might want to try this link to see if it helps you at all

http://communicationsserverteam.com/archive/2007/12/17/52.aspx

I personally went through and verified some of those permission settings with the RTC usergroups to the directories local on the server where OCS is running and it didn't help.  Still have the warning message.  

Should note that any user in our organization can right now download to an address file manually through Internet Explorer so the permissions seem to be setup ok on that end, but the actual application itself still has the error from the initial poster.

 

by: ThrainSonOfTimorPosted on 2008-03-26 at 08:30:28ID: 21212695

Check the NTFS permissions on the folder of the ABS and the folders below. Authenticated users should have read rights.

Enable in IIS only integrated windows authentication and restart IIS.

In IE, put the Ocs URL in the Trusted Sites in your Internet Explorer and test again.

 

by: ThrainSonOfTimorPosted on 2008-03-26 at 12:48:59ID: 21215471

Oh, you might want to turn off friendly http error messages: in IE (if you are using IE of course) --> internet options --> advanced --> turn off 'display user friendly http errors'. It will give more information on the problem. You can post the error here.

 

by: ThrainSonOfTimorPosted on 2008-03-26 at 14:12:50ID: 21216262

Hi Edmond,
Did you turn on directory browsing in IIS?
The users can access the ABS website from IE? They see three directories listed: Ext, Files and Int
If they can see this directories and directory browsing is enabled, the OCS client should access the address book files. For testing, you have to restart the ocs client, also in the system bar on the right.

If this and above does not help you, could you provide more info on your situation and in brief the steps you took?

 

by: EdmondadmPosted on 2008-03-26 at 15:01:34ID: 21216814

Thrain,  Thanks for your responses:

To clarify what we're running into:  If I turn on directory browsing in IIS any user in our organization can browse the files/directories if they connect to https://<servername>/abs.  I'm not having any issue with that which is what is so bizarre.  The certificate for SSL and permissions for accessing those directories are working fine as they can browse to those directories just fine through a web browser.  

Even with that part working fine, every user of communicator still receieves the original error described (cannot synchronize address book information).  Based on everything I've seen, what we've done should have resolved the issue.  I'll type up some more information about our situation tonight as well.  

 

by: pghzooitPosted on 2008-03-27 at 05:55:00ID: 21220737

Should the ABS Folder be a share?  Also, I just noticed that I am receiving the following error message on the server:

Event Type:      Warning
Event Source:      ASP.NET 2.0.50727.0
Event Category:      Web Event
Event ID:      1310
Date:            3/27/2008
Time:            8:26:40 AM
User:            N/A
Computer:      COMPUTERNAME
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 3/27/2008 8:26:40 AM
Event time (UTC): 3/27/2008 12:26:40 PM
Event ID: bd5da63f2f434168817a1a28d1ec86c8
Event sequence: 1
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1/Root/Abs/Int/Handler-31-128510944005532414
    Trust level: Full
    Application Virtual Path: /Abs/Int/Handler
    Application Path: D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files\Int\Handler\
    Machine name: COMPUTERNAME
 
Process information:
    Process ID: 6520
    Process name: w3wp.exe
    Account name: domainname\RTCComponentService
 
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: An error occurred loading a configuration file: Access to the path 'C:\inetpub\wwwroot\web.config' is denied. (C:\inetpub\wwwroot\web.config)
 
Request information:
    Request URL: https://computername.domainname.local:443/Abs/Int/Handler/D-08d5-0a52.lsabs
    Request path: /Abs/Int/Handler/D-08d5-0a52.lsabs
    User host address: 192.168.84.31
    User:  
    Is authenticated: False
    Authentication Type:  
    Thread account name: domainname\RTCComponentService
 
Thread information:
    Thread ID: 6
    Thread account name: domainname\RTCComponentService
    Is impersonating: False
    Stack trace:    at System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags)

 

by: ThrainSonOfTimorPosted on 2008-03-27 at 08:13:40ID: 21222259

Edmond and pghzooit,
Check the name of the file share location for the address book: http://www.ocspedia.com/ABS/Addsrv_Set.htm
which version of ocs 2007 do you have? standard or enterprise?

pghzooit, ABS folder is not a share if located on the same server as IIS. I see that you installed OCS under D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files. On this directory make sure the NTFS rights are List folder contents,read, read & execute.
In IIS, properties of ABS the local path has to be the same path if iis is on the same server (D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files). Application pool on the same screen is lsgroupexpapppool.

You have also a problem with the User domainname\RTCComponentService. He does not get authenticated. try changing the password in AD and then change the password in iis lsgroupexpapppool identity tab. restart iis.
Make sure aonymous access is enabled on the abs website and folders below in iis. According to a post it has to be enabled. It is enabled in my testing environment: http://forums.microsoft.com/unifiedcommunications/ShowPost.aspx?PostID=2295978&SiteID=57

i do not quite get following error:
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: An error occurred loading a configuration file: Access to the path 'C:\inetpub\wwwroot\web.config' is denied. (C:\inetpub\wwwroot\web.config)
My guess is the handler directory is configured wrong in iis. Should look like D:\Program Files\Microsoft Office Communications Server 2007\Web Components\Address Book Files\Int\Handler or ext\handler. There is a web.config file there. Check all your directories in iis.

When testing in ocs try rebooting clent computer first.
   

 

by: CoolWizzPosted on 2008-07-29 at 22:21:18ID: 22117657

I had the same problem and it vanished after i turned on "Integrated Authentication" on the default web site and selected to apply it on on the VD's below it.

Cheers

 

by: pghzooitPosted on 2008-07-30 at 07:56:37ID: 22121046

I already had Integrated Auth turned on.  I turned it off and Restarted IIS and then Turned it back on and restarted IIS again...still no luck.

 

by: DVation191Posted on 2008-08-18 at 08:55:41ID: 22253034

I've been watching this thread because I am having the same exact problem. Though probably unrelated, I didn't start having the problem until I installed and activated Communicator Web Access. Even after uninstalling, I still had all the same problems you had.

The good news is that I finally fixed it after finding this site:
http://blogs.technet.com/jitreddy/archive/2008/08/07/unable-to-download-address-book-from-office-communicator-2007-prompting-for-credentials.aspx

What actually fixed it was running the following command on the LCS server:
Setspn -A HTTP/{servername} {domainname}\RTCComponentService

As soon as I ran that on the server, I restarted communicator and it didn't prompt me for credentials. Hope this helps you too.

 

by: pghzooitPosted on 2008-08-18 at 10:08:16ID: 22253586

I tried Setspn -A HTTP/{servername} {domainname}\RTCComponentService and restarted OCS...still no luck.

 

by: thepianobarPosted on 2008-09-08 at 07:17:12ID: 22417565

Check the ports you are using for each website if you also have CWA installed on that server. I.e. click Properties on the Default Web Site (or the site for OCS) and verify the SSL port is set to 443. I then went and changed my CWA site to use port 8443.

I had changed these around when I installed CWA so I could more easily access that site without having to remember to put the additional port qualification when navigating to it.

Not sure if there's a way to swap these by changing a setting within OCS or the MOC client to tell it that the OCS website is located on a different port so you can keep CWA on the standard 443.

Trying to lab this product by using as few servers/virtual machines as possible is much harder than it should.

 

by: pghzooitPosted on 2008-10-24 at 08:13:45ID: 31436865

We have not found a solution for this yet, however since we have not had the time to invest in fixing it, I am going to close this question to make the EE gods happy, and open a new question later.
Thanks for your help all.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...