acasgar
asked on
OCS2007 clients recieve Cannot Synchronize Address Book
As with most of Microsofts new products they are an absolute disaster! If anyone over there could write some code that would work!!
Rather than rant here is the issue with OCS 2007, I have a random set of clients that continuously get prompted to authenticate to download the address book. If you ignore the error you get Cannot Synchronize Address Book . I have followed all the Articles on resetting passwords and verify directory security, https, certificates and the list goes on and on(http://communicationsserverteam.com/archive/2007/12/17/52.aspx ) yes been here done that!
What I have found is certain machines when I type https://servername.domain.lcl get prompted to authenticate, as if Integrated Windows Authentication is not working. Ironically other machines have no issue with IIS configured to use Integrated Windows Authentication. It is appearing to be a machine issue and not a server issue, go to the server console, no issue. Go to some client machines, again no issue while others can't authenticate to the site at all (type any user you want in the prompted authentication including domain admins denied access). No matter what user you use at some of the client machines you end up with HTTP Error 401.2 - unauthorized access.
I am at a complete loss, turn off Integrated Windows Authentication and working clients stop working and the failing clients start working, turn it on and the other half work. I unfortunately inherited this server and its configuration and feel like I am chasing my tail at this point. Any ideas?
Side note - on a hunch I did check, the machines that have no issues are IE6 machines. It appears all clients with issues are IE7. What a shock another microsoft product that doesn't work with itself. Am I missing something on the security side of IE 7? Additional notes in research - it appears that the IE 7 clients are not passing the user name and password for automatic logon to trusted or local intranet sites. This might be the issue if anyone can help!!
Rather than rant here is the issue with OCS 2007, I have a random set of clients that continuously get prompted to authenticate to download the address book. If you ignore the error you get Cannot Synchronize Address Book . I have followed all the Articles on resetting passwords and verify directory security, https, certificates and the list goes on and on(http://communicationsserverteam.com/archive/2007/12/17/52.aspx ) yes been here done that!
What I have found is certain machines when I type https://servername.domain.lcl get prompted to authenticate, as if Integrated Windows Authentication is not working. Ironically other machines have no issue with IIS configured to use Integrated Windows Authentication. It is appearing to be a machine issue and not a server issue, go to the server console, no issue. Go to some client machines, again no issue while others can't authenticate to the site at all (type any user you want in the prompted authentication including domain admins denied access). No matter what user you use at some of the client machines you end up with HTTP Error 401.2 - unauthorized access.
I am at a complete loss, turn off Integrated Windows Authentication and working clients stop working and the failing clients start working, turn it on and the other half work. I unfortunately inherited this server and its configuration and feel like I am chasing my tail at this point. Any ideas?
Side note - on a hunch I did check, the machines that have no issues are IE6 machines. It appears all clients with issues are IE7. What a shock another microsoft product that doesn't work with itself. Am I missing something on the security side of IE 7? Additional notes in research - it appears that the IE 7 clients are not passing the user name and password for automatic logon to trusted or local intranet sites. This might be the issue if anyone can help!!
ASKER
LMAO....sorry its sad but you might be right...I was hoping not to be so drastic with the server. I only laugh because I just deployed a Windows 2008 Server and Exchange 2007 server for our company...you know Linux is looking better by the hour! Man if they could have broken all the things that work the would have...oh they did....anyhow...is it remotely possible that it has something to do with the client and not IIS. The only things that have changed on that server that could have broken it is it was patched, it hadn't been patched since May....we brought it up to date...you know plugged the security holes and oh yeah broke about 10 other things....like Communicator single sign in.
Let me know if you think there is anything on the client side I can check.
Let me know if you think there is anything on the client side I can check.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Deactivate Web Components Server role in the MMC
Remove OCS 2007 Web Components piece from Add/Remove programs
Uninstall IIS
delete c:\inetpub
Reinstall IIS
Steps following are for Standard Edition since you didn't specify which edition is installed.
Run OCS 2007 Setup wizard. Choose Deploy Standard Edition Server. Next page Step 2 Deploy Server should show as partial. Click Run to let the setup reinstalled Web Components.
Reassign Web Components Server Certificate in IIS
Start services