As with most of Microsofts new products they are an absolute disaster! If anyone over there could write some code that would work!!
Rather than rant here is the issue with OCS 2007, I have a random set of clients that continuously get prompted to authenticate to download the address book. If you ignore the error you get Cannot Synchronize Address Book. I have followed all the Articles on resetting passwords and verify directory security, https, certificates and the list goes on and on(http://communicationsserverteam.com/archive/2007/12/17/52.aspx
) yes been here done that!
What I have found is certain machines when I type https://servername.domain.lcl
get prompted to authenticate, as if Integrated Windows Authentication is not working. Ironically other machines have no issue with IIS configured to use Integrated Windows Authentication. It is appearing to be a machine issue and not a server issue, go to the server console, no issue. Go to some client machines, again no issue while others can't authenticate to the site at all (type any user you want in the prompted authentication including domain admins denied access). No matter what user you use at some of the client machines you end up with HTTP Error 401.2 - unauthorized access.
I am at a complete loss, turn off Integrated Windows Authentication and working clients stop working and the failing clients start working, turn it on and the other half work. I unfortunately inherited this server and its configuration and feel like I am chasing my tail at this point. Any ideas?
Side note - on a hunch I did check, the machines that have no issues are IE6 machines. It appears all clients with issues are IE7. What a shock another microsoft product that doesn't work with itself. Am I missing something on the security side of IE 7? Additional notes in research - it appears that the IE 7 clients are not passing the user name and password for automatic logon to trusted or local intranet sites. This might be the issue if anyone can help!!