I had a weird issue which occured at the communicator client (R2). The OCS (Office Communication Server) is version 2007 R2.
When I logged in (internal), the client had an exclamation mark. The following 2 errors occured :
Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator.
Communicator could not retrieve calendar or Out of Office information from Exchange Web Services. Communicator will automatically continue to retry. If this problem persists, contact your system administrator.
When I started troubleshooting the issue I also noticed that Group Expansion on the client side was not working. The following error occured.
Distribution group service could not perform this action. Contact the system admin to investigate
As these are all web services I assumed something was wrong with IIS or with the certificates. Firstly I needed to know all the URL’s the client was trying to connect to. This can be done in quite the same way as looking at the Outlook configuration, namely : press CTRL + right click on the communicator icon in the tray. An extra option will appear “Configuration Information…“. By clicking on this, the following information is shown :
DG URL Internal;https://internalocsserver/GroupExpansion/Int/service.asmx;–;
DG URL External;https://externalocsserver/GroupExpansion/ext/service.asmx;–;
Quality Metrics URI;sip:firstname.lastname@example.org;gruu;opaque=srvr: QoS:_Gl3lqg5Q0Wt-1IoANxE6AAA;–;
URL Internal From Server;https://internalocsserver/Abs/Int/Handler;–;
URL External From Server;https://externalocsserver/Abs/Ext/Handler;–;
Voice mail URI;sip:SipAddress@domain.com;opaque=app:voicemail;–;
MRAS Server;sip:internalEdgeServer@domain.com;gruu;opaque=srvr: MRAS:fT9RLCu0FEeOB1m3_ev67QAA;Enabled;
GAL Status;https://internalocsserver/Abs/Int/Handler;Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator.;
PC to PC AV Encryption;AV Encryption Supported;–;
Focus Factory;sip:SipAddress@domain.com;gruu; opaque=app:conf:focusfactory;–;
Telephony Mode;Telephony Dual Mode;–;
Line Configured From;Auto Line Configuration;–;
Local Log Folder;C:Usersusertracing;;
MAPI Information;Communicator is in the process of connecting to the Exchange server. This process may take a few minutes. Some features will not be available until the connection is complete.;MAPI Status Error;
Inside User Status;TRUE;;
Auto Update Download Started;–;–;
Auto Update Download Completed;–;–;
Last Auto Update Request;–;–;
Pairing State;Communicator cannot connect to your desk phone because the USB cable is not plugged in. Make sure that you connect the cable.;Enabled;
The very first thing I did was to do a validation on the OCS Server for all roles:
- Front End Server
- Web Conferencing Server
- A/V Server
- Web Components Server
- Application Sharing Server
- Response Group Service
- Conferencing Attendant
- Conferencing Announcement Service
- Outside Voice Control
All the validations where Ok, except a few warnings because we don’t have the external DNS records in our internal DNS. Next with the information from the client, I tested all the internal URL’s. Funny enough all seemed to work fine. No errors or certificate problems. I tested the communicator client from external and to my surprise no errors where given and everything worked fine, including the group expansion.
As external was working, but not internal I logged on the OCS Server, started IIS Manager and checked the authentication methods for the internal URL’s (/abs/int/handler). Nothing strange as only Windows Authentication was enabled with reponse type “HTTP 401 Challenge” (Windows 2008 Server). I did an IISRESET on the OCS 2007 R2 server, just to make sure there where no other problems with IIS. I did this on the OCS home server where the pool is located. This is where the clients retrieve the Address Book and where the GroupExpansion web service is running. After resetting, the error was still present.
Next I made sure there was no problem with the Address Book and regenerated the entire Address Book on the OCS Server with the following command :
C:Program FilesMicrosoft Office Communications Server 2007 R2ServerCoreABServer.exe -regenUR
This will force a full synchronisation. Check your OCS eventlogs for details. The events are from the source “OCS User Replicator” beginning with event id 30027 and ending with event id 30028.
As I thought the issue was still present. Just to be sure I rebooted the entire OCS Server. Unfortunately the problem still existed after the reboot (what a surprise).
Now I began to get a little frustrated… OCS says everything is ok, but why does the client still says it’s not??!! I started expanding the search to other services. Beginning with the Certificate Service. All our internal certificates are handed out by an internal CA (Certificate Authority). When I logged on to the CA server, I noticed the Certificate Service was not running! What the #&$#!! I started the service and tested the clients. Still an error… next I did an IISRESET again on the OCS Server and the Client Access Server (Exchange 2007).
Finally…the error was gone! Lesson for the future, be sure you’re monitoring the Certificate Services…