13 Februari 2012 12:47
I have a problem with Address book on ly with external users. In more details:
Internal users or connected from CWA, can work with address book fine. When a domain user tries to connect from the internet as external user, I cannot download address book. I deleted the galcontacts files but it doesn't synchronize to get it back. I Ctrl+Right click to the lync icon and selected "Configuration information" and it shows the attached picture's contents.
The TMG rule accepts the 443 requests from the internet and sends it to 4443 in front end.
I tried the reg add command to force the update but that didn't do the job either. What if a Lync remote user tries to sign in, through a non domain computer, what should be the behavior regarding ABS?
No errors on Lync client or FE. All the other tests are successful IM, A/V, sharing etc.
What also troubles me is that marfingroup.gr that is mentioned, is just another sip domain that ocs 2007 r2 used to exist. We still haven't decomissioned the old servers but we have stopped the services though.
Thanks in advance,
13 Februari 2012 14:16Can you access http://webcomp.marfinbank.gr/groupexpansion/service.svc from external? This will show you a webpage if your reverse proxy is working successfully. If not, go back and double check your reverse proxy configuration as this will cause the "Cannot synchronise address book" error.
13 Februari 2012 14:33
It opens a page that has a url to test with svcutli.exe and some code in C# and Visual Basic.
Is this the correct behavior?
13 Februari 2012 15:21
Could you try to browse https://webcomp.marfinbank.gr:443/abs/handler & <one of Address book files> from external with Lync user credential? A file-download dialog should appear in normal. If an error message appears, it should help you to shoot the problem.
You can confirm address book files under "\\<Share Folder>\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000" in your Lync Server infrastructure. A URL example in my lab environment is the following.
- Diedit oleh Yutaka, N 13 Februari 2012 15:21
13 Februari 2012 22:56
Yep that sounds like the correct behaviour, looks like your RP is setup ok.
Can you confirm that this is affecting all externally connected users?
13 Februari 2012 23:35
Yutaka: I tried to open the file you mention and it worked. It asked me the program that I want to open the file with. I guess that this shows that everything is working just fine.
Justin: From what I have seen, it affects all external users and as a result, address book cannot be updated if the files exist and the files cannot be downloaded if they have been erased.
Any other ideas of what could be wrong? I have run out of mine...
15 Februari 2012 2:54ModeratorHi, would you run the cmdlet
Test-CsAddressBookService with-external switch and see what error it indicates?
16 Februari 2012 17:05
Did you publish the all tree of IIS? For address book sync they need to use reverse proxy.
20 Februari 2012 9:08Moderator
Here’re some tips for you.
- Make sure you’ve created an external DNS A record for the web services URL.
- Please confirm such URL is in external web services certificate list.
- Go to Internet Options – Advanced, unselect the "Check for publisher's certificate revocation" and "Check for server certificate revocation".
- It may also due to incorrect configuration of Authentication Delegation in TMG publishing rule. You should configure Authentication Delegation as "No delegation, but client may authenticate directly".
Above, hope helps.
TechNet Community Support
21 Februari 2012 9:32
Hi all and sorry for the delay,
This is the command:
Test-CsAddressBookService -targetfqdn lyncathpool.gr.marfin.grp -UserSipAddress "sip:firstname.lastname@example.org" –External
(the command was run from the Front End server)
PS C:\Users\lyncinst> Test-CsAddressBookService -targetfqdn lyncathpool.gr.marfin.grp -UserSipAddress "sip:email@example.com" -External
Connecting to web service : https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc
Using Machine certificate authentication
Successfully created connection proxy and website bindings
Requesting new web ticket
Sending Web-Ticket Request: <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
ERROR communicating with GetWebTicket() service
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc/MachineCert
that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.N
et.WebException: The remote server returned an error: (502) Bad Gateway.
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object ins, Object outs, TimeSpa
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at :
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Rtc.Internal.WebTicketService.IWebTicketService.IssueToken(Message request)
TargetUri : https://webcomp.marfinbank.gr/abs/handler
TargetFqdn : lyncathpool.gr.marfin.grp
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:There was no endpoint listening at https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc/MachineCert that could accept
the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Inner Exception:The remote server returned an error: (502) Bad Gateway.
21 Februari 2012 9:35
At this point, I also have to tell you that due to a mistake, three public certificates were created for meet, dialin and webcomp, so three TMG publishing rules were created.
Could that cause any problems?
24 Februari 2012 1:46ModeratorHi,
Would you please check the event logs and Frontend iis logs to see if there are errors?
24 Februari 2012 7:42
So, Liza, There are no IIS errors in event logs.
Noya, I am 100% sure that 2nd and 4th are correct. I'll check the 3rd you mention and I'll ask for the first one, since I have given all the DNS prerequisites that needs to be created but I am not sure weather if they have created it.
I'll let you know as soon as I find out.
- Diedit oleh ArgiDio 24 Februari 2012 7:42
02 Maret 2012 12:41
The third you mention was ok and although the DNS records were not created, even though now they are, nothing has changed... A Microsoft case has been submitted.
02 Maret 2012 17:17
i am also facing the same problem i am unable to access my meet URL, Address book or any other Virtual directory from internet. i am unable to browse my External Virtual Directories on front End Server. i am using my local CA certificate. thanks in advance. please suggest.
03 Maret 2012 1:06Hi,
i find a Tech Net article,here it is saying "Select the HTTPS entry, click Edit, and then verify that Lync Server WebServicesExternalCertificate is bound to this protocol" can you please explain which certificate is this.Thanks
13 Maret 2012 14:52
Well Handa, the Engineer from Microsoft's case pointed me the same url. From what I understand there are these two sites,
- The WebServicesInternal certificate is used to secure communication for internal clients to the web services. This certificate contains the internal web services that FQDN defined in the topology for the pool. This certificate is bound to the internal web services’ website in IIS.
- The WebServicesExternal certificate is used to secure communication for external clients to the web services. This certificate contains the external web services FQDN defined in the topology for the pool. This certificate is bound to the external web services’ website in IIS.
I will try this and let you know if this is the solution.
Thanks in advance,
- Diedit oleh ArgiDio 13 Maret 2012 14:58
14 Maret 2012 10:24I don't know whether this is the correct solution, since noone else answered, but I tried this to our own Lync server and it did work.
I will try it now to a customer and see if this will correct their problem, since they had the same case.