locked
Lync 2013 Address book not downloading for external clients RRS feed

  • Question

  • Hi,

    I have a strange issue in Lync 2013 Environment,

    Setup details are as follows:

    1 Lync 2013 FE Server, 1 Lync 2013 Edge server. No Reverse proxy but the requests from ports are getting forwarded from 80 to 8080 and 443 to 4443 to the Front End Server.

    Edge Server and Front End's External Website is assigned with a public Certificate from GoDaddy and FE's Internal website is assigned a Certificate from internal CA.

    I earlier had mobility issues but it got resolved after installing July 2013 Cumulative updates.

    Now the issue is that for External clients, Address book is getting updated. No galcontacts.db file is getting created for external clients. But for internal clients everything is working fine.

    When i do Test-CSAddressbook service, for internal it is showing status as success. But when i add -External switch it is getting failed with the following error message.

    No response received for Web-Ticket service.  Inner Exception:The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.Inner Exception:The remote server returned an error: (401)Unauthorized.

    Also in the Front End server, i get this following warning:

    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 9/10/2013 6:55:12 PM
    Event time (UTC): 9/10/2013 1:25:12 PM
    Event ID: 4890fc055ae846a1bb7718cb169ec1a6
    Event sequence: 178454
    Event occurrence: 19
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/34578/ROOT/WebTicket-1-130232789441411338
        Trust level: Full
        Application Virtual Path: /WebTicket
        Application Path: E:\Program Files\Microsoft Lync Server 2013\Web Components\Web ticket\Ext\
        Machine name: Front End server name
     
    Process information:
        Process ID: 7836
        Process name: w3wp.exe
        Account name: NT AUTHORITY\NETWORK SERVICE
     
    Exception information:
        Exception type: HttpException
        Exception message: A potentially dangerous Request.Path value was detected from the client (:).
       at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
       at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

     
     
    Request information:
        Request URL: https://Webexternal.domain.com:4443/WebTicket/WebTicketService.svc,https:/webext.domain.com/WebTicket/WebTicketService.svc/mex
        Request path: /WebTicket/WebTicketService.svc,https:/webext.domain.com/WebTicket/WebTicketService.svc/mex
        User host address: Public IP
        User:  
        Is authenticated: False
        Authentication Type:  
        Thread account name: NT AUTHORITY\NETWORK SERVICE
     
    Thread information:
        Thread ID: 67
        Thread account name: NT AUTHORITY\NETWORK SERVICE
        Is impersonating: False
        Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
       at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
     

    Kindly help me in resolving this issue.

    Wednesday, September 11, 2013 5:58 AM

Answers

All replies

  • what happened if you try to reach the webservices for the addressbook from external?

    Have you assigned the right certificate to the external webserviuces on the FE?


    regards Holger Technical Specialist UC


    Wednesday, September 11, 2013 9:59 PM
  • Hi

    It is highly recommended deploying reverse proxy for Lync external web features.

    I suggest you refer to the following tips to troubleshoot the issue.

    1. Please check if other web service features work properly for external client, such as Lync web app, expanding distribution groups and downloading meeting content for your meetings. You can refer to the features in this link:

    http://technet.microsoft.com/en-us/library/gg398069.aspx

    2. Please change the value of AddressBookAvailability to test the issue.

    For details about Address book process and download types:

    http://blogs.technet.com/b/nexthop/archive/2012/06/21/lyncmd-troubleshooting-the-lync-2010-address-book.aspx

    3. Here is a blog how deploy Lync external web services without reverse proxy:

    http://ucken.blogspot.in/2011/01/lync-external-web-services-without.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Kent Huang
    TechNet Community Support

    Thursday, September 12, 2013 1:41 AM
  • Hi Holger,

    That is the exact problem. I am not able to get the addressbook for externally connected clients.

    Yes. I have assigned the Public Certificate issued by GoDaddy in the Lync FE Server for the External Web site.

    Thursday, September 12, 2013 12:38 PM
  • Hi Kent,

    I am able to access all other web features such as downloading meeting content, expanding distribution group etc. But only Address Book is the issue for external users.

    I have configured Firewall to forward the request which comes to port 80,443 to 8080,4443 respectively.

    And this firewall rule is working fine.

    Any other suggestions pls..

    Thursday, September 12, 2013 12:41 PM
  • hi

    on the lync client configuration information are getting the ABS server external url?

    what is the result you get accessing the external address book url from outside?


    sreejith.ps CCNA, MCITP Exchange Administrator

    Thursday, September 26, 2013 10:12 AM
  • Hi sreejith,

    Yes. I am getting the correct ABS Server External url in the client config.

    When i access the external abs url, it is prompting for password. After entering the correct credentials for 3 times, i will get the following error.

    401 - Unauthorized: Access is denied due to invalid credentials.

    You do not have permission to view this directory or page using the credentials that you supplied.

    Friday, September 27, 2013 5:51 AM
  • that's good. Can you send across the etl log & uccapilog from the client tracing folder, Also a client side network trace will be helpful.


    sreejith.ps CCNA, MCITP Exchange Administrator

    Friday, September 27, 2013 8:20 AM
  • Hm, If it is only a Problem from exetrnal, you should look into your IIS log to see if the requests are received from the external Client.You may also activate the log on the client to analyze the log with the snooper.exe from the diagnostic Tools.

    You can also use fiddler on the client to trace the web traffic.

    http://msdn.microsoft.com/en-us/library/bb250446(v=VS.85).aspx

    Here is a short explanation for the addressbook

    http://blog.insidelync.com/2012/02/lync-address-book-client-synchronization-errors-and-common-problems/


    regards Holger Technical Specialist UC

    • Marked as answer by Kent-Huang Friday, October 4, 2013 11:59 AM
    Saturday, September 28, 2013 10:34 AM