I have a problem with Address book on ly with external users. In more details:
Internal users or connected from CWA, can work with address book fine. When a domain user tries to connect from the internet as external user, I cannot download address book. I deleted the galcontacts files but it doesn't synchronize to get it back. I Ctrl+Right click to the lync icon and selected "Configuration information" and it shows the attached picture's contents.
The TMG rule accepts the 443 requests from the internet and sends it to 4443 in front end.
I tried the reg add command to force the update but that didn't do the job either. What if a Lync remote user tries to sign in, through a non domain computer, what should be the behavior regarding ABS?
No errors on Lync client or FE. All the other tests are successful IM, A/V, sharing etc.
What also troubles me is that marfingroup.gr that is mentioned, is just another sip domain that ocs 2007 r2 used to exist. We still haven't decomissioned the old servers but we have stopped the services though.
Thanks in advance,
Can you access http://webcomp.marfinbank.gr/groupexpansion/service.svc from external? This will show you a webpage if your reverse proxy is working successfully. If not, go back and double check your reverse proxy configuration as this will cause the "Cannot synchronise address book" error.
Could you try to browse https://webcomp.marfinbank.gr:443/abs/handler & <one of Address book files> from external with Lync user credential? A file-download dialog should appear in normal. If an error message appears, it should help you to shoot the problem.
You can confirm address book files under "\\<Share Folder>\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000" in your Lync Server infrastructure. A URL example in my lab environment is the following.
- Edited by Yutaka, N Monday, February 13, 2012 3:21 PM
Yep that sounds like the correct behaviour, looks like your RP is setup ok.
Can you confirm that this is affecting all externally connected users?
Yutaka: I tried to open the file you mention and it worked. It asked me the program that I want to open the file with. I guess that this shows that everything is working just fine.
Justin: From what I have seen, it affects all external users and as a result, address book cannot be updated if the files exist and the files cannot be downloaded if they have been erased.
Any other ideas of what could be wrong? I have run out of mine...
Here’re some tips for you.
- Make sure you’ve created an external DNS A record for the web services URL.
- Please confirm such URL is in external web services certificate list.
- Go to Internet Options – Advanced, unselect the "Check for publisher's certificate revocation" and "Check for server certificate revocation".
- It may also due to incorrect configuration of Authentication Delegation in TMG publishing rule. You should configure Authentication Delegation as "No delegation, but client may authenticate directly".
Above, hope helps.
TechNet Community Support
Hi all and sorry for the delay,
This is the command:
Test-CsAddressBookService -targetfqdn lyncathpool.gr.marfin.grp -UserSipAddress "sip:firstname.lastname@example.org" –External
(the command was run from the Front End server)
PS C:\Users\lyncinst> Test-CsAddressBookService -targetfqdn lyncathpool.gr.marfin.grp -UserSipAddress "sip:email@example.com" -External
Connecting to web service : https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc
Using Machine certificate authentication
Successfully created connection proxy and website bindings
Requesting new web ticket
Sending Web-Ticket Request: <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
ERROR communicating with GetWebTicket() service
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc/MachineCert
that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.N
et.WebException: The remote server returned an error: (502) Bad Gateway.
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object ins, Object outs, TimeSpa
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at :
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Rtc.Internal.WebTicketService.IWebTicketService.IssueToken(Message request)
TargetUri : https://webcomp.marfinbank.gr/abs/handler
TargetFqdn : lyncathpool.gr.marfin.grp
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:There was no endpoint listening at https://webcomp.marfinbank.gr/WebTicket/WebTicketService.svc/MachineCert that could accept
the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Inner Exception:The remote server returned an error: (502) Bad Gateway.
So, Liza, There are no IIS errors in event logs.
Noya, I am 100% sure that 2nd and 4th are correct. I'll check the 3rd you mention and I'll ask for the first one, since I have given all the DNS prerequisites that needs to be created but I am not sure weather if they have created it.
I'll let you know as soon as I find out.
- Edited by ArgiDio Friday, February 24, 2012 7:42 AM
i am also facing the same problem i am unable to access my meet URL, Address book or any other Virtual directory from internet. i am unable to browse my External Virtual Directories on front End Server. i am using my local CA certificate. thanks in advance. please suggest.
i find a Tech Net article,here it is saying "Select the HTTPS entry, click Edit, and then verify that Lync Server WebServicesExternalCertificate is bound to this protocol" can you please explain which certificate is this.Thanks
Well Handa, the Engineer from Microsoft's case pointed me the same url. From what I understand there are these two sites,
- The WebServicesInternal certificate is used to secure communication for internal clients to the web services. This certificate contains the internal web services that FQDN defined in the topology for the pool. This certificate is bound to the internal web services’ website in IIS.
- The WebServicesExternal certificate is used to secure communication for external clients to the web services. This certificate contains the external web services FQDN defined in the topology for the pool. This certificate is bound to the external web services’ website in IIS.
I will try this and let you know if this is the solution.
Thanks in advance,
- Edited by ArgiDio Tuesday, March 13, 2012 2:58 PM