"Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book"

Look familiar?

A couple of things to check, first on the lync server in Powershell

Update-CsUserDatabase
update-csuseraddressbook

After 5 minutes the update has completed, check the event viewer for event id 21005.

The Lync client will not immediately update the address book, but you can force the update.

First, execute the following command from the Windows Command Prompt run as an administrator (or manually add the GalDownloadInitialDelay registry key). Setting this value to 0 will force Lync to immediately download the address book instead of randomly selecting a time to check the server.

reg add HKLM\Software\Policies\Microsoft\Communicator /v GalDownloadInitialDelay /t REG_DWORD /d 0 /f

Second, exit the Lync client and manually delete the GalContacts.db and GalContacts.db.idx files from the user’s profile directory. If the .db file still exists during startup of the client then Lync may still wait for that random interval between 0 and 60 minutes before checking for changes on the server’s address book files. By deleting the file the Lync client must download an entire new copy, forcing it to pick up any changes.

On Windows XP workstations:
%userprofile%\Local Settings\Application Data\Microsoft\Communicator\sip_<username@domain>\
On Windows Vista or Windows 7 workstations:
%userprofile%\AppData\Local\Microsoft\Communicator\sip_<username@domain>\

Restart the Lync client and search for any of the recently changed information, for example the Telephone Number added to this AD user account now appears for the Lync contact.

Another few things to check:

Use the “Automatically detect settings” instead of specifying settings for a proxy server in IE

For IE7 under Advanced / Security, uncheck the option “Check for server certificate revocation” and restart the browser (manually or via Group Policy)

Ascertain that the URL listed on the certificate points to the Certificate Revocation List (CRL) Distribution Point that is reachable on the inside and/or outside network

If OCS is deployed with digital certificates issued from an internal CA, add the .crl URL to the Trusted sites or Local Intranet zone on the Security tab in IE then exit and restart MOC e.g. http://*.cinline.se This enables the intranet URL for Address Book (AB) download to be recognized as safe and valid.

Deploy certificates from trusted public Certificate Authority (CA) permits both domain and guest (non-domain) accounts to connect to internal OCS pools

Possibly another solution even though it is for OCS 2007:

GAL Status;https://ocspool.work.domain.com/Abs/Int/Handler;Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator.; So i try to open the url in IE to see that it is not related to a certificate and it is not because i can not even log in, and after 3 tries I’m off to the 401. So my next attempt is on the front end OCS 2007 R2 server and i try from there as a domain admin, does not work. Well ill just try with https://localhost/abs/int … and guess what that works, so it has to do with Kerberos or something.. Do the following: C:\Windows\System32\inetsrv>setspn -A HTTP/ocspool.work.domain.com RTCCOMPONENTSERVICE Registering ServicePrincipalNames for CN=RTCComponentService,CN=Users,DC=work,DC=domain,DC=com HTTP/ocspool.work.domain.com Updated object
C:\Windows\System32\inetsrv>iisreset

A last thing to check:

The Lync 2010 client or the Office Communicator client does not download the corporate address book and displays a notification: "Cannot Synchronize Address Book"

Article ID: 939530 - View products that this article applies to.

SYMPTOMS

Consider the following scenarios:

You use the Microsoft Lync 2010 client to log on to the Microsoft Lync Server 2010.
You use the Microsoft Office Communicator client to log on to the Communications server.

In these scenarios, the corporate address book does not download, and no results are displayed when you search contacts by name.

Also, you receive the following notification in the Lync 2010 client or in the Communicator client:

Cannot Synchronize Address Book

When you click the notification to display the details, you receive the following error message:

Communicator 2007

Cannot synchronize with the corporate address book because the file could not be found. Please contact your system administrator with this information.

Lync 2010 or Communicator 2007 R2

Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem continues please contact your...

If you run the Validation Wizard on the Communications Server 2007 R2 or Communications Server 2007 front-end server, you receive the following error message in the log:

Failure [0xC3FC200D] One or more errors were detected

In the Validation Wizard log, expand Diagnose WebComponents, expand Check Connectivity, and then expand Checking Address Book Serverconfiguration. The URL of the location to download the address book is displayed in the Check Http URL field together with the following error message:

Internal Error: ConnectFailure

Note: Lync Server 2010 does not have a validation wizard.

CAUSE

This issue occurs if the website that hosts the address book does not have a valid Secure Sockets Layer (SSL) certificate installed.

RESOLUTION

To resolve this issue on a computer that is running Windows Server 2003, make sure that the website that is hosting the address book has a valid SSL certificate installed. To do this, follow these steps:

On the computer that is running Internet Information Services (IIS), click Start, click Run, type inetmgr.msc, and then click OK.
Expand ComputerName (local computer), expand Web Sites, right-click the website that hosts the address book, and then click Properties.
Click the Directory Security tab.
In the Secure communications section, determine whether View Certificate is enabled.

Note If View Certificate is enabled, click View Certificate. Then, you can determine whether the certificate is valid.
- If the certificate is invalid, follow these steps:
  1. Click Server Certificate in the WebSiteName Properties dialog box.
  2. Click Next, and then click Renew the current certificate. Or, click Replace the current certificate.
  3. Follow the steps to finish the IIS Certificate Wizard.
    
    Note The IIS Certificate Wizard will help you renew your certificate or replace your certificate with a valid certificate.
    
    For more information about how to request a certificate and install the certificate in IIS, click the following article number to view the article in the Microsoft Knowledge Base:
    299875
    
    (http://support.microsoft.com/kb/299875/ )
    How to implement SSL in IIS
- If View Certificate is disabled, no certificate is installed on this computer. You have to install a certificate to this website. To do this, follow these steps:
  1. Click Server Certificate in the WebSiteName Properties dialog box.
  2. Click Next, and then click Create a new certificate.
  3. Follow the steps to finish the IIS Certificate Wizard.
    
    Note The IIS Certificate Wizard will help you install a certificate to this website.
    
    For more information about how to request a certificate and to install the certificate in IIS, click the following article number to view the article in the Microsoft Knowledge Base:
    299875
    
    (http://support.microsoft.com/kb/299875/ )
    How to implement SSL in IIS

To resolve this issue on a computer that is running Windows Server 2008, make sure that the website that is hosting the address book has a valid SSL certificate installed. To do this, follow these steps:

1. On the computer that is running Internet Information Services (IIS 7.0), click Start, click Run, type inetmgr.msc, and then click OK.
Expand ComputerName (local computer), expand Web Sites, click the website that hosts the address book, and then click Bindings in the Actions pane.
Select the HTTPS site binding that includes the port that the Address book Service is listening on, and then click Edit.
Click View to open the certificate dialog box, and then view the expiration date of the certificate on the General tab.

Note The IIS Server Certificate feature helps you renew your certificate or replace your certificate with a valid certificate.
- If the certificate is invalid, follow these steps:
  1. In the Connections pane, select the name of the IIS 7.0 server that hosts the Address Book service, select the Features view, and then click Server Certificates.
  2. In the Actions pane, select Open Feature.
  3. In the Features view, select the certificate that you viewed in step 4, and then use the Actions pane to renew the certificate.
- If the needed certificate is not installed on this computer, use the certificate wizards in the Actions pane to do one of the following: Import, Create a Certificate Request, Complete a Certificate Request, or Create a Domain Certificate.
- For more information about how to renew, create, and complete certificate requests on IIS 7.0, visit the following Microsoft website: http://technet.microsoft.com/en-us/library/cc732230(WS.10).aspx

Source 1
Source 2
Source 3
Source 4

There's a script for that

Pages

19 September 2013

Lync and the address book sync errors

The Lync 2010 client or the Office Communicator client does not download the corporate address book and displays a notification: "Cannot Synchronize Address Book"

RESOLUTION

No comments:

Post a Comment

About Me