Microsoft Support Number OR Call Toll-Free @ 1-844-478-2887

Friday, February 3, 2012

Solving a Microsoft Communicator Address Book Syncing Issue

I have a problem with systems that are using Microsoft Communicator 2007, where they are unable to synchronize the address book. This of course makes searching for contacts nearly impossible and is quite annoying. I Googled around and found all sorts of people with similar issues, but it appears the same symptom can be caused by many things. I’m going to describe what I did to fix my particular situation.

A really important detail in my situation, is that this was only affecting users that were on computers that were not part of our Active Directory domain, such as a personal PC at home. They would install Microsoft Communicator and connect up to the VPN, sign in and they would get connected, however there would be a little red exclamation point in the top right of the Communicator GUI that looks like this:

Communicator Error 1
When you select the twisty, you’ll see an error message that says “Cannot Synchronize Address Book”

When you select the menu item Cannot Synchronize Address Book you would get the following error dialog box:

Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator.

The issue of course is you can not search for people from the global address book and are forced to add them manually.

For my particular situation, the problem was actually with the SSL certificate. Specifically the problem is the client computer can not get to the CRL (Certificate Revocation List) URL. For whatever reason, I’m still not sure why yet, the default URL for the CRL used HTTP instead of HTTPS. The IIS virtual web on our Microsoft Certificate Authority server listens on port 80 just fine, but then anything your request from it just returns:

The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).

Please try the following:

Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 – Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Secure Sockets Layer (SSL), andAbout Custom Error Messages.
Work around

Ok, I have a solution I will post a bit further down, but for those who don’t have control of the CA IIS configuration, here is a workaround. Now before you complain, what I am suggesting affects things globally on your computer. By default Windows is configured to stop when it can not reach the CRL, so what we need to do is tell it not to. You do this by doing the following from Internet Explorer:

1-Go to Internet Options
2-Select the Advanced Tab
3-Scroll down to the Security section, and then uncheck: “Check for server certificate revocation”.
4-Close IE
5-Exit out of Microsoft Communicator
6-Start Microsoft Communicatior

At this point if your problem is the same one I had, then the red exclamation should go away and you should have downloaded the address book and be able to search contacts by name.

My Solution

What I decided to do was to have the IIS server on the Microsoft Certificate Authority server issue a redirect for all HTTP requests, ie) http://yourcahostname -> https://yourcahostname

In order to do this I located the Default Web Site on the IIS server on our CA, and then changed the non SSL port from 80 to 8888.

Then I created a dummy virtual web site called https redirect and had it listen to port 80. Under the home directory tab I changed the content to “A redirection to a URL” and put in https://yourcahostname  and then checked the “A permanent redirection for this resource”.

Now when your SSL certificate tells the computer to go the HTTP CRL URL it will get a 302 redirect the the HTTPS CRL URL and things should just work.

No comments: