Hey Guys,

I have been reading and reading on the boards here and on various blogs and just cannot get my head around my issue here. For some users, we have an issue where the Lync 2010 client cannot download the address book.

As of now I have a standard FE server and an edge deployment with reverse proxy configured. I am testing clean on the MS online testing app with autodiscover and have no issues connecting with most clients (even mobile) are working well with integration.

For some users, no matter what I do, these users cannot get the address book. Below I will show the output of the Test-CsAddressBookService for both users from the FE server's management shell:

============== A Clean Test =====================================================

PS C:\> Test-CsAddressBookService -TargetFqdn pvw-lyncfe01.cfins.com -UserCredential $cred1 -UserSipAddress "sip:test2k10@cfins.com"
        Connecting to web service : https://pvw-lyncfe01.cfins.com:443/WebTicket/WebTicketService.svc
        Using IWA authentication
        Successfully created connection proxy and website bindings
        Requesting new web ticket
        Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header><Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action></s:Header><s:Body><RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestType><AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>https://pvw-lyncfe01.cfins.com/WebTicket/WebTicketService.svc</Address></EndpointReference></AppliesTo><Entropy><BinarySecret>i+yR9pN4xqVppCo4MiiOy70HnXP2Roc848CtHHMlqwU=</BinarySecret></Entropy><KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType></RequestSecurityToken></s:Body></s:Envelope>
        Web-Ticket response: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header /><s:Body><RequestSecurityTokenResponseCollection xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><RequestSecurityTokenResponse Context="00000000-0000-0000-0000-000000000000"><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType><RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-89946b6c-e1ae-4017-a432-a9d278188437" Issuer="https://PVW-LYNCFE01.cfins.com/webticket/webticketservice.svc"
IssueInstant="2013-10-02T14:22:57.479Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2013-10-02T14:22:57.479Z" NotOnOrAfter="2013-10-02T22:39:51.479Z"><saml:AudienceRestrictionCondition><saml:Audience>https://pvw-lyncfe01.cfins.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2013-10-02T14:22:57.479Z"><saml:Subject><saml:NameIdentifier Format="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:Test2K10@cfins.com</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>PVW-LYNCFE01.cfins.com:8d08d866fcbc800</KeyName></KeyInfo><e:CipherData><e:CipherValue>9q/X4JEGRlkwWf+5R5z1M5VpJ8GRb1jatFLl+nivfv9WO4Pky+tkbA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-89946b6c-e1ae-4017-a432-a9d278188437"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>UfCouvEYsFq+za3S6OcwA4Erm0apiL8JvY0spQj2Pw8=</DigestValue></Reference></SignedInfo><SignatureValue>q/wBelLsruoz51P+9wSwEqp5DNNJqnOVB95/X6DGA+Id1rn8kiriBX79zj23xB2vAkzXNdWUwFNbOEV+TetRL/cgodRbOUG0rRx7fz2LO5+7uYMrT/qXZtij76p5MlPPN2m5+XQYRh7kZ38XpqYah9C5SEWSMZ4qqRbCmgb2Ft
SS4baGcf2V4iLHGvMrBr8nJahNElccwGJZ7GKzWpQoQO0/Z7NLk9wPTWyQuesS53VSMLmTuknaBu5JnoJr9a89Y8VBWuALRDvWl9coak/CHKblFjxCswNu3IwPGBnVL+IYTWe+lul57x2lf9moYOl5W9gWrmSsLvLQWjgEYYvIJw==</SignatureValue><KeyInfo><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">3IbLh+Yo4TD6175AXjHKMexiq9c=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion></RequestedSecurityToken><AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>https://pvw-lyncfe01.cfins.com/</Address></EndpointReference></AppliesTo><RequestedAttachedReference><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">SamlSecurityToken-89946b6c-e1ae-4017-a432-a9d278188437</o:KeyIdentifier></o:SecurityTokenReference></RequestedAttachedReference><RequestedUnattachedReference><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">SamlSecurityToken-89946b6c-e1ae-4017-a432-a9d278188437</o:KeyIdentifier></o:SecurityTokenReference></RequestedUnattachedReference><RequestedProofToken><ComputedKey>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</ComputedKey></RequestedProofToken><Entropy><BinarySecret>wbiz3coRVojmhwRJQONBB+VS5gW2TNiw512f8Petcpg=</BinarySecret></Entropy><Lifetime><Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-10-02T14:22:57.4796612Z</Created><Expires xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-10-02T22:39:51.4796612Z</Expires></Lifetime><KeySize>256</KeySize><SignWith>http://www.w3.org/2001/04/xmldsig-more#hmac-sha256</SignWith></RequestSecurityTokenResponse></RequestSecurityTokenResponseCollection></s:Body></s:Envelope>


TargetUri  : https://pvw-lyncfe01.cfins.com:443/abs/handler
TargetFqdn : pvw-lyncfe01.cfins.com
Result     : Success
Latency    : 00:00:00
Error      :
Diagnosis  :

PS C:\> $cred1 = Get-Credential "cfins\dhartcf"
PS C:\> Test-CsAddressBookService -TargetFqdn pvw-lyncfe01.cfins.com -UserCredential $cred1 -UserSipAddress "sip:dan.hartmann@cfins.com"
        Connecting to web service : https://pvw-lyncfe01.cfins.com:443/WebTicket/WebTicketService.svc
        Using IWA authentication
        Successfully created connection proxy and website bindings
        Requesting new web ticket
        Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header><Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action></s:Header><s:Body><RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestType><AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>https://pvw-lyncfe01.cfins.com/WebTicket/WebTicketService.svc</Address></EndpointReference></AppliesTo><Entropy><BinarySecret>T4deTySgimnLM6gQBJZEyv6uvTmdSV3CbGOTWstou3g=</BinarySecret></Entropy><KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType></RequestSecurityToken></s:Body></s:Envelope>
        ERROR communicating with GetWebTicket() service
System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Ntlm'. ---> System.Net.WebException: The remote server returned an error: (403)
 Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, Chann
elBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Rtc.Internal.WebTicketService.IWebTicketService.IssueToken(Message request)
   at Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()


TargetUri  : https://pvw-lyncfe01.cfins.com:443/abs/handler
TargetFqdn : pvw-lyncfe01.cfins.com
Result     : Failure
Latency    : 00:00:00
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The HTTP request was forbidden with client authentication scheme 'Ntlm'.
             Inner Exception:The remote server returned an error: (403) Forbidden.

Diagnosis  :



PS C:\> $absExternal
PS C:\> Test-CsAddressBookService -TargetFqdn pvw-lyncfe01.cfins.com -UserCredential $cred1 -UserSipAddress "sip:dan.hartmann@cfins.com"
        Connecting to web service : https://pvw-lyncfe01.cfins.com:443/WebTicket/WebTicketService.svc
        Using IWA authentication
        Successfully created connection proxy and website bindings
        Requesting new web ticket
        Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header><Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action></s:Header><s:Body><RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestType><AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference xmlns="http://www.w3.org/2005/08/addressing"><Address>https://pvw-lyncfe01.cfins.com/WebTicket/WebTicketService.svc</Address></EndpointReference></AppliesTo><Entropy><BinarySecret>dXDKVaA17SkWWjGqDqc8lM7c9gDfsqTXLW7W0zOvJNM=</BinarySecret></Entropy><KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType></RequestSecurityToken></s:Body></s:Envelope>
        ERROR communicating with GetWebTicket() service
System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Ntlm'. ---> System.Net.WebException: The remote server returned an error: (403)
 Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, Chann
elBinding channelBinding)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Rtc.Internal.WebTicketService.IWebTicketService.IssueToken(Message request)
   at Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()


TargetUri  : https://pvw-lyncfe01.cfins.com:443/abs/handler
TargetFqdn : pvw-lyncfe01.cfins.com
Result     : Failure
Latency    : 00:00:00
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The HTTP request was forbidden with client authentication scheme 'Ntlm'.
             Inner Exception:The remote server returned an error: (403) Forbidden.

Diagnosis  :

I am hoping that I can get some traction here as I have been working hard to make a case for Lync over Jabber. I am struggling with understanding the issue since the output is virtually the same with the exception of the user not being able to generate a web ticket. So I checked the service principal names for the server and the machine account is currently the account that is facilitating the Kerberos ticket stuff.

 MSSQLSvc/PVW-LYNCFE01.cfins.com:49356
 MSSQLSvc/PVW-LYNCFE01.cfins.com:RTCLOCAL
 MSSQLSvc/PVW-LYNCFE01.cfins.com:RTC
 MSSQLSvc/PVW-LYNCFE01.cfins.com:49287
 http/lyncpool.cfins.com
 sip/lyncpool.cfins.com
 sip/pvw-lyncfe01.cfins.com
 http/pvw-lyncfe01.cfins.com
 WSMAN/lyncpool
 WSMAN/lyncpool.cfins.com
 MSSQLSvc/lyncpool.cfins.com:RTC
 MSSQLSvc/lyncpool.cfins.com:49314
 RestrictedKrbHost/lyncpool
 RestrictedKrbHost/lyncpool.cfins.com
 HOST/lyncpool.cfins.com
 HOST/lyncpool
 TERMSRV/PVW-LYNCFE01.cfins.com
 TERMSRV/PVW-LYNCFE01
 WSMAN/PVW-LYNCFE01.cfins.com
 WSMAN/PVW-LYNCFE01
 RestrictedKrbHost/PVW-LYNCFE01
 HOST/PVW-LYNCFE01
 RestrictedKrbHost/PVW-LYNCFE01.cfins.com
 HOST/PVW-LYNCFE01.cfins.com

Thanks!

Amos

Hello All, 

The Work phone number which I deleted is not reflected in Lync Client. It's been more than 48 hours since I deleted the work phone number in AD.  But still the same number listed in the lync contact card. Client policy has been set to 'File download only' and Lync client Galcontacts.db has the present date so no issues in downloading the address book file.

I did the following but the issue is same. 

>> Forced the address book by shell commands in Lync server to get the new full file generated but no luck after.

>> Added 'GalDownloadInitialDelay' reg key but still issue persists. 

>> Deleted all suggested contacts, frequent contacts from outlook contacts and also deleted the 'ContactStateCacheU' registry key but no luck.

Please let me know if anyone has this issue fixed. 

Much thanks. 

Hello,
Recently i was able to solve AUTODISCOVER issue where free/busy information was not working in office communicator and also DG was not expanding so i published EXTERNAL URLs and it is working fine now.

Now i am facing another issue related to Outlook Integration Error. The error i am getting on communicator is

There was a problem connecting to Microsoft Office Outlook. A separate sign in was required to connect to Outlook, but the sign in dialog was canceled or closed, or your Exchange server may be unavailable. To establish the connection, sign out and then sign back in to Communicator.

When i take CONFIGURATION INFORMATION of Office Communicator, i get following results:

DG URL Internal;https://ocspool01.abc.com/GroupExpansion/Int/service.asmx;--;
DG URL External;https://ocspool01.abc.com/GroupExpansion/Ext/service.asmx;--;
Quality Metrics URI;;--;
URL Internal From Server;https://ocspool01.abc.com/Abs/Int/Handler;--;
URL External From Server;https://ocspool01.abc.com/Abs/Ext/Handler;--;
Voice mail URI;sip:htsiddiqui@abc.com;opaque=app:voicemail;--;
MRAS Server;sip:ocsedge01.abc.com@abc.com;gruu;opaque=srvr:MRAS:2nJYGHLoV0K7UsyNgoYwpwAA;Enabled;
GAL Status;https://ocspool01.abc.com/Abs/Int/Handler;--;
Controlled Phones;TRUE;--;
PC to PC AV Encryption;AV Encryption Supported;--;
Focus Factory;sip:htsiddiqui@abc.com;gruu;opaque=app:conf:focusfactory;--;
Telephony Mode;Telephony Mode UC Enabled;--;
Line;;--;
Line Configured From;Auto Line Configuration;--;
Location Profile;ocs_users_dialplan.abc.com;--;
Local Log Folder;C:\Users\Hasan\tracing;;
MAPI Information;There was a problem connecting to Microsoft Office Outlook. A separate sign in was required to connect to Outlook, but the sign in dialog was canceled or closed, or your Exchange server may be unavailable. To establish the connection, sign out and then sign back in to Communicator.;MAPI Status Error;
Inside User Status;TRUE;;
Auto Update Download Started;--;--;
Auto Update Download Completed;--;--;
Last Auto Update Request;--;--;
Pairing State;Communicator cannot connect to your desk phone because the USB cable is not plugged in. Make sure that you connect the cable.;Enabled;

So the main error is :

MAPI Information;There was a problem connecting to Microsoft Office Outlook. A separate sign in was required to connect to Outlook, but the sign in dialog was canceled or closed, or your Exchange server may be unavailable. To establish the connection, sign out and then sign back in to Communicator.;MAPI Status Error;

Now tell me what to do. I have exchange services published via TMG. But i guess there is no OCS service published via TMG. Please help which service i am require to publish via TMG. 

I am also unable to access URL https://ocspool01.abc.com/Abs/Int/Handler     it ask for password but not accepting password i have tried different users but it is not accepting passwords. and in the end it gives this error

Hi!

I've got all entries in LYNC contacts duplicated.

i.e. when I press Call button I can see

Work 1144

Mobile 4144

Work 1144

Mobile 4144

Any ideas how to fix it?

I recently added OfficePhone numbers to users with extensions. It shows up consistently (as expected) for all other users I checked but one who so happens to be the CEO's executive assistant.

Basically in AD her number is set to (123) 456-7890 x123 which displays something like 1234567890398123

which adds the 398. I don't know where that was taken from.. Any help please.

Kyle

I recently added numbers for the users with extensions into AD. 

I populated information in Outlook pretty successfully but they don't show up in Lync. I believe it is due to normalization rules but I don't think I understand that properly.

My number format is:

(123) 456-7890 x123

We do not use Lync to call so it would only be used as reference and at this point I don't care so much about scalability. I just want it to work.

I could probably easily change the format of the numbers since I used a PowerShell script I wrote to input these values.

I've also tried:

+15132245511;ext=123

I'm pretty sure that's due to normalization rules too. 

Any help would be much appreciated.

Kyle

We're currently in the process of testing for a production Lync Server 2010 deployment and we're run into some problems. I've been digging around on the Internet and the Technet forums but can't find a solution to this problem.

Whenever someone logs in with the Lync Client, they are immediately presented with prompts for user credentials. No credentials work. When you cancel out, you can still chat, but there is an error that says the Address Book can't be downloaded. I've confirmed that the SSL certificate works, I've made sure the Kerberos Account is configured properly, I've reinstalled the Web Components, and I've tried numerous other solutions I've found for this issue. Nothing seems to fix the problem. When I try to run test-csaddressbookservice in the Management Shell, I get the following:

cmdlet Test-CsAddressBookService at command pipeline position 1
Supply values for the following parameters:
UserSipAddress: sip:user@company.com
        Connecting to web service : https://lync-pool1.company.com:443
/WebTicket/WebTicketService.svc
        Using IWA authentication
        Successfully created connection proxy and website bindings
        Requesting new web ticket
        Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.
org/soap/envelope/">
  <s:Header>
    <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/
addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Act
ion>
  </s:Header>
  <s:Body>
    <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/20051
2">
      <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1
#SAMLV1.1</TokenType>
      <RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestTyp
e>
      <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
          <Address>https://lync-pool1.company.com/WebTicket/WebTicketS
ervice.svc</Address>
        </EndpointReference>
      </AppliesTo>
      <Entropy>
        <BinarySecret>I+ZKYvJkkqcD57OPeOX7MG6Tp8S4PhvMUOI6ZPKP/vg=</BinarySecret
>
      </Entropy>
      <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</Ke
yType>
    </RequestSecurityToken>
  </s:Body>
</s:Envelope>
        Web-Ticket response: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soa
p/envelope/">
  <s:Header />
  <s:Body>
    <s:Fault>
      <faultcode xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommun
icationfoundation/dispatcher">a:InternalServiceFault</faultcode>
      <faultstring xml:lang="en-US">The server was unable to process the request
 due to an internal error.  For more information about the error, either turn on
 IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from th
e &lt;serviceDebug&gt; configuration behavior) on the server in order to send th
e exception information back to the client, or turn on tracing as per the Micros
oft .NET Framework 3.0 SDK documentation and inspect the server trace logs.</fau
ltstring>
    </s:Fault>
  </s:Body>
</s:Envelope>


TargetUri  : https://lync-pool1.company.com:443/abs/handler
TargetFqdn : lync-pool1.company.com
Result     : Failure
Latency    : 00:00:00
Error      : Failed to get a web ticket.

Diagnosis  :

I'm not real sure what to make of this. Any thoughts?

We have recently deployed Lync in our terminal server environment.  We are running mandatory profiles with all folders being redirected to the user's home directory.  The problem that we are having is that Lync is creating its structure at C:\.  Is there a way to force link to use the %appdata% variable when launching and creating the neccessary files? 

What we are finding is a user launches Lync and after the interval time (1-60 minutes), the GAL database is downloaded and everything is working fine.  Our users are able to lookup other users in the organazation with no issues.  If the user logs out of the application, the local profile is removed, hence removing all Lync configuarations.  When logging back in again, it has to create a new directory structure and the wait for the GAL DB to be downloaded again.

Any help would be greatly appreciated.

Thank you in advance,

--Scott

Hi,

I am using Lync 2013.I can only see contact details of a person.

But I cannot see the organization tab,notes,what's new and membership tabs in the contact card of a person.

Any idea why this is happening ?

Thanks

Priya

When I try this script

$x = get-credential "localdomain\user"
Test-CsAddressBookService -TargetFqdn lync-01.localdomain.local -external  -usercredential $x -usersipaddress "sip:user@domain.ru"

The script is executedwith an error

Connecting to web service : https://lync.domain.ru:443/WebTicket/WebTicketService.svc
        Using IWA authentication
        Successfully created connection proxy and website bindings
        Requesting new web ticket
        Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
  </s:Header>
  <s:Body>
    <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
      <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>
      <RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestType>
      <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
          <Address>https://lync.softmagazin.ru/WebTicket/WebTicketService.svc</Address>
        </EndpointReference>
      </AppliesTo>
      <Entropy>
        <BinarySecret>v+NJNNL8ghGxHn7cXeyh2Hj3H03ySyUb7z2QT0SClWo=</BinarySecret>
      </Entropy>
      <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType>
    </RequestSecurityToken>
  </s:Body>
</s:Envelope>
        ERROR communicating with GetWebTicket() service
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from server was "NTLM". ---> System.Net.WebException:The remote server returned an error: (401) Unauthorized.
   в System.Net.HttpWebRequest.GetResponse()
   в System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
nelRequest.WaitForReply(TimeSpan timeout)
   --- Конец трассировки внутреннего стека исключений ---

Server stack trace:
   в System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(Ht
tpWebRequest request, HttpWebResponse response, WebException responseException,
HttpChannelFactory factory)
   в System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyRespo
nse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory
, WebException responseException, ChannelBinding channelBinding)
   в System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
nelRequest.WaitForReply(TimeSpan timeout)
   в System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSp
an timeout)
   в System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message
, TimeSpan timeout)
   в System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
way, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan time
out)
   в System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallM
essage methodCall, ProxyOperationRuntime operation)
   в System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   в System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqM
sg, IMessage retMsg)
   в System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDat
a, Int32 type)
   в IWebTicketService.IssueToken(Message request)
   в Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()


TargetUri  : https://lync.domain.ru:443/abs/handler
TargetFqdn : lync-01.localdomain.local
Result     : Failure
Latency    : 00:00:00
Error      : ERROR - No response received for Web-Ticket service.

Little bit of background first:

We have a small pool of users that are being tested for a migration to a new forest. These users have been migrated and have most functionality available to them. As it relates to lync the user can login to lync using there SIP address from our current domain (referred to as OLDDomain.com).

The users are utlizing a NEWDomain.com computer and sign in using there NEWDomain.com account. Lync automatically signs in using OLDDomain.com credentials and connects back to our FE server in OLDDomian.com. The user cannot perform any contact lookup (Address book is set to ABWQ ONLY no ABS is used to download files). I can see in the IIS logs that the user receives a 403 forbidden error from the webticketservice.svc and this is confirmed when they attempt to browse to the site directly. The log entry also shows its trying to authenticate using NEWDomain.com\username instead of the OLDDomain credentials presumably because of kerberos and NTLM authentication.

This setup is only temporary until all the users are deployed to a new LYNC deployment being installed in NEWDomain.

My question is how can I correct or workaround this during the interim? Unfortunately I don't have access to NEWDomain but I can query for answers if it will help track down a solution. I can also only assume the model they are using is very similar to a resource forest model, but I have confirmed that the msRTCSIP-originatorSID value has not been set on the user object in OLDDomain. Any advice would be greatly appreciated.

--Mike-- Network/Systems Administrator

Fogive me for the (probably) inappropriate placement of this question.  I have tried many an avenue to have this clarified and have been unable to gain a authoritive and definitive answer to my question so far.

We are about to replace OCS with Lync (not sure of version) and the question has been asked around the funtionality of an enterprise address book.  The answers I get from the Tech guys and their managers differ. The main question is around whether there is an offline mode.  Obviously things such as pressence will not work offline, however will the contact details i.e. telephone number, title, address etc found in the address book still be available through the lync client while the client is offline?

Exchange 2010 SP2, Outlook 2010, Lync 2010. Applies to all users in our GAL.

When looking at the contact info in Lync, the user's entire management structure is correctly displayed on the Organization tab.

When looking at the contact in Outlook, the Organization level only goes as high as the user's immediate Manager.

In addition, in Lync, some user's phone number is not displayed, because we are using a DID filter. I understand why it is not being displayed, and that is okay.

However in Outlook, the Contact's phone number is displayed.

I thought Outlook and Lync were pulling the information from the same place? Why does the contact info show differently?

Lou H.

I have an interesting situation. We have a mix of users with DIDs and extensions only. So in AD we enter in the telephone field(555) 555-1234 for DID users and 9876 for extension only users. I have normalization rules in the dial plan and in the "Company_Phone_Number_Normalization_Rules.txt" file to normalize the 10 digits or 4 digits in AD to+15555551234;ext=1234 for DID users and +15555551000;ext=9876 for extension users.(555) 555-1000 would be the main number.

This all works perfectly in the Lync Client. Clicking the drop down arrow on call shows the Work number as either+1 (555) 555-1234 X1234 for DID users and+1 (555) 555-1000 X9876 for extension users. When selecting the Work number Lync shows that it is dialing the persons name along with the normalized number described.

Now in outlook when I hover over the name of the person who sent me an email and the cool contact card displays I can then select the dropdown next to the phone icon and I can choose to"Call Work +1 (555) 555-1234 X1234" for DID users and "Call Work+1 (555) 555-1000 X9876" for extension users. All looks good so far. However; when the Lync call comes up it doesn't show that it is dialing the persons name along with the normailized number listed. It ends up attempting to dial +1555555123491234 for a DID user and +1555555100099876 for an extension user.

Not sure why the number gets formatted with the 4 digit extension portion repeated with a 9 between the two. Any thoughts?

Hi guys,

Trying to update Lync Server 2010 with CU10 and I get this error below when running the command:

Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn sql.company.com -UseDefaultSqlPaths

Error:

so...

It seems I need to do a clean install... what kind of data is there in rtcab? Is it everyones buddy list? :/

Is it safe delete it using the sql tools and perform that command with /clean?:

cscript.exe //Nologo "C:\Program Files\Commo
n Files\Microsoft Lync Server 2010\DbSetup\RtcAbDBSetup.wsf" /sqlserver:sql.company.com /serveracct:company\RTCComponentUniversalServices /verbose

Or what do you recommend?

Hi, 

Very odd problem happening at our customers site. Lync 2010 fully patched 

Lync client (2010) is displaying two instances of the mobile field.

First number is in format 07xxxxxxxxx

second number is in format +44(0)99 999999

The second number is the one that is in the AD and being pulled across 

I created a new client policy and changed the address book availbility to WebSearchOnly 

This then only displays the first incorrect number

Changing the clientpolicy to filedownloadonly results in both numbers being displayed again. 

So, I'm guessing that ABWQ is not updating properly for some reason? I can see no issues in the event logs. 

Thanks in advance

Hello Team,

I have setup Lync 2010 standard edition server for IM and Presence.But when lync user login they receive error saying address book could not sync.

In the lync configuration it shows that Exchange EWS services not deployed whereas EWS is configured and working properly.

Thank you

Unable to open Outlook properties from Lync 2010 contacts. It use to work on the Windows 7 OS. I just see the grayed out drop down box.