Mino – The UC Guy

Microsoft Unified Communications Blog

Address Book Download Issue (Vista Only)

Posted by Mino on July 6, 2009

This is a case I have faced right after the MVP award thing; it proves one thing to me.  You will always learn till the last minute of your life whether you are a Ranger or MVP or even one of the product team themselves. 

Ok here is the case; I have a Pilot on Isolated Environment where I have deployed 3 machines (AD+ CA+ Exchange, OCS Front End, OCS Mediation) And the users are on another production environment and they are planning to test the OC locally from their computers joined to the Production domain not the pilot one.

I have everything configured fine, hosts file edited correctly, Certificate Chain imported and Communicator is able to login correctly with no Problem. All of a Sudden all Vista machines are not able to download address book or to retrieve outlook free /busy information. However XP machines are working smoothly with no Problem

OK….then we think logic , what is common between Address Book and Exchange Free/ Busy?  Both are Web Services retrieved through HTTPS, so it has to be IE problem.

After some Googleing I found the solution on the UC No Evil blog as he describes details of troubleshooting steps he did and in the end it appeared to be the IE setting of Check for sever certificate revocation along with Disabling Windows Vista User Access Control

Below Are the Detailed Steps as described on the Blog:

  1. Make sure this symptom is the same on all of your Vista clients.
  2. Flush DNS by using ipconfig /flushdns on the client.
  3. Verify within IE that ‘Check for server certificate revocation* is disabled.  To do this go to IE > Advanced > Security section > Check for sever certificate revocation*.   Deselect the check box.
  4. Now  close Internet Explorer, close Communicator (Completely — sign-out and close application)
  5. Start Communicator| Sign in
  6. If you’re not presented with an error or the warning stating an issue accessing the Address Book, go to the %userprofile%\Local Settings\Application data\Microsoft\Communicator and verify that a GalContacts.db file exists.  If it does exist, GREAT! You’re done.   If not then continue with the rest of the procedure.
  7. Within IE add the Address Book URL that users will download the AB files.  IE > Internet Options > Security > Trusted Sites > Add the URL to trusted sites (ex.  https://ocsfrontend.company.com)
  8. Repeat steps 4-6
  9. If you still cannot download the address book try, move to step 10.
  10. Verify that User Access Control is off and then repeat steps 4-6.

Also some good technical details for the issue are available here on Microsoft Forums

Advertisements

8 Responses to “Address Book Download Issue (Vista Only)”

  1. Tom Pacyk said

    This sounds more like a workaround than an actual fix because disabling server cert revocation and UAC are both security holes.
    I would imagine the real problem was in your server revocation setting. Check the CRL locations on your certs – is there a URL that is actually reachable by clients?

  2. Mino said

    If it was a problem with the CA revoke then it wouldn’t happen with the Exchange Free/Bussy since it is using a self signed certificate and i have added it to the trusted store too .
    Plus the XP are working fine although they are not part of the domain ….what do you think ?

  3. Does this issue also occur when the latest hotfixes for Communicator 2007 are installed?

  4. Mino said

    yes but again keep in mind , this is a Pilot on a separate Domain and the user is trying from another domain.

  5. richard said

    Mino: just a sidenote, galcontacts.db is not appearing immediatelly after successfull signin. There is a random value between 0 and 30 minutes for communicator to actually trying to download the addressbook file. You can force immediate connection via this reg key:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator]
    “GalDownloadInitialDelay”=dword:00000000

  6. Mino said

    i guess this issue is more related to Pilot implementation where the OCS is placed on separate domain from the users live domain.
    but in normal scenarios i dont face such issues.

  7. kayceec said

    Hi is it possible to have a DHCP server set-up to issue addresses to clients from a different domain to test ocs in a differnt domain?

  8. Paranoia said

    I’ve looked everywhere but apparently Disabling the Revocation fixed my issues. Kudos.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: