In the previous 2 posts we’ve discussed several fixes you can try if your Lync contacts don’t display photos properly. We started on the client side, and moved over to the server.
Read them here if you missed:

Updating Lync Contacts: Using Active Directory to Store and Push Contact Photos (Part 1 of 3)
Updating Lync Contacts: Sync Error Fixes (Part 2 of 3)

Just about any of the fixes I’ve recommended so far should work. Using them in a support case, we’ve restored the client’s internal contact photo display.

But external users still aren’t seeing the new photos.

Meaning there’s a communication error somewhere between the Front End server, the perimeter network and the external users. Let’s try to sniff it out in Part 3.

Sync Fix #5: Use Snooper to Find Errors

First, run Snooper on your Lync Front End Server. We’ll need real-time data on server/client communication for the next set of fixes. Snooper will show us what we need from the logs.

Then, take the following actions:

  1. Have an external user sign out and sign back in, so Snooper can track the address book sync attempt (or lack thereof, which should display an error).
  2. Restart the Address Book Web Service on the Lync Server.  While Snooper’s running. Again, you should see errors in Snooper.

Either of these may in fact tell you what’s wrong. In our client’s case, Snooper gave us a couple indications.

One thing we elected to try was reset IIS to connect to the Address Book files folder. This is given as a potential cause for the “Cannot Synchronize Address Book” error at Microsoft Support.
For Windows Server 2008 networks, use this method:

  1. Click Start, and then click Run.
  2. Type inetmgr. Click OK.
  3. Expand ServerName, then expand Sites, then expand Default Web sites. Finally, expand Abs.
  4. Expand Ext and click on Files.
  5. In the Actions pane click on Basic Settings.
    • If your Address Book Files folder is on the same computer that runs Lync Server, browse to it using the Physical path setting.
    • If your Address Book Files folder is on a different computer than Lync Server, you should see the UNC path to the Address Book share.
      • Click the Connect As button. Choose Application user (pass-through authentication).
  6. Click OK twice and close the IIS 7.0 Management console.
  7. Repeat Steps 4 through 6 for Int in the Abs node.

Sync Fix #6: Reset an Invalid SSL Certificate

Still didn’t work? Hmmm. Where else would a communication error be?

Then it hit us – maybe there’s a problem with the reverse proxy server. Remember, a reverse proxy provides external users access to Lync’s web components like LIS, Lync Web App, mobility URLs…and the Address Book Service.

The server itself looked fine. But when we checked its certificates…bingo.

Turns out the reverse proxy’s SSL cert wasn’t properly set up. Here’s how you check this in your own network:

  • On the server running IIS, click Start, and then click Run.
  • Type inetmgr.msc, and then click OK.
  • Expand ComputerName (local computer). Next, expand Web Sites.
  • Click the website that hosts the address book. In the Actions pane, click Bindings.
  • Select the HTTPS site binding that includes the port the Address book Service is listening on. Click Edit.
  • Click View to open the certificate dialog box. Locate the expiration date of the certificate on the General tab.
  • If the certificate is invalid (expired, close to expiration, etc.), follow these steps:
    • In the Connections pane, select the name of the IIS 7.0 server hosting the Address Book service.
    • Select the Features view, and then click Server Certificates.
    • In the Actions pane, select Open Feature.
    • In the Features view, select the certificate you viewed in step 4, and then use the Actions pane to renew the certificate.
  • If the needed certificate is not installed, use the certificate wizards in the Actions pane to do one of the following:
    • Import.
    • Create a Certificate Request.
    • Complete a Certificate Request.
    • Create a Domain Certificate.

Courtesy of Microsoft Support

This fix resolved our client’s external user issue. Contact photos direct from AD began to appear in external Lync clients right after the cert was fixed.

Sync Fix #7: Change the Domain Controller

We didn’t actually try this, but I saw someone mention that it’ll fix some sync errors. So I’ll include it, to be thorough.

If you have more than one domain controller, then try manually changing the logon server with this PowerShell command:

set logonserver=\anotherdomaincontroller

(Use this on the Windows Server your Lync Server is set up on, of course.)

One Little Sync Error, Many Potential Causes

Our last few posts cover 7 possible fixes for one simple error: contact photos not displaying properly in Lync 2010. Pretty strong illustration of how interconnected Lync Server is, isn’t it?

Administrators know that the most obvious solution isn’t always the correct one. This is a great example of that principle. (Again, if you do experience a sync error like this and one of the fixes works, you DON’T need to implement any more!)

Have you tried any of these fixes? Which one(s) worked for you?

Updating Lync Contacts: Server-Side Checks to Repair Contact Photo Display (Part 3 of 3)
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.