Client Cache
The Lync client periodically downloads the address book via the internal or external web services. Try deleting the client cache.
Try deleting .lsabs, .dabs, GalContacs.db and GalContacts.db.idx cache files from:
%userprofile%\AppData\Local\Microsoft\Communicator\sip_<username@domain> (exit Lync first).
Server Cache
- Delete the address book files from the server located here – LyncShare1-WebServices-1ABFiles
- Once deleted run Update-CsUserDatabase from Lync Management Shell (Synchronizes data between AD and Lync backend DB)
- Wait at least 15 minutes
- Run Update-CsAddressBook from Lync Management Shell (Writes changes in backend DB to the address book files)
This will regenerate all you address book files.
Address Book URL’s
Make sure that you can browse to the following URL’s. You should receive an authentication challenge.
https://<internal or external web services URL>/abs/handler
https://<internal or external web services URL>/abs/handler/GroupExpansion/Service.svc
Active Directory Sync Normalisation
If numbers are already in E164 format then normalisation rules should not come in to play. If normalisation is coming in to play it is done with Company_Phone_Number_Normalization_Rules.txt. Rules in this file will allow AD numbers to be normailised when added to the Lync address book. Check for any normalisation errors in the Invalid_AD_Phone_Numbers.txt text file – LyncShare1-WebServices-1ABFiles0000000-0000-0000-0000-0000000000000000000-0000-0000-0000-000000000000Invalid_AD_Phone_Numbers.txt
Useful Articles:
- http://blogs.technet.com/b/nexthop/archive/2012/06/21/lyncmd-troubleshooting-the-lync-2010-address-book.aspx
- http://blog.insidelync.com/2012/02/lync-address-book-client-synchronization-errors-and-common-problems/
- http://y0av.wordpress.com/2012/02/23/normalize_ad_numbers/
- http://blog.schertz.name/2010/09/updating-the-lync-2010-address-book/
Andrew,
My problem is the Update-CsUserDatabase command (Lync 2010) fails to connect to the domain. I have tested using Telnet to the domain name using the LDAP port to prove the port is getting through the firewall, and that works. However, every time we run the Update-CsUserDatabase command, it fails to even find the domain.
Do you have any suggestions on what I can look for in the database or firewall that might be causing this? I have googled the problem, but almost everyone glosses over the Update command and concentrates on the Address Book update instead.
Thank you for your time
Mike
Hey Mike, the first thing that comes to mind are permissions. Have you tried running PowerShell as “Administrator”? Are you a member of RTCUniversalServerAdmins and CsAdministrator? Can you post the error that you see when you run the command?
Andrew,
Thank you for the response and for taking the time to help.
Yes, I’m a member of the CsAdministrator group (not sure about the RTCUniversalServerAdmins group, though), and the Lync Management Shell program is always run as an administrator, just in case. The error message I’m seeing simply states it can’t contact the domain “mydomain.com”. I’ll try and get the specific error message and reply with it. As I already mentioned, if I telnet to mydomain.com using the LDAP port, it connects. I did notice that when I do a NSLOOKUP on the mydomain.com, I see some IPv6 returns (new 2012 servers installed)
This is why I’m trying to confirm that Update-CsUserDatabase is attempting to connect via LDAP port and not some other port. There is a very restrictive port-blocking appliance (similar to a firewall, but they hate it when I call it that) in use, and we had to tell it what ports/protocols and direction (in/out/both).
MIke
Off the top of my head I am not sure of the exact process Lync server uses to talk to AD but I would have to imagine its the standard LDAP port – I can dig deeper on that when I have a chance. One thing to note though: The CsAdministrator security group gives you permission when NOT logged on directly to the server. When logged on to the Lync server you will need to be a member of the RTCUniversalServerAdmins group.
that’s what we thought as well, even verified that LDAP was not using secure LDAP for read-only access. The exact error message is:
update-csuserdatabase: Domain “mydomain.com” cannot be contacted or does not exist at line:1 char:1
+ update-csuserdatabase
+ ~~~~~~~~~~~~~~~~~~~~~
+ categoryInfo : NotSpecified: (:)[Update-CsUserDatabase], ApplicationException
+ FullyQualifiedErrorId : System.ApplicationException,Microsoft.RTC.Management.UserServicesStore.Cmdlet.UpdateUserServicesStoreCmdlet
I will double-check on the RTCUniversalServerAdmins group membership.
The fun part of this is almost NO one has any info on what Update-CsUserDatabase does, other than “uses the user replicator to find new users in LDAP and enter them into the database for use by the Address Book service”
I appreciate you taking the time to try and help me. Thank you very much.
Mike
verified the group membership, I’m good. I don’t think there is a RTC group that they didn’t make me a member of…
Great good to know. Nothing else is springing to mind at the moment. Let me raise this with some other SfB MVP’s and see what I can find out.
Do you have a locked down AD setup? If so there is a command you should look in to to allow Lync to successfully query the AD Containers you require – Grant-CsOUPermissions: https://technet.microsoft.com/en-us/library/gg425739(v=ocs.15).aspx
Andrew,
I’ll check, but off the top of my head I would say it’s not locked down. The topology has 2 sites, and this works well from 1 but not the other (previously mentioned the non-firewall firewall piece). We had no issues with the initial domain prep. However, I’ll verify that with the DA team tomorrow and let you know. This is why we got focused on the update-csuserdatabase and what ports/protocols it used as it works from the main site, just not from the 2nd site.
Additional background: main site is Lync 2010 Enterprise, 2nd site is Lync 2010 Standard. Everything worked for a while (probably around a month), then the 2nd site started having address book update issues. new users were only showing up on the main site address book, not the 2nd site. Initial troubleshooting had us run the manual update to the database and address book on the 2nd site, and when that failed… we ended up focused on the fact the update to the database failed. Various searches found most blogs glossed over the database part and concentrated on the address book service, but our problem appeared to be with the database update… so I started posting questions on various blogs about the update-csuserdatabase process to see what I could discover. Found some PS command switches to force the database update to use specific DC (or list of DCs), unfortunately it doesn’t work on Lync 2010 (only Lync 2013)
Again, I have to express my appreciation and thanks for your assistance. Even if we discover nothing new, the fact you were willing to help says everything to me.
Pleasure to help. I emailed a few folks but didn’t get anything back of use to you. I was hoping I might be able to get a better technical explanation as to how the address book queries work. If anything comes up I will let you know.
well, it is what it is. We noticed there are other issues on that particular server now (standard edition), which is sitting behind a couple firewalls… i may have to take a trip and spend a day at the site to resolve some of the other issues, and maybe (just maybe) fixing them will fix the address book issue. As of this morning, no one except a local account can logon (no logon server available to service your request) so … more problems have crept into that area. Personally, I blame the firewalls 😛
I’m trying to convince them to upgrade, but I think that’s a losing cause at the moment (end of year, no money, etc). If all else fails, I will move the users back to the main site and rebuild it. just wanted to avoid doing that, especially with the firewalls. that process to get ports/protocols opened (and KEPT open) is painful.
well, we removed the server from the domain and it refused to rejoin (domain not available). We ran a series of tests on all the ports we originally told them needed to be open, and found 139UDP and 389UDP were closed. As soon as they opened them both up, the system rejoined the domain. We ran update-csuserdatabase and it completed without error, immediately followed by the update-csAddressBook. It appears everything is working now, until they decide again to change the default security rules 🙂
Sorry for the long delay in getting back to you. This was put on a back-burner to get some other troubleshooting done first and we just returned to it the week of Thanksgiving (while I was on vacation, one of my co-workers got antsy and bugged the heck out of them to do the testing)
No worries, I’m glad you got it sorted! Thanks very much for updating me 🙂