October 29 2010

Explanation of OCS and Lync terms

I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


There are some obscure and misleading terms used when describing an OCS or Lync environment. For those new to OCS or Lync, some of the more common terms are explained below:

IM Conferencing

Lync supports text-based instant messaging conferencing (also known as “Multi-party IM conferencing”) which allows users to initiate text messaging with more than one peer.

Audio / Video Calls

One core feature of Lync is to provider peer-to-peer (P2P) Audio and Video Calls. In this mode, session is established through the SIP protocol and Media Path negotiated between clients and does not route through any Lync server.

Audio / Video Conferencing

Audio / Video Conferencing differs from Audio / Video calls since the Media Path is established between clients and the Audio/Video MCU (Multi-Conferencing Unit) located the Lync front-end server. In A/V Conferencing mode, there is one active speaker (upstream) and at least two listeners (downstream).

Web Conferencing

An often misleading term, Web Conferencing does not provide conferencing features through a Web browser. Web Conferencing extends previous conferencing modalities and adds additional features such as Audio/Video/IM Conferencing, Collaboration tools (Poll page, Whiteboard, Q&A, Text, Web pages), Application and Desktop Sharing, Conversion of PowerPoint presentations to streamed content, Meeting Control, Scheduling, Recording and Playback.

The Web Conferencing feature can integrate with Outlook through a specific add-in to allow scheduled meetings to be held online.


Federation allows a company to communicate with another through various gateways and for designated services.

Desktop Sharing

Desktop Sharing allows users to share their desktop (and optionally share control) with the RDP protocol embedded in the Media Stream, with one or multiple peers.

Group Chat

Group Chat enables users to engage in persistent, ongoing IM conversations. Group Chat differs from group IM in that the latter is not persistent. After a group IM session has ended, its state is lost. With Group Chat, the conversation persists, along with all files, Web links, and other associated data. This persistence makes it possible to maintain complete records of each session. It enables the instant exchange of information across an organization and with external partners in a way that makes it possible to maintain a continuing flow of information among project members.

Edge Servers

Edge Servers allow connection of internal Lync infrastructure to the external world.

Communicator Web Access (CWA)

Communicator Web Access Servers provide Web Sites to allow users to logon to Lync services from a Web browser, which may be extended to support connecting from any endpoint on the Internet.

SIP Address

A SIP (Session Initiation Protocol) address consists of a user name and a domain name, similar to an email address. This is completely separate to an email address, but many organisations opt to keep the format of the SIP addresses in the same format as user’s primary email address in an attempt to keep the user logon process as simple as possible.

Public Instant Messaging Connectivity (PIC)

Enables organizations to interoperate with four proprietary instant messagne services – AOL Instant Messenger, .NET Messenger Service (Windows Live Messenger), Yahoo! Messenger, and Google Talk.

Lync Server 2010

Refers to the server component of Lync.

Lync 2010

Refers to the client (workstation) component of Lync.


I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


November 4 2009

Office Communicator error – Cannot synchronize address book

We’d rolled out Office Communicator 2007 R2 across the environment, however a handful of machines were getting the ‘Cannot synchronize address book’ error and when expanded the entire error message was ‘Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book.’

So after doing some extensive Googling, I did some troubleshooting and found that the situtation was:

– There was no issue with the proxy server. I could manually enter the name of one of the address book files (eg https://ocs.domain.com/Abs/Ext/F-0918.lsabs) and download it manually through the browser.

– There is no GalContacts.db file in the ‘C:Documents and Settings%UserName%Local SettingsApplication DataMicrosoftCommunicator’ folder meaning that there was no locally cached copy of the address book.

– In the registry under ‘HKCUSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONINTERNET SETTINGS’ if I set the CertificateRevocation DWORD and to 0, I can successfully sign in and retrieve the address book (below)

Registry setting
Registry setting

This pointed to an issue with the certificate we were using and specifically the Certificate Revocation List (CRL). From here we need to check the certificate we were using for OCS, look at the details tab and check the CRL Distribution Point (shown below)

Check Certificate
Check Certificate

I then checked this distribution point (a HTTP location in our case) and found out that it was invalid. Right, so next it was off to reconfigure our internal Certificate Authority server with the correct CRL locations.

On the Certificate Authority, we open up the MMC snap-in, right click the server name and select properties. On the extension tab, select ‘CRL Distibution Point’. You then want to configure some valid location underneath here and tick the box to ensure these are being included in the issued certificates. For example in my case, I ensured that there were 3 additional entries (not including the C:Windows one):

LDAP:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
[TICK] Publish CRLs to this location
[UNTICK] Include in all CRLs…….Active Directory…..
[UNTICK] Include in CRLs….Delta CRL Locations…..
[TICK] Include in the CDP extension of issued certificates
[TICK] Publish Delta CRLs to this location

[TICK] Publish CRLs to this location
[GREYED OUT] Include in all CRLs…….Active Directory…..
[UNTICK] Include in CRLs….Delta CRL Locations…..
[TICK] Include in the CDP extension of issued certificates
[UNTICK] Publish Delta CRLs to this location

[GREYED OUT] Publish CRLs to this location
[GREYED OUT] Include in all CRLs…….Active Directory…..
[UNTICK] Include in CRLs….Delta CRL Locations…..
[TICK] Include in the CDP extension of issued certificates
[GREYED OUT] Publish Delta CRLs to this location

Selecting OK will then restart the Certificate Services service. Then you need to recreate your OCS certificates via the OCS MMC certificate wizard. Once these have been applied to the OCS server (OCS services do NOT need to be restarted), you clients just need to sign out and back in and all of your address book issues are fixed!

If you look at your new certificate, the newly added CRL Distribution Points should be listed. You can also use the ‘Certutil.exe –v –verify –urlfetch c:exported_certificate.cer’ with above certificate and check that CRL locations can be reached successfully. The ‘pkiview.msc’ tools from the Windows 2003 Resource Kit was also very useful in checking that the CRL locations could be reached.