When troubleshooting external address book download issues, sometimes you simply don’t get enough information. The Lync client itself simply says unable to download address book. Before we look at the problem, let’s look at a common setup of Lync.
An external request to the address book is served from the Lync client to the external web address. That address might be something like lws.domain.com from the outside. This address would be sent to a reverse proxy with a public certificate. That reverse proxy is typically a TMG or ISA server. Because the traffic is https, it is difficult to get additional information about the connection. So this is where Fiddler comes into play. Fiddler is a Web Debugging tool that allows you to get detailed http/s information. So for our test, you need to download and install Fidder2 and then launch the Lync client. When the Lync client attempts to connect to the Reverse Proxy, all we see is this:
This is normal. All we see is a secure HTTP connection. So no additional details. However, Fiddler includes a great feature to decrypt HTTPS traffic. To do this, go to Tools | Fiddler Options and choose the HTTPS tab. Click Decrypt HTTPS traffic and ignore encryption errors:
You will be prompted with an “are you sure” type of message. You need to say Yes to this. Basically, what fiddler does is proxy all traffic so by saying yes you will decrypt all traffic. So now we relaunch Fiddler (must restart for change to take effect) and then relaunch the Lync client. Now we see much more information:
Now we can see the actual HTTPS connect and exactly what it’s trying to connect to. Additionally, we can click on the traffic and see additional details to the error.
In our case, you can see we are getting an Invalid Web Ticket error message. With this informaiton, we know we are attempting to download the correct information and we aren’t getting an authentication error, but rather something else. Authentication erorrs are typically on the IIS side. Address book errors with a web ticket error is typically happening on the reverse proxy. In the end, in this case our problem was with the TMG server, as “Pass orginial host header” was not checked on the listener, causing a problem IIS rewrite process. Checking that fixed our problem and the address book was able to download successfully.
Hopefully someone finds this information helpful.