OK I know this is an old subject for an old tech but I was recently on a clients site who had this issue and it gave me a few days of head scratching to get this resolved.
My client was running Exchange 2010 on premise with OCS 2007R2 with end users running Outlook ’10 and the MOCS ’07 client on a mixture of XP and 7.
Symptoms included the old red exclamation mark which when clicked gave the “Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator” and Outlook Find a Contact feature being empty or not displaying contacts.
I checked the usual suspects, non existent proxy server, browsing the URL of the OCS from the client IE. Spent a lot of time reading TechNet articles and other peoples blogs but to no avail.
What was interesting is that some clients were experiencing the issue and others weren’t. It made no difference what the OS was, it was just frustratingly random and difficult to replicate consistently, some clients worked others just plainly refused to play ball.
The final piece of the puzzle was when someone happened to mention that they had had a new PKI environment built and that’s when the alarm bells jumped up and slapped me across the face.
Now in my defence I had no prior knowledge of the customer’s infrastructure and I had originally checked the certificates on the OCS server to make sure they hadn’t expired, they did seem to be valid. The client didn’t mention that they were in the process of removing the current CA and implementing PKI otherwise we may have go to the resolution a little quicker.
The issue was caused by CRL (certificate revocation list). Easily identified by checking the OCS server certificate and making sure the CRL path is still valid.
The other way to quickly determine if it is CRL and indeed for a quick fix if you can’t request a new certificate is to edit the registry (disclaimer – Back up your registry first, I cannot be responsible for any corruption that may occur by incorrectly editing your registry)
Edit or create the following key in your registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
CertificateRevocation
Value = 0
This key just forces the client to ignore the CRL of the certificate, it will NOT force it to ignore expired certificates and I suggest once you have resolved the certificate issue on the server that this reg hack is removed or returned to its former state.
I hope this saves someone some time!
WorldOfCrop 