OWA Address Book "Could not connect to a directory server” errors on EBS

[Today’s post comes to us courtesy of Mark Stanfill]

When trying to browse through the OWA Address Book on a default EBS configuration, the first page of the address book will load, but attempts to browse to subsequent pages will fail with the error:

Could not connect to a directory server. If the problem continues, contact
technical support for your organization.

This error occurs because the default “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule is configured for link translation by default.  This allows the first page to load successfully when the internal OWA URL is translated, but subsequent pages are unable to connect as the cookie session fails to query the correct URL.  Disabling the mapping for the OWA web site publishing rule will remedy this situation, and does not otherwise affect OWA functionality.

Could not connect to a directory server. If the problem continues, contact technical support for your organization.

https://remote.tailspintoys.com/owa/?ae=Dialog&t=AddressBook&a=PickRecipients

Resolution

To allow OWA to show the entire address book on EBS, use the following steps:

  1. Log on to the Management Server and load the Forefront TMG Management console.  Connect to the Security Server if needed.
  2. Navigate to the Firewall Policy node on the left-hand side of the console and highlight the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule.
  3. Right-click the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule and choose Properties.
  4. Select the Link Translation tab.
  5. Select the Configure button.
  6. Highlight the entry with your internal Messaging Server FQDN and external FQDN and select Remove (there is only a single entry present by default).  Click OK and OK again to save the setting.  Important:   Do not modify any other link translations for any other rules.
  7. Select Apply in the main TMG window.
  8. On the left pane, click on Monitoring and click on the Configuration tab. Refresh the screen until you see that the status is Synced.

  Remove the link translation rule for OWA only

 

Related Issue – The page cannot be displayed/HTTP 500 for contact properties

After configuring the rule above, you may receive the following error trying to access the properties of a user or contact:

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

TMG logging will show a corresponding error.  The relevant portion is highlighted below:

Blocked by the HTTP Security filter: URL normalization was not

image

This error occurs because of the format of the URL.  The TMG HTTP Security filter identifies this as suspect traffic and blocks it.  To resolve this error, take off URL normalization off for the OWA publishing rule (again, don’t modify other rules).

  1. Log on to the Management Server and load the Forefront TMG Management console.  Connect to the Security Server if needed.
  2. Navigate to the Firewall Policy node on the left-hand side of the console and highlight the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule.
  3. Right-click the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule and choose Configure HTTP.
  4. In the Configure HTTP policy for rule dialog, de-select Verify normalization.  Click OK to return to the main dialog.
  5. Select Apply in the main TMG window.
  6. On the left pane, click on Monitoring and click on the Configuration tab. Refresh the screen until you see that the status is Synced.

Configure HTTP

Uncheck Verify normalization

After disabling ‘verify normalization’:

image

Special thanks to Austin McCollum for first documenting this behavior and the work-around.

Comments

  • Anonymous
    January 01, 2003
    Rigo, Strictly speaking, you don't need the link translation, since the rule forces http to https anyway.  The only time this is a concern is if you have an application that maps directly maps to the http URL (which should really never happen).  /exchange is only for use in down-level clients; /owa is the correct URL going forward for OWA access.  We've tested this pretty thoroughly and I haven't seen any issues. ---Mark

  • Anonymous
    November 19, 2009
    I have been looking for this answer for a while now! Thanks a lot! I only have one question... so why Link Translation being used in the first place? Don't we need it for something else? I used to access OWA by going to mail.mycompany.com/exchange and now this link doesn't work because it tries to go to the internal url. It works if I use owa instead of exchange... just wondering if this is going to bring up other issues.

  • Anonymous
    January 02, 2010
    I have tested it before make the change and found that it works fine with FireFox and Google Chrome. However, it doesn't  work with only Internet Explorer. Do you why it doesn't  work? I don't understand how it happens. In addition, after the change was made, I can go to the second page of  the Address Book nor more. In addition, I got "Outlook Web Access encountered an unexpected error and was unable to handle your request." error message. So, I can't actually have a full access of the Address Book. Does anyone know why? -Cheongseo-