OWA Address Book "Could not connect to a directory server” errors on EBS

[Today’s post comes to us courtesy of Mark Stanfill]

When trying to browse through the OWA Address Book on a default EBS configuration, the first page of the address book will load, but attempts to browse to subsequent pages will fail with the error:

Could not connect to a directory server. If the problem continues, contact
technical support for your organization.

This error occurs because the default “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule is configured for link translation by default.  This allows the first page to load successfully when the internal OWA URL is translated, but subsequent pages are unable to connect as the cookie session fails to query the correct URL.  Disabling the mapping for the OWA web site publishing rule will remedy this situation, and does not otherwise affect OWA functionality.

Could not connect to a directory server. If the problem continues, contact technical support for your organization.

https://remote.tailspintoys.com/owa/?ae=Dialog&t=AddressBook&a=PickRecipients

Resolution

To allow OWA to show the entire address book on EBS, use the following steps:

  1. Log on to the Management Server and load the Forefront TMG Management console.  Connect to the Security Server if needed.
  2. Navigate to the Firewall Policy node on the left-hand side of the console and highlight the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule.
  3. Right-click the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule and choose Properties.
  4. Select the Link Translation tab.
  5. Select the Configure button.
  6. Highlight the entry with your internal Messaging Server FQDN and external FQDN and select Remove (there is only a single entry present by default).  Click OK and OK again to save the setting.  Important:   Do not modify any other link translations for any other rules.
  7. Select Apply in the main TMG window.
  8. On the left pane, click on Monitoring and click on the Configuration tab. Refresh the screen until you see that the status is Synced.

  Remove the link translation rule for OWA only

 

Related Issue – The page cannot be displayed/HTTP 500 for contact properties

After configuring the rule above, you may receive the following error trying to access the properties of a user or contact:

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

TMG logging will show a corresponding error.  The relevant portion is highlighted below:

Blocked by the HTTP Security filter: URL normalization was not

image

This error occurs because of the format of the URL.  The TMG HTTP Security filter identifies this as suspect traffic and blocks it.  To resolve this error, take off URL normalization off for the OWA publishing rule (again, don’t modify other rules).

  1. Log on to the Management Server and load the Forefront TMG Management console.  Connect to the Security Server if needed.
  2. Navigate to the Firewall Policy node on the left-hand side of the console and highlight the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule.
  3. Right-click the “Microsoft Exchange Server Publishing: Outlook Web Access” web site publishing rule and choose Configure HTTP.
  4. In the Configure HTTP policy for rule dialog, de-select Verify normalization.  Click OK to return to the main dialog.
  5. Select Apply in the main TMG window.
  6. On the left pane, click on Monitoring and click on the Configuration tab. Refresh the screen until you see that the status is Synced.

Configure HTTP

Uncheck Verify normalization

After disabling ‘verify normalization’:

image

Special thanks to Austin McCollum for first documenting this behavior and the work-around.