9 Steps to end OAB nightmares

Published on
83,773 Points
38 Endorsements
Last Modified:
Community Pick
I spent quite a bit of time testing this procedure in an Exchange 2007 SP3 on Windows 2008 lab (not SBS). So it should work for Exchange 2010 too. Take care when SBS or multiple CAS servers are involved. I have tried to include additional information for those 2 scenarios.

This procedure will help reset your OAB Virtual Directory back to it's default settings and permissions. It should also cause the Web Distribution of the OAB to start working, so then Outlook 2007/2010 clients can download it properly. If your public folders are available and you are doing PF distribution of the OAB then this procedure should cause the PF version of the OAB to be generated too.

Please try and be on the latest Service Packs for Windows and Exchange as this will solve lots of issues for you and is better for supportability.

If you find this article useful then please vote for it.

OAB Folder & Virtual Directory reset:


On the CAS server/s stop the Microsoft Exchange File Distribution Service. You can do this from the command prompt with 'net stop MSExchangeFDS'


Untick 'Enable Web-based Distribution' of OAB: From EMC-->Org-->Mailbox-->Offline Address Book-->double click on your Offline Address Book (normally called 'Default Offline Address Book')-->'Distribution' Tab-->Untick 'Enable Web-based Distribution' then press Apply. You can also do it from EMS with the command 'Get-OfflineAddressBook | Set-OfflineAddressBook -VirtualDirectories:$Null'. This should of resulted in the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB\<GUID> folder being removed from your CAS server/s


Open EMS and do "Get-OABVirtualDirectory | Remove-OABVirtualDirectory -confirm:$false". This will remove the OAB Virtual Directory from all of your CAS server/s. So use the -WebSiteName parameter if you have more than 1 CAS server and you only want to perform this reset on 1 server.


Delete/Rename the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s


Delete/rename the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB folder on the OAB Generating server (usually a mailbox server).


Open EMS and do "New-OABVirtualDirectory -Server <CASServerName>". This will create the OAB Virtual Directory on the CAS server and will create the  <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server too. Repeat this step for each of your CAS servers. If you only have one CAS server then you do not need the Server parameter. This will also set the InternalURL value of the OABVirtualDirectory to "http://<CASfqdn>/OAB" which is fine if you don't want to use SSL internally to download the OAB (this is the default Exchange setting). WARNING: SBS seems to default to HTTPs on the OAB VD because of the Bindings on the SBS Web Applications web site, so I suggest you use HTTPs, or if you really want to use HTTP then look at the Bindings and which HostNames will allow you to connect to the SBS Web Applications web site on port 80. on SBS use 'New-OABVirtualDirectory -WebSiteName "SBS  Web Applications"' To ensure the OAB VD is created under the correct web site.  


Open EMS and do 'Get-OfflineAddressBook | Set-OfflineAddressBook -VirtualDirectories "<CASServerName>\oab (default web site)"'. On a SBS server the (default web site) is normally (SBS Web Applications), so open IIS and confirm what the web site name is that contains your Exchange Virtual Directories and then use that value instead of (default web site) if you need to. You can do this step in EMC as you may find it easier, especially if you are running multiple CAS servers.


Open EMS and do "Get-OfflineAddressBook | Update-OfflineAddressBook". This will recreate and populate the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB folder on the OAB Generating server (usually a mailbox server) and it will also share the folder out as ExchangeOAB.


On the CAS server/s start the Microsoft Exchange File Distribution Service. You can do this from the command prompt with "net start MSExchangeFDS". This will copy the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB\<GUID> folder on the OAB Generating server to the  <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s.
Recycle the MSExchangeAutodiscoverAppPool Application Pool in IIS, so autodiscover picks up the new OAB URLs. Then restart Outlook so it reads the new Autodiscover information about the OAB URLs and test Downloading the Offline Address Book from an internal Outlook 2007/2010 client and it should now work.

Additional Info:
If Outlook is hanging/stalling at OAB download then pay particular attention to step 6. If you have 'Require SSL' on your OAB VD then take it off and set the InternalURL value of the OABVirtualDirectory to http:// not https://. You can do this with this EMS command 'Get-OABVirtualDirectory | Set-OABVirtualDirectory -InternalURL:"http://<CAS Internal FQDN/OAB"' Once this has resolved the issue and you still want to use https then set both settings back.
By default OAB VD does not require SSL and Client Certificates = Ignore (Apart from in SBS where the default is to require SSL). If you require SSL then set the internalURL and externalURL values of the OABVirtualDirectory to contain "https://<valid resolvable name on cert>/OAB". The name on the cert should resolve to the internal IP address of your CAS server for internal users and it should resolve to the public IP of your CAS server for external users. Setup Split DNS if this is not the case because a lot of routers/firewalls will not allow internal traffic to come back in the external interface.
By default the Authentication mechanism on the OAB folder is Windows authentication and nothing else (apart from SBS08 which appears to use Basic and Windows). In IIS Manager under the OAB virtual directory Right click on Windows Authentication--> Advanced Settings and ensure that 'enable kernel-mode authentication' is NOT ticked.
There is no OAB folder in the install or Service Pack source and therefore no web.config file, so there should be no web.config file in the OAB folder, so remove or rename it if you are experiencing OAB download issues.
If you are using Outlook Anywhere, then don't forget to set an ExternalURL value on the OAB that matches your SSL certificate. e.g. 'Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalURL  "https://<valid resolvable name on cert>/OAB"'
Disabling Web Distribution of the OAB, deletes the <GUID> subfolder from under the ClientAccess\OAB folder. Enabling it creates the <GUID> folder and sets the permissions on it for "Authenticated Users" = Read. It also assigns many other groups like "Exchange Servers" direct permissions on the <GUID> subfolder.
If you perform a Remove-OABVirtualDirectory then the offlineAddressBook will have no VirtualDirectories value and this must be re-assigned once the VD is recreated.
Test-OutlookWebServices does not appear to test the http://<CASfqdn>/OAB/<GUID>/oab.xml file, it just appears to contact the EWS service. Test-OutlookWebServices will even pass if there is no OAB VD on your CAS. So use Outlook's "Autoconfiguration Test" to see and contact the full OAB URL.
Failing 'Public Folder Distribution' methods of the OAB will not stop web distribution from happening i.e. if the PF store the OAB generating server is using is dismounted, the PF OAB will not get updated, but Web Distribution of the OAB will still happen.
Event Logging: by default Exchange doesn't log much about the OAB generation, so if you are still experiencing issues with the OAB generating then open EMS and do 'Set-EventLogLevel "<Server>\msExchangeSA\OAL Generator" -Level Medium' then run 'Get-OfflineAddressBook |Update-OfflineAddressBook' then watch the Application Event log on the OAB Generating server for OAL Generator events. You should get event ID 9106 (OAB Generation starting) and event ID 9107 (OAB Generation finished)

OAB recreation:
If you want to recreate your OAB then you can perform the following in EMS:


'Remove-OfflineAddressBook "Default Offline Address Book"'


"New-OfflineAddressBook -Name "Default Offline Address Book" -Server <server> -AddressLists "\Default Global Address List" -PublicFolderDistributionEnabled $true -VirtualDirectories "<CAS>\OAB (Default Web Site)" (once again, substitute 'default web site' with 'SBS Web Applications' if you are running SBS)


"Get-OfflineAddressBook |Update-OfflineAddressBook"


Wait 15 minutes (or until you see the 9107 event if you have event logging turned up to Medium)


Restart the Microsoft Exchange File Distribution service on your CAS servers


Wait 5 minutes or until you see the files appear in the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s


Test downloading the OAB in Outlook.

By now you should be rid of your OAB download errors. If not, drop a post on this article and I will try and help you.

If you have any questions or queries or additional info then feel free to post it below.


Enjoy this complimentary article view.

Get unlimited access to our entire library of technical procedures, guides, and tutorials written by certified industry professionals.

Get 7 days free
Click here to view the full article

Using this article for work? Experts Exchange can benefit your whole team.

Learn More
Experts Exchange is a tech solutions provider where users receive personalized tech help from vetted certified professionals. These industry professionals also write and publish relevant articles on our site.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Learn from the best.