<

9 Steps to end OAB nightmares

Published on
80,363 Points
59,063 Views
38 Endorsements
Last Modified:
Awarded
Community Pick
I spent quite a bit of time testing this procedure in an Exchange 2007 SP3 on Windows 2008 lab (not SBS). So it should work for Exchange 2010 too. Take care when SBS or multiple CAS servers are involved. I have tried to include additional information for those 2 scenarios.

This procedure will help reset your OAB Virtual Directory back to it's default settings and permissions. It should also cause the Web Distribution of the OAB to start working, so then Outlook 2007/2010 clients can download it properly. If your public folders are available and you are doing PF distribution of the OAB then this procedure should cause the PF version of the OAB to be generated too.

Please try and be on the latest Service Packs for Windows and Exchange as this will solve lots of issues for you and is better for supportability.

If you find this article useful then please vote for it.

OAB Folder & Virtual Directory reset:

1

On the CAS server/s stop the Microsoft Exchange File Distribution Service. You can do this from the command prompt with 'net stop MSExchangeFDS'

2

Untick 'Enable Web-based Distribution' of OAB: From EMC-->Org-->Mailbox-->Offline Address Book-->double click on your Offline Address Book (normally called 'Default Offline Address Book')-->'Distribution' Tab-->Untick 'Enable Web-based Distribution' then press Apply. You can also do it from EMS with the command 'Get-OfflineAddressBook | Set-OfflineAddressBook -VirtualDirectories:$Null'. This should of resulted in the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB\<GUID> folder being removed from your CAS server/s

3

Open EMS and do "Get-OABVirtualDirectory | Remove-OABVirtualDirectory -confirm:$false". This will remove the OAB Virtual Directory from all of your CAS server/s. So use the -WebSiteName parameter if you have more than 1 CAS server and you only want to perform this reset on 1 server.

4

Delete/Rename the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s

5

Delete/rename the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB folder on the OAB Generating server (usually a mailbox server).

6

Open EMS and do "New-OABVirtualDirectory -Server <CASServerName>". This will create the OAB Virtual Directory on the CAS server and will create the  <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server too. Repeat this step for each of your CAS servers. If you only have one CAS server then you do not need the Server parameter. This will also set the InternalURL value of the OABVirtualDirectory to "http://<CASfqdn>/OAB" which is fine if you don't want to use SSL internally to download the OAB (this is the default Exchange setting). WARNING: SBS seems to default to HTTPs on the OAB VD because of the Bindings on the SBS Web Applications web site, so I suggest you use HTTPs, or if you really want to use HTTP then look at the Bindings and which HostNames will allow you to connect to the SBS Web Applications web site on port 80. on SBS use 'New-OABVirtualDirectory -WebSiteName "SBS  Web Applications"' To ensure the OAB VD is created under the correct web site.  

7

Open EMS and do 'Get-OfflineAddressBook | Set-OfflineAddressBook -VirtualDirectories "<CASServerName>\oab (default web site)"'. On a SBS server the (default web site) is normally (SBS Web Applications), so open IIS and confirm what the web site name is that contains your Exchange Virtual Directories and then use that value instead of (default web site) if you need to. You can do this step in EMC as you may find it easier, especially if you are running multiple CAS servers.

8

Open EMS and do "Get-OfflineAddressBook | Update-OfflineAddressBook". This will recreate and populate the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB folder on the OAB Generating server (usually a mailbox server) and it will also share the folder out as ExchangeOAB.

9

On the CAS server/s start the Microsoft Exchange File Distribution Service. You can do this from the command prompt with "net start MSExchangeFDS". This will copy the <Drive>:\Program Files\Microsoft\Exchange Server\ExchangeOAB\<GUID> folder on the OAB Generating server to the  <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s.
Recycle the MSExchangeAutodiscoverAppPool Application Pool in IIS, so autodiscover picks up the new OAB URLs. Then restart Outlook so it reads the new Autodiscover information about the OAB URLs and test Downloading the Offline Address Book from an internal Outlook 2007/2010 client and it should now work.


Additional Info:
If Outlook is hanging/stalling at OAB download then pay particular attention to step 6. If you have 'Require SSL' on your OAB VD then take it off and set the InternalURL value of the OABVirtualDirectory to http:// not https://. You can do this with this EMS command 'Get-OABVirtualDirectory | Set-OABVirtualDirectory -InternalURL:"http://<CAS Internal FQDN/OAB"' Once this has resolved the issue and you still want to use https then set both settings back.
By default OAB VD does not require SSL and Client Certificates = Ignore (Apart from in SBS where the default is to require SSL). If you require SSL then set the internalURL and externalURL values of the OABVirtualDirectory to contain "https://<valid resolvable name on cert>/OAB". The name on the cert should resolve to the internal IP address of your CAS server for internal users and it should resolve to the public IP of your CAS server for external users. Setup Split DNS if this is not the case because a lot of routers/firewalls will not allow internal traffic to come back in the external interface.
By default the Authentication mechanism on the OAB folder is Windows authentication and nothing else (apart from SBS08 which appears to use Basic and Windows). In IIS Manager under the OAB virtual directory Right click on Windows Authentication--> Advanced Settings and ensure that 'enable kernel-mode authentication' is NOT ticked.
There is no OAB folder in the install or Service Pack source and therefore no web.config file, so there should be no web.config file in the OAB folder, so remove or rename it if you are experiencing OAB download issues.
If you are using Outlook Anywhere, then don't forget to set an ExternalURL value on the OAB that matches your SSL certificate. e.g. 'Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalURL  "https://<valid resolvable name on cert>/OAB"'
Disabling Web Distribution of the OAB, deletes the <GUID> subfolder from under the ClientAccess\OAB folder. Enabling it creates the <GUID> folder and sets the permissions on it for "Authenticated Users" = Read. It also assigns many other groups like "Exchange Servers" direct permissions on the <GUID> subfolder.
If you perform a Remove-OABVirtualDirectory then the offlineAddressBook will have no VirtualDirectories value and this must be re-assigned once the VD is recreated.
Test-OutlookWebServices does not appear to test the http://<CASfqdn>/OAB/<GUID>/oab.xml file, it just appears to contact the EWS service. Test-OutlookWebServices will even pass if there is no OAB VD on your CAS. So use Outlook's "Autoconfiguration Test" to see and contact the full OAB URL.
Failing 'Public Folder Distribution' methods of the OAB will not stop web distribution from happening i.e. if the PF store the OAB generating server is using is dismounted, the PF OAB will not get updated, but Web Distribution of the OAB will still happen.
Event Logging: by default Exchange doesn't log much about the OAB generation, so if you are still experiencing issues with the OAB generating then open EMS and do 'Set-EventLogLevel "<Server>\msExchangeSA\OAL Generator" -Level Medium' then run 'Get-OfflineAddressBook |Update-OfflineAddressBook' then watch the Application Event log on the OAB Generating server for OAL Generator events. You should get event ID 9106 (OAB Generation starting) and event ID 9107 (OAB Generation finished)

OAB recreation:
If you want to recreate your OAB then you can perform the following in EMS:

1

'Remove-OfflineAddressBook "Default Offline Address Book"'

2

"New-OfflineAddressBook -Name "Default Offline Address Book" -Server <server> -AddressLists "\Default Global Address List" -PublicFolderDistributionEnabled $true -VirtualDirectories "<CAS>\OAB (Default Web Site)" (once again, substitute 'default web site' with 'SBS Web Applications' if you are running SBS)

3

"Get-OfflineAddressBook |Update-OfflineAddressBook"

4

Wait 15 minutes (or until you see the 9107 event if you have event logging turned up to Medium)

5

Restart the Microsoft Exchange File Distribution service on your CAS servers

6

Wait 5 minutes or until you see the files appear in the <Drive>:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB folder on the CAS server/s

7

Test downloading the OAB in Outlook.

By now you should be rid of your OAB download errors. If not, drop a post on this article and I will try and help you.

If you have any questions or queries or additional info then feel free to post it below.

Cheers

MegaNuk3
38
Comment
Author:MegaNuk3
31 Comments
 
LVL 45

Expert Comment

by:Amit
Good one Sir. My Vote is in.
0
 
LVL 31

Author Comment

by:MegaNuk3
No need to call me Sir, I haven't been knighted (yet). ;-)
0
 
LVL 32

Expert Comment

by:DrDamnit
Voted yes by me!
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 76

Expert Comment

by:Alan Hardisty
Oops - forgot to vote on a great article.

So - consider that mistake corrected.

Alan
0
 
LVL 31

Author Comment

by:MegaNuk3
Thanks for the votes guys. Only a couple more then I will overtake demazter and alanhardisty in the Exchange zone on points ;-)
0
 
LVL 31

Author Comment

by:MegaNuk3
For SBS2008 users in Step 6, you will want to use the following command:
New-OABVirtualDirectory -WebSiteName "SBS Web Applications"

The above command will ensure that the OAB VD will get created under the SBS Web Applications web site and not the default web site.

I will hopefully be updating this article shortly...
0
 
LVL 2

Expert Comment

by:bruce_77
Great article, very helpful! :)
0
 

Expert Comment

by:npcinfo
Excellent article - really helpful
0
 

Expert Comment

by:CIRIIT
Ok, I have a tricky one - I'll create a new post if need be, but I thought this would be a good place to start....

OAB generation is working correctly, and users are able to access and update their outlook clients at will. These updates work perfectly, with the exception of two workstations within our entire environment.

I have determined that the issue is isolated to the workstations themselves, as I have successfully downloaded the OAB from one of the affected user's account profile on a different workstation.

The download does not error out, it simply hangs at about 10% into "Downloading the Offline Address Book".

I have rebuilt one of the workstations in question from the ground up, opting out of any preconfigured ghost images we have available, but the issue persists.

As there is no error generated, so verbose logging does me little good. I am at a loss as to why this would affect a single machine.... Any ideas?

Exchange 2010 v 14.01.0218.013 running on Windows Server 2008 R2
0
 
LVL 31

Author Comment

by:MegaNuk3
Create a question, that's probably best. First thoughts are: add the CAS URL to your IE proxy exclusions/exceptions
0
 
LVL 17

Expert Comment

by:Andrew Oakeley
>> couple more then I will overtake demazter and alanhardisty in the Exchange zone

Lol! U will have to work hard for that! Sweet article though, keep it up. I am crap at writing articles, needs to be more of it though.... Mid year resolution maybe ......
0
 
LVL 31

Author Comment

by:MegaNuk3
Yep, I probably post alanhardisty's E2k3 ActiveSync troubleshooting article more on questions than my 2.
0
 

Expert Comment

by:seaymca
I've followed these steps twice but I still get stalled out when downloading the address book in Outlook. I (think) I had it downloading last week by adding "Authenticated users" to the web.config files security, but it stopped working a couple days later.

The autodiscover test passes with no issues. The offlineaddressbook just doesn't want to work.

When I followed the steps and it created a new OAB directory on the CAS servers, it didn't create a new web.config file.
0
 

Expert Comment

by:seaymca
I read the notes again and saw the part about not needing the web.config file. Sill no change.
0
 
 

Administrative Comment

by:Jim Dettman (Microsoft MVP/ EE MVE)
seaymca:

  Open a question, pointing back to the article here.  Comments here are really meant for clairifying points of the article or making corrections to it.

  Solving a problem will be better dealt with in a thread on it's own.  The author may be off-line.  If you open a question on it's own, you'll get a lot more eyes on it.

Thanks,
Jim Dettman
MS Access Zone Advisor
0
 

Expert Comment

by:mti-adminz
I am running into an issue with this article I am not able to complete Step 8 with success.

Get-OfflineAddressBook | Update-OfflineAddressBook

completes wihtout an Error, but no directory is created and no error is logged in the event log. Can you advise?
0
 
LVL 31

Author Comment

by:MegaNuk3
Turn Diagnostic logging up to at least medium and then try the OAB again and watch the application event log for OAL Generator events. You may want to open a question so you have more eyes on your problem and quicker responses than mine.
0
 

Expert Comment

by:Louise_P
wish I could give this 5 stars!  Thank you.
0
 
LVL 31

Author Comment

by:MegaNuk3
@Louise_P : thanks. I hope it sorted out your OAB issue.
0
 

Expert Comment

by:Louise_P
@MegaNuk3 - It absolutely did resolve my OAB issue and it was by far the easiest article to follow that I found in my 2 days of researching (maybe even ever!)  My only suggestion might be to turn your last point (recycling the MSExchangeAutodiscoverApp) into an actual step 10 using concise instructions, similar to your steps 1-9.  Otherwise it was so simple my boss could've done it!  :)   Thanks again!
0
 
LVL 17

Expert Comment

by:Lior Karasenti
Great Article! i wish i could give more points
0
 
LVL 31

Author Comment

by:MegaNuk3
@liorkr - thanks
0
 

Expert Comment

by:TMS
The problem started last month just after I painfully updated the server certificate - first timer so I made a dogs mess of it....!!!.  In the process I added a HTTP binding with the SSL domain name i.e *.<domain>.co.uk for the SBS Default Web Site.

It was only a couple of weeks ago a User mentioned the issue and then all the others reported the same problem, some only being asked once at login and others continually.

After much reading and seeing this post on 9 Steps ...... (and we should all be very appreciative of publishers taking the time to detail such explicit solutions - so thank you) I sensed it was probably something I had done when adding the certificate but I wasn't sure what.

Anyway, on removing the Binding entry (Via IIS), the problem instantly resolved itself.

I'm not saying this is the cause of everyone’s issues relating to this problem but it might be worth adding to the list to cross off.
0
 

Expert Comment

by:TMS
I missed the top off:

If still relevant to anyone, I have recently been suffering from this problem on SBS 2011 with Outlook 2010 clients presenting login prompts when updating the OAB; Outlook 2003 clients were not being affected.............
0
 

Expert Comment

by:Muhnster
Hey MegaNuk3,

I know this is an old thread from your part, but we just jumped on Exchange 2007 from 2003!  Like most I followed a transition guide and all went well for the most part.  All mailboxes and public folders were moved over just fine and mailflow has been mint since the transition.

Since then, our eager IT admin has removed Exchange 2003 and decommisioned our old host server.  The issue we are now seeing is that;

1. We can clearly create a new Offline Address book and it is set to "True" in the isvalid and isdefault parameters.
2.  We can reset our OAB folders as described in your article above

WE CANNOT GET THE "EXCHANGEOAB" folder to be created if our lives depended on it.  It simply will not create itself and when we run the Get-OfflineAddressBook | Update-OfflineAddressBook cmdlet in EMS we get the following:

Update-OfflineAddressBook : Failed to generate the content of the offline address book '\Default Offline Address Book'
 Two possible reasons for the failure are that the System Attendant Service is not running or you do not have permission to perform this operation. Error message : 'Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))
.
At line:1 char:51
+ Get-OfflineAddressBook | Update-OfflineAddressBook <<<<
    + CategoryInfo          : InvalidResult: (\Default Offline Address Book:OfflineAddressBookIdParameter) [Update-Off
   lineAddressBook], LocalizedException
    + FullyQualifiedErrorId : C9E529DB,Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateOfflineAddressBook

We have a valid and clean GlobalAddressList and everything seems to be functioning up to that ExchangeOAB folder creation issue... We tried creating the folder manually and adding the proper share and NTFS permissions on the folder and we are getting the same error when running Update-OfflineAddressBook –Identity “Default Offline Address Book”.

Any firther ideas on what could be causing this issue?

Muhnster
0
 
LVL 31

Author Comment

by:MegaNuk3
@Muhnster - it would be probably best to create a question, so all the EE experts can help you.

Did you do both of my procedures above?
0
 

Expert Comment

by:Muhnster
Yes, you are right, I think I will... My issue is really around the OAB folder generation issue...  Like I said, my transition went very well, everything is working, including Public Folders, I recreated my GAL and OAL and they both show as valid and defaults (with GUIDs listed) and display correctly through OWA, my issue is that the ExchangeOAB folder will simply not create itself despite going through the entire process of the get and update cmdlet for the offline Address List as well as restarting the system attendant and FDS...

Very strange...

Thanks,

Muhnster
0
 

Expert Comment

by:Muhnster
0
 

Expert Comment

by:MOUHADDIR YASSINE
Hi all,

This procedure work for me, since November 2011at now it's valid with MS Exchange 2010 sp1, i had searching in many forums and sites but this is the only valid solution tested in real production environment, now OAB is working in all MS Outlook 2007 clients excepts Outlook 2003 clients who has the error appear of the object OAB is not found, i think because i am during migration from Ex 2003 to Ex 2010 which the old one can't take changes updates.

Thank you so much to help us with all your solutions, you are an exceptional Exchange Architect.

Great Work,
Yassine MOUHADDIR
Morocco
Exchange Administrator
0
 

Expert Comment

by:Jessev4629
Excellent
0
 
LVL 2

Expert Comment

by:msidnam
This was the only thing i found that worked in fixing my OAB issue.

thank you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Join & Write a Comment

Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Check How effective MS Exchange Expert thinks Exchange Mailbox Recovery by SysTools IS. Visit the Official site to get detailed information:- https://www.systoolsgroup.com/exchange-recovery.html (https://www.systoolsgroup.com/exchange-recovery.h…
Other articles by this author

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month