Set up Web OAB Distribution in Exchange 2007

1. In the properties of your Default Offline Address Book, enable web distribution and add all CAS servers to the list.
2. Ensure your OAB is being generated with no errors (watch the event logs)
3. Run the script below to rebuild the Default Offline Address Book and redistribute to all CAS servers


Get-OfflineAddress Book 'Default Offline Address Book' | Update-OfflineAddressBook
Sleep 180  # Most OAB's will finish generating in this time, if your company is large, increase the value
Get-ClientAccessServer | Update-FileDistributionService -Type OAB

Forgot my link.

Here is more information: http://technet.microsoft.com/en-us/library/bb124351.aspx 

When i run your first command I'm getting an error. Am I doing something wrong?


         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #21:

Sometimes it's useful to convert the output of a cmdlet to a string to interoper
ate with native cmdlets. For example, type:

 Get-Command | Out-String | Findstr "command"

[PS] C:\Windows\system32>Get-OfflineAddress Book 'Default Offline Address Book'
| Update-OfflineAddressBook
The term 'Get-OfflineAddress' is not recognized as the name of a cmdlet, functi
on, script file, or operable program. Check the spelling of the name, or if a p
ath was included, verify that the path is correct and try again.
At line:1 char:19
+ Get-OfflineAddress <<<<  Book 'Default Offline Address Book' | Update-Offline
AddressBook
    + CategoryInfo          : ObjectNotFound: (Get-OfflineAddress:String) [],
   CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>Get-OfflineAddress Book 'Default Offline Address Book'
| Update-OfflineAddressBook
The term 'Get-OfflineAddress' is not recognized as the name of a cmdlet, functi
on, script file, or operable program. Check the spelling of the name, or if a p
ath was included, verify that the path is correct and try again.
At line:1 char:19
+ Get-OfflineAddress <<<<  Book 'Default Offline Address Book' | Update-Offline
AddressBook
    + CategoryInfo          : ObjectNotFound: (Get-OfflineAddress:String) [],
   CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>Get-Offline Address Book 'Default Offline Address Book'
 | Update-OfflineAddressBook
The term 'Get-Offline' is not recognized as the name of a cmdlet, function, scr
ipt file, or operable program. Check the spelling of the name, or if a path was
 included, verify that the path is correct and try again.
At line:1 char:12
+ Get-Offline <<<<  Address Book 'Default Offline Address Book' | Update-Offlin
eAddressBook
    + CategoryInfo          : ObjectNotFound: (Get-Offline:String) [], Command
   NotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>

Oops, I somehow got a space in there.  Also, your OAB might be named differently.  If you only have one, most people do, then do this instead.

Get-OfflineAddressBook | Update-OfflineAddressBook
Sleep 180  # Most OAB's will finish generating in this time, if your company is large, increase the value
Get-ClientAccessServer | Update-FileDistributionService -Type OAB

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #15:

To get a list of all users on an Exchange 2007 server who are not Unified Messag
ing-enabled type, use:

 Get-UmMailbox | ForEach { If($_.UmEnabled -Eq $False){$_.Name}}

[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook
[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook Slee
p 180
Update-OfflineAddressBook : A positional parameter cannot be found that accepts
 argument '180'.
At line:1 char:51
+ Get-OfflineAddressBook | Update-OfflineAddressBook <<<<  Sleep 180
    + CategoryInfo          : InvalidArgument: (:) [Update-OfflineAddressBook]
   , ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Exchange.M
   anagement.SystemConfigurationTasks.UpdateOfflineAddressBook

[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook Slee
p 180 #
Update-OfflineAddressBook : A positional parameter cannot be found that accepts
 argument '180'.
At line:1 char:51
+ Get-OfflineAddressBook | Update-OfflineAddressBook <<<<  Sleep 180 #
    + CategoryInfo          : InvalidArgument: (:) [Update-OfflineAddressBook]
   , ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Exchange.M
   anagement.SystemConfigurationTasks.UpdateOfflineAddressBook

[PS] C:\Windows\system32>

I just removed the sleep parameter and the commands seem to run fine. The thing is I'm still getting errors on my test box saying it can't download the OAB

Now that you have an OAB distributed to your CAS servers you have to make sure your CAS server OAB Virtual Directories are configured correctly.  Please run the following and post the output.

get-oabvirtualdirectory | fl identity,*ternal*

should that last parameter say "internal"

Nevermind, I overlooked the wildcard. I'll run that command first thing tomm. I get in at 7am est.

My results.


         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #60:

You can control which features are available to Outlook Web Access users by usin
g the Set-OwaVirtualDirectory cmdlet. Type:

 Set-OwaVirtualDirectory "OWA (Default Web Site)" -ContactsEnabled $True -Change
PasswordEnabled $True

[PS] C:\Windows\system32>get-oabvirtualdirectory | fl identity,*ternal*


Identity                      : LEXEXCH1\OAB (Default Web Site)
InternalUrl                   : http://lexexch1.mlflexserv.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   :
ExternalAuthenticationMethods : {WindowsIntegrated}



[PS] C:\Windows\system32>

Your OAB vdir has the default settings.  Next you need to set it up to use HTTPS with your external certificate.  I need to know a little more to help with that.

get-owavirtualdirectory | fl identity,*ternal*
get-ecpvirtualdirectory | fl identity,*ternal*
get-webservicesvirtualdirectory | fl identity,*ternal*
get-exchangecertificate | fl name,services

get-owavirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #8:

The tilde character (~) should be familiar to Unix users. It represents the shor
tcut to your root directory. To see what it's evaluated to by default, type:

 Dir ~

You can use it as a useful shortcut:

 Cp SomeFile "~\My Documents"

[PS] C:\Windows\system32>get-owavirtualdirectory | fl identity,*ternal*


Identity                                : LEXEXCH1\owa (Default Web Site)
RemoteDocumentsInternalDomainSuffixList : {}
InternalAuthenticationMethods           : {Basic, Fba}
InternalUrl                             : https://lexexch1.mlflexserv.com/owa
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exchange (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Public (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exchweb (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exadmin (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}



[PS] C:\Windows\system32>



get-ecpvirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #65:

Do you want to know which mailboxes a specific Active Directory user has permiss
ions to? Type:

 Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User <Active Directo
ry User> | Format-Table Identity, AccessRights, Deny

Caution: This command enumerates all the mailboxes in your organization. If you
have lots of mailboxes, you may want to target specific mailboxes.

[PS] C:\Windows\system32>get-ecpvirtualdirectory | fl identity,*ternal*
The term 'get-ecpvirtualdirectory' is not recognized as the name of a cmdlet, f
unction, script file, or operable program. Check the spelling of the name, or i
f a path was included, verify that the path is correct and try again.
At line:1 char:24
+ get-ecpvirtualdirectory <<<<  | fl identity,*ternal*
    + CategoryInfo          : ObjectNotFound: (get-ecpvirtualdirectory:String)
    [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>


get-webservicesvirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #57:

Do you want to create a new resource mailbox that can be used to book a meeting
room? Type:

 New-Mailbox -Name <Conference Room Name> -UserPrincipalName <SMTP Address> -Dat
abase <Mailbox Database> -OrganizationalUnit <Organizational Unit> -Room

This command creates a disabled Active Directory user who has a mailbox that acc
epts meeting requests from users.

[PS] C:\Windows\system32>get-webservicesvirtualdirectory | fl identity,*ternal*


Identity                      : LEXEXCH1\EWS (Default Web Site)
InternalNLBBypassUrl          : https://lexexch1.mlflexserv.com/ews/exchange.as
                                mx
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
InternalUrl                   : https://lexexch1.mlflexserv.com/EWS/Exchange.as
                                mx
ExternalUrl                   :



[PS] C:\Windows\system32>



get-exchangecertificate | fl name,services



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #49:

Here's a handy tip for repeating a command a given number of times. Instead of w
riting a For loop, use the following syntax:

 1..10 | ForEach { "do something here" }

For example, the following command creates 10 new storage groups that have the n
ames sg1 through sg10 on the server TestServer:

 1..10 | ForEach { New-StorageGroup -Name "sg$_" -server TestServer }

[PS] C:\Windows\system32>get-exchangecertificate | fl name,services


Services : IMAP, POP, IIS, SMTP



[PS] C:\Windows\system32>

Sorry, I gave you the commands for Exchange 2010 so some of them failed.  I see you do not have a commercial certificate.  Because of that you are already set up correctly for web distribution of the OAB using HTTP.  If it is not working correctly on all your devices it is probably because you need to replace the self-signed certificate with a certificate issued by a third party certificate authority.

I haven't done anything with the certificate and I'm still getting errors on my client stating they can't find the server url. 0x8004010f

How do I go about replacing the cert?

Are you going to get a certificate for this server?  If so, then I would recommend a SAN certificate with the following:

webmail.company.com           (or whatever common name you choose)
autodiscover.company.com
servername.company.local    (put this on if you can, it is not required.  company.local is your internal AD DNS name)

Once you have got your certificate, install it.  The easiest way to get set up after that is to use the Set-AllVdirs.ps1 script found here.

http://www.exchangeninjas.com/set-allvdirs

I'll see about getting the cert. On the install, where do I install it? Through IIS?

These guys make is really easy.
http://www.digicert.com/exchange-2007-ssl.htm

Check the related links at the bottom for the CSR and installation video.

So what does the certificate do to allow my internal clients to get the OAB?

OAB download via Outlook uses BITS for transfer.  BITS does not support using self-signed certficates so by default Exchange sets itself up for HTTP traffic instead.  However, if you configure IIS to only allow HTTPS connections then OAB downloads will fail.  Therefore, most companies will purchase a 3rd party certificate, install it, and configure the OAB virtual directory to support HTTPS only.

You say your clients are not working so I am assuming they are trying to connect via HTTPS and having an issue with the self-signed certificate.  Because it is self-signed, they do not trust it and thus the download fails.

I haven't done any config on IIS. Can I change it so OAB uses http? I've enabled public folder distribution but that doesn't seem to work.

Yeah, even internal clients are connecting. I thought that the web distribution was aimed more for external.

It is already configured for HTTP.  Public folder distribution is probably not working becuase you did not add the new server as a replica for Free/Busy.

Run this:
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse | fl name,Replicas

Also, some of your questions are in here, read it.

http://www.msexchange.org/tutorials/Transitioning-Exchange-2000-2003-Exchange-Server-2007-Part1.html 

Thank you for the link, I'll be sure to go over it. Here are the results of that command, do I need to do anything else?



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #42:

Do you want to retrieve a group of objects that have similar identities? You can
 use wildcard characters with the Identity parameter to match multiple objects.
Type:

 Get-Mailbox *John*
 Get-ReceiveConnector *toso.com
 Get-JournalRule *discovery*

[PS] C:\Windows\system32>get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+
FREE BUSY" -Recurse | fl name,Replicas


Name     : SCHEDULE+ FREE BUSY
Replicas : {}

Name     : EX:/o=Maple Life Financial/ou=Exchange Administrative Group (FYDIBOH
           F23SPDLT)
Replicas : {LEXEXCH1\Second Storage Group\Public Folder Database}

Name     : EX:/o=Maple Life Financial/ou=First Administrative Group
Replicas : {LEXEXCH1\Second Storage Group\Public Folder Database, EXCH2\First S
           torage Group\Public Folder Store (EXCH2)}



[PS] C:\Windows\system32>

On your 2003 server, add the 2007 server as a replica for "SCHEDULE+ FREE BUSY".

http://technet.microsoft.com/ru-ru/library/aa998973(EXCHG.65).aspx

I had made those changes previously, one of a few things i did pick out of my research. Anything else now?

Get a certificate.

OK, I sent the info over to my supervisor who will get the cert purchased. After install should be OAB issues be fixed or are there further configurations?