Set up Web OAB Distribution in Exchange 2007

MapleLife
MapleLife used Ask the Experts™
on
Public folder replication doesn't seem to be working for me so I'd like to try the web distribution method. Problem is i can't seem to find an article that outlines the entire process. Can anyone point me towards one?

I'm transitioning from a 2003 environment.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1. In the properties of your Default Offline Address Book, enable web distribution and add all CAS servers to the list.
2. Ensure your OAB is being generated with no errors (watch the event logs)
3. Run the script below to rebuild the Default Offline Address Book and redistribute to all CAS servers


Get-OfflineAddress Book 'Default Offline Address Book' | Update-OfflineAddressBook
Sleep 180  # Most OAB's will finish generating in this time, if your company is large, increase the value
Get-ClientAccessServer | Update-FileDistributionService -Type OAB
Forgot my link.

Here is more information: http://technet.microsoft.com/en-us/library/bb124351.aspx 

Author

Commented:
When i run your first command I'm getting an error. Am I doing something wrong?


         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #21:

Sometimes it's useful to convert the output of a cmdlet to a string to interoper
ate with native cmdlets. For example, type:

 Get-Command | Out-String | Findstr "command"

[PS] C:\Windows\system32>Get-OfflineAddress Book 'Default Offline Address Book'
| Update-OfflineAddressBook
The term 'Get-OfflineAddress' is not recognized as the name of a cmdlet, functi
on, script file, or operable program. Check the spelling of the name, or if a p
ath was included, verify that the path is correct and try again.
At line:1 char:19
+ Get-OfflineAddress <<<<  Book 'Default Offline Address Book' | Update-Offline
AddressBook
    + CategoryInfo          : ObjectNotFound: (Get-OfflineAddress:String) [],
   CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>Get-OfflineAddress Book 'Default Offline Address Book'
| Update-OfflineAddressBook
The term 'Get-OfflineAddress' is not recognized as the name of a cmdlet, functi
on, script file, or operable program. Check the spelling of the name, or if a p
ath was included, verify that the path is correct and try again.
At line:1 char:19
+ Get-OfflineAddress <<<<  Book 'Default Offline Address Book' | Update-Offline
AddressBook
    + CategoryInfo          : ObjectNotFound: (Get-OfflineAddress:String) [],
   CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>Get-Offline Address Book 'Default Offline Address Book'
 | Update-OfflineAddressBook
The term 'Get-Offline' is not recognized as the name of a cmdlet, function, scr
ipt file, or operable program. Check the spelling of the name, or if a path was
 included, verify that the path is correct and try again.
At line:1 char:12
+ Get-Offline <<<<  Address Book 'Default Offline Address Book' | Update-Offlin
eAddressBook
    + CategoryInfo          : ObjectNotFound: (Get-Offline:String) [], Command
   NotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Oops, I somehow got a space in there.  Also, your OAB might be named differently.  If you only have one, most people do, then do this instead.

Get-OfflineAddressBook | Update-OfflineAddressBook
Sleep 180  # Most OAB's will finish generating in this time, if your company is large, increase the value
Get-ClientAccessServer | Update-FileDistributionService -Type OAB

Author

Commented:

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #15:

To get a list of all users on an Exchange 2007 server who are not Unified Messag
ing-enabled type, use:

 Get-UmMailbox | ForEach { If($_.UmEnabled -Eq $False){$_.Name}}

[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook
[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook Slee
p 180
Update-OfflineAddressBook : A positional parameter cannot be found that accepts
 argument '180'.
At line:1 char:51
+ Get-OfflineAddressBook | Update-OfflineAddressBook <<<<  Sleep 180
    + CategoryInfo          : InvalidArgument: (:) [Update-OfflineAddressBook]
   , ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Exchange.M
   anagement.SystemConfigurationTasks.UpdateOfflineAddressBook

[PS] C:\Windows\system32>Get-OfflineAddressBook | Update-OfflineAddressBook Slee
p 180 #
Update-OfflineAddressBook : A positional parameter cannot be found that accepts
 argument '180'.
At line:1 char:51
+ Get-OfflineAddressBook | Update-OfflineAddressBook <<<<  Sleep 180 #
    + CategoryInfo          : InvalidArgument: (:) [Update-OfflineAddressBook]
   , ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Exchange.M
   anagement.SystemConfigurationTasks.UpdateOfflineAddressBook

[PS] C:\Windows\system32>

Author

Commented:
I just removed the sleep parameter and the commands seem to run fine. The thing is I'm still getting errors on my test box saying it can't download the OAB
Now that you have an OAB distributed to your CAS servers you have to make sure your CAS server OAB Virtual Directories are configured correctly.  Please run the following and post the output.

get-oabvirtualdirectory | fl identity,*ternal*

Author

Commented:
should that last parameter say "internal"

Author

Commented:
Nevermind, I overlooked the wildcard. I'll run that command first thing tomm. I get in at 7am est.

Author

Commented:
My results.


         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #60:

You can control which features are available to Outlook Web Access users by usin
g the Set-OwaVirtualDirectory cmdlet. Type:

 Set-OwaVirtualDirectory "OWA (Default Web Site)" -ContactsEnabled $True -Change
PasswordEnabled $True

[PS] C:\Windows\system32>get-oabvirtualdirectory | fl identity,*ternal*


Identity                      : LEXEXCH1\OAB (Default Web Site)
InternalUrl                   : http://lexexch1.mlflexserv.com/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   :
ExternalAuthenticationMethods : {WindowsIntegrated}



[PS] C:\Windows\system32>
Your OAB vdir has the default settings.  Next you need to set it up to use HTTPS with your external certificate.  I need to know a little more to help with that.

get-owavirtualdirectory | fl identity,*ternal*
get-ecpvirtualdirectory | fl identity,*ternal*
get-webservicesvirtualdirectory | fl identity,*ternal*
get-exchangecertificate | fl name,services

Author

Commented:
get-owavirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #8:

The tilde character (~) should be familiar to Unix users. It represents the shor
tcut to your root directory. To see what it's evaluated to by default, type:

 Dir ~

You can use it as a useful shortcut:

 Cp SomeFile "~\My Documents"

[PS] C:\Windows\system32>get-owavirtualdirectory | fl identity,*ternal*


Identity                                : LEXEXCH1\owa (Default Web Site)
RemoteDocumentsInternalDomainSuffixList : {}
InternalAuthenticationMethods           : {Basic, Fba}
InternalUrl                             : https://lexexch1.mlflexserv.com/owa
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exchange (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Public (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exchweb (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}

Identity                                : LEXEXCH1\Exadmin (Default Web Site)
RemoteDocumentsInternalDomainSuffixList :
InternalAuthenticationMethods           : {Basic, Ntlm, WindowsIntegrated}
InternalUrl                             :
ExternalUrl                             :
ExternalAuthenticationMethods           : {Fba}



[PS] C:\Windows\system32>



get-ecpvirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #65:

Do you want to know which mailboxes a specific Active Directory user has permiss
ions to? Type:

 Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User <Active Directo
ry User> | Format-Table Identity, AccessRights, Deny

Caution: This command enumerates all the mailboxes in your organization. If you
have lots of mailboxes, you may want to target specific mailboxes.

[PS] C:\Windows\system32>get-ecpvirtualdirectory | fl identity,*ternal*
The term 'get-ecpvirtualdirectory' is not recognized as the name of a cmdlet, f
unction, script file, or operable program. Check the spelling of the name, or i
f a path was included, verify that the path is correct and try again.
At line:1 char:24
+ get-ecpvirtualdirectory <<<<  | fl identity,*ternal*
    + CategoryInfo          : ObjectNotFound: (get-ecpvirtualdirectory:String)
    [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>


get-webservicesvirtualdirectory | fl identity,*ternal*



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #57:

Do you want to create a new resource mailbox that can be used to book a meeting
room? Type:

 New-Mailbox -Name <Conference Room Name> -UserPrincipalName <SMTP Address> -Dat
abase <Mailbox Database> -OrganizationalUnit <Organizational Unit> -Room

This command creates a disabled Active Directory user who has a mailbox that acc
epts meeting requests from users.

[PS] C:\Windows\system32>get-webservicesvirtualdirectory | fl identity,*ternal*


Identity                      : LEXEXCH1\EWS (Default Web Site)
InternalNLBBypassUrl          : https://lexexch1.mlflexserv.com/ews/exchange.as
                                mx
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
InternalUrl                   : https://lexexch1.mlflexserv.com/EWS/Exchange.as
                                mx
ExternalUrl                   :



[PS] C:\Windows\system32>



get-exchangecertificate | fl name,services



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #49:

Here's a handy tip for repeating a command a given number of times. Instead of w
riting a For loop, use the following syntax:

 1..10 | ForEach { "do something here" }

For example, the following command creates 10 new storage groups that have the n
ames sg1 through sg10 on the server TestServer:

 1..10 | ForEach { New-StorageGroup -Name "sg$_" -server TestServer }

[PS] C:\Windows\system32>get-exchangecertificate | fl name,services


Services : IMAP, POP, IIS, SMTP



[PS] C:\Windows\system32>
Sorry, I gave you the commands for Exchange 2010 so some of them failed.  I see you do not have a commercial certificate.  Because of that you are already set up correctly for web distribution of the OAB using HTTP.  If it is not working correctly on all your devices it is probably because you need to replace the self-signed certificate with a certificate issued by a third party certificate authority.

Author

Commented:
I haven't done anything with the certificate and I'm still getting errors on my client stating they can't find the server url. 0x8004010f

Author

Commented:
How do I go about replacing the cert?
Are you going to get a certificate for this server?  If so, then I would recommend a SAN certificate with the following:

webmail.company.com           (or whatever common name you choose)
autodiscover.company.com
servername.company.local    (put this on if you can, it is not required.  company.local is your internal AD DNS name)

Once you have got your certificate, install it.  The easiest way to get set up after that is to use the Set-AllVdirs.ps1 script found here.

http://www.exchangeninjas.com/set-allvdirs

Author

Commented:
I'll see about getting the cert. On the install, where do I install it? Through IIS?
These guys make is really easy.
http://www.digicert.com/exchange-2007-ssl.htm

Check the related links at the bottom for the CSR and installation video.

Author

Commented:
So what does the certificate do to allow my internal clients to get the OAB?
OAB download via Outlook uses BITS for transfer.  BITS does not support using self-signed certficates so by default Exchange sets itself up for HTTP traffic instead.  However, if you configure IIS to only allow HTTPS connections then OAB downloads will fail.  Therefore, most companies will purchase a 3rd party certificate, install it, and configure the OAB virtual directory to support HTTPS only.

You say your clients are not working so I am assuming they are trying to connect via HTTPS and having an issue with the self-signed certificate.  Because it is self-signed, they do not trust it and thus the download fails.

Author

Commented:
I haven't done any config on IIS. Can I change it so OAB uses http? I've enabled public folder distribution but that doesn't seem to work.

Yeah, even internal clients are connecting. I thought that the web distribution was aimed more for external.
It is already configured for HTTP.  Public folder distribution is probably not working becuase you did not add the new server as a replica for Free/Busy.

Run this:
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse | fl name,Replicas

Author

Commented:
Thank you for the link, I'll be sure to go over it. Here are the results of that command, do I need to do anything else?



         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #42:

Do you want to retrieve a group of objects that have similar identities? You can
 use wildcard characters with the Identity parameter to match multiple objects.
Type:

 Get-Mailbox *John*
 Get-ReceiveConnector *toso.com
 Get-JournalRule *discovery*

[PS] C:\Windows\system32>get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+
FREE BUSY" -Recurse | fl name,Replicas


Name     : SCHEDULE+ FREE BUSY
Replicas : {}

Name     : EX:/o=Maple Life Financial/ou=Exchange Administrative Group (FYDIBOH
           F23SPDLT)
Replicas : {LEXEXCH1\Second Storage Group\Public Folder Database}

Name     : EX:/o=Maple Life Financial/ou=First Administrative Group
Replicas : {LEXEXCH1\Second Storage Group\Public Folder Database, EXCH2\First S
           torage Group\Public Folder Store (EXCH2)}



[PS] C:\Windows\system32>
On your 2003 server, add the 2007 server as a replica for "SCHEDULE+ FREE BUSY".

http://technet.microsoft.com/ru-ru/library/aa998973(EXCHG.65).aspx

Author

Commented:
I had made those changes previously, one of a few things i did pick out of my research. Anything else now?
Get a certificate.

Author

Commented:
OK, I sent the info over to my supervisor who will get the cert purchased. After install should be OAB issues be fixed or are there further configurations?
Install the UC certificate and run the set-allvdirs.ps1 script I linked to earlier.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial