OAB offline address book

hello i got the outlook stuch at send & receive and even all the time when i open keep aking me the the password this is the log i got through the test


<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName>Karim nasrallah</DisplayName>
      <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Karim nasrallah</LegacyDN>
      <AutoDiscoverSMTPAddress>karim.nasrallah@levantfactors.com</AutoDiscoverSMTPAddress>
      <DeploymentId>62040441-bf84-4a30-8ce7-d47407388da3</DeploymentId>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>EXCH10.levantfactors.local</Server>
        <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH10</ServerDN>
        <ServerVersion>738180DA</ServerVersion>
        <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH10/cn=Microsoft Private MDB</MdbDN>
        <PublicFolderServer>EXCH10.levantfactors.local</PublicFolderServer>
        <AD>WINSTD08.levantfactors.local</AD>
        <ASUrl>https://mail.levantfactors.com/ews/exchange.asmx</ASUrl>
        <EwsUrl>https://mail.levantfactors.com/ews/exchange.asmx</EwsUrl>
        <EcpUrl>https://exch10.levantfactors.local/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.levantfactors.com/ews/exchange.asmx</OOFUrl>
        <UMUrl>https://mail.levantfactors.com/ews/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://exch10.levantfactors.com/oab/3356045d-7504-463b-9d31-a236d5e70d69/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>EXPR</Type>
        <Server>mail.levantfactors.com</Server>
        <SSL>On</SSL>
        <AuthPackage>Basic</AuthPackage>
        <ASUrl>https://mail.levantfactors.com/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>https://mail.levantfactors.com/EWS/Exchange.asmx</EwsUrl>
        <EcpUrl>https://mail.levantfactors.com/ecp/</EcpUrl>
        <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
        <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
        <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
        <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
        <EcpUrl-sms>?p=sms/textmessaging.slab&amp;exsvurl=1</EcpUrl-sms>
        <OOFUrl>https://mail.levantfactors.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.levantfactors.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.levantfactors.com/OAB/3356045d-7504-463b-9d31-a236d5e70d69/</OABUrl>
      </Protocol>
      <Protocol>
        <Type>WEB</Type>
        <Internal>
          <OWAUrl AuthenticationMethod="Basic, Fba">https://exch10.levantfactors.local/owa/</OWAUrl>
          <Protocol>
            <Type>EXCH</Type>
            <ASUrl>https://mail.levantfactors.com/ews/exchange.asmx</ASUrl>
          </Protocol>
        </Internal>
        <External>
          <OWAUrl AuthenticationMethod="Fba">https://mail.levantfactors.com/owa/</OWAUrl>
          <Protocol>
            <Type>EXPR</Type>
            <ASUrl>https://mail.levantfactors.com/EWS/Exchange.asmx</ASUrl>
          </Protocol>
        </External>
      </Protocol>
      <AlternativeMailbox>
        <Type>Archive</Type>
        <DisplayName>Online Archive - Karim nasrallah</DisplayName>
        <LegacyDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Karim nasrallah/guid=8f191ed4-db8f-41c2-a0b4-0834144ec004</LegacyDN>
        <Server>EXCH10.levantfactors.local</Server>
      </AlternativeMailbox>
    </Account>
  </Response>
</Autodiscover>


bugs-itAsked:
Who is Participating?
 
praveenkumare_spConnect With a Mentor Commented:
please use Microsoft article 940726
http://support.microsoft.com/kb/940726

and ur problem will be resolved... let me know if u have nay queries in this article
0
 
ncheungCommented:
I'm assuming you are using Office 2007 or higher with Exchange 2007.

From your XML log, I'm curious why the OABUrl is different.
<OABUrl>https://exch10.levantfactors.com/oab/3356045d-7504-463b-9d31-a236d5e70d69/</OABUrl>

Can you verify the OABUrl is correct?  The following is a tutorial and you can skip to the OAB section.
http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html
0
 
bugs-itAuthor Commented:
hello i try before this solution in the above article nothing change
just a question i mean it is ture to have the internal ulr different from the external url in all i mean OWA OAB , EWS or not ?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
MegaNuk3Commented:
Depends what names you have on your Exchange certificate...

You can use a single name cert and change all the URLs to match the name on the cert, but then you would need a SRV record in your external DNS.

If you are running Exchange 2007, ensure you are on SP3

What error does outlook give you when you try download the OAB from Outlook.
0
 
ncheungCommented:
I'm not sure if you need an external SRV record.  It depends on where your clients are connecting from.

As for the URL, have you simply just tried to access the URL to determine what types of errors the clients are experiencing.  Have you verified that your OAB is set to distribute via web based, since you are supplying the URL?
You may want to have a look at this articles regarding OAB distribution.

http://technet.microsoft.com/en-us/library/bb124270(EXCHG.80).aspx

http://msexchangeteam.com/archive/2006/10/16/429204.aspx
0
 
bugs-itAuthor Commented:
i have exchange 2010 sp1
when i open outllok 2007 always give to enter the user name and password then ii will attach the error that i got in the file
then i try to chnage OAB both external and internal same URL (mail.levantfactors.com) the i will attch the send picture error that i got

3 then user need to access from inside the company and from outside too so they need to use outlook web app too
i will give you and idea that i add a forward zone in the internal DNS for mydomain.com then i add SRV recod for autodiscvoer in this zone as i read in technet microsoft but no change
i still face the same problems actully they are 3 problem
1- outlook always asks user ame and password
2-send & receive stuck at 50% try to download address book microsoft exchange
3 i can access owa form inside and outisde using ip not url name that i set in the exchnage client access
thank you
0
 
bugs-itAuthor Commented:
0
 
MegaNuk3Commented:
Go into IIS and check the properties of the default website and ensure "Client certificates" = ignore
Check that is set on the virtual directories too, like autodiscover and RPC etc... See what you get in outlook then
0
 
MegaNuk3Commented:
What names do you have on your certificate? Is it a 3rd party one or self signed?
0
 
MegaNuk3Commented:
Here is the link I tell everyone to look at for the SRV record:
http://support.microsoft.com/kb/940881

Thes SRV record really helps externally and can help internally too if the SCP is misconfigured or does not exist.
0
 
ncheungCommented:
Okay so the last comment about you not able to access OWA via the DNS name but can via IP Address has me a bit concerned.  Are you sure when you type in the name "mail.levantfactors.com" it is pointing to the correct IP Address of your CAS server?

Can you try a nslookup to verify?  If the DNS records are correct, then can you verify within IIS that your exchange related website is on and working?
0
 
bugs-itAuthor Commented:
i have the interenal name fo the exchange serve rthat i use is exch10  which is provide a certificate
in the interenal DNS server i add forward zone for mydomain.com  the i add A record for mail.mydomain.com ip the interent ip of exch server 2010
now  some time i owa throughtt the https://mail.levantfactors.com/owa then iput use name and passowrd and after a  minute disconnnect , i try this from external  
0
 
MegaNuk3Commented:
In the internal DNS zone the names must point to the INTERNAL IP address of the server, for example mail.levantfactors.com would point to the internal IP address of your CAS server.

In external DNs it points to your Internet/public IP address

The reason for this is because a lot of routers/firewalls do not allow internal traffic to come back in the external interface of the router/firewall
0
 
ncheungCommented:
Since you are prompted with a login, I'm going to assume your OWA website is running.  When you are presented with the certificate are you receiving any errors?

There is a known issue though with the certificates, even with real certificates. When requesting the certificate using the New-ExchangeCertificate commandlet you have to enter the domain name (“mail.levantfactors”) in the –SubjectName option, but you also have to use it in the –DomainName option.

This will result in the FQDN in both the SubjectName as well as the Subject Alternative Names (see  Figure 3) and this will cost you an extra credit when requesting the certificate with your provider. It should also be the first name in the Subject Alternative Names field. If you fail to do so the Client Access Server will not recognize the certificate. This will lead to error 0x80072f06.

Can you verify?
0
 
bugs-itAuthor Commented:
hello the prompt for the user name and password  solve but now i have still have the error when i send & receice from outlook  just this problem
i attach the error in the ic below
error.JPG
0
 
MegaNuk3Commented:
Ensure you have web distribution ticked on your OAB in Exchange 2010 EMC/EMS, then go into EMS:
Get-offlineaddressbook | update-offlineaddressbook
Wait 15 minutes
Then restart the msexchangeFDS service on the CAS server
Wait 5 minutes and then try download the offline address book in Outlook
0
 
praveenkumare_spCommented:
wait wait wait .........


First of all is your Autodiscover service is working fine ???????

See whether you can access the F/B information of other users by scheduling a meeting .

Let me know if you need and more info on this
0
 
ncheungCommented:
I think we're all telling you the same thing, which is to verify your Exchange virtual directories and services are configured properly.  You should also make sure you have a public folder instance on the server you have enabled as the OAB generation server.

Because you are running Outlook 2003 with a mailbox on Exchange 2010, you need to assure the public folder properly generates a version of the OAB for your Outlook 2003 clients.

http://technet.microsoft.com/en-us/library/bb124270(EXCHG.80).aspx

http://msexchangeteam.com/archive/2006/10/16/429204.aspx
0
 
praveenkumare_spCommented:
Wow

i see  from the error
        <OOFUrl>https://mail.levantfactors.com/EWS/Exchange.asmx</OOFUrl>
        <UMUrl>https://mail.levantfactors.com/EWS/UM2007Legacy.asmx</UMUrl>
        <OABUrl>https://mail.levantfactors.com/OAB/3356045d-7504-463b-9d31-a236d5e70d69/</OABUrl>

all of them use CAS server "mail.levantfactors.com" for their services which is correct as the comments below
bugs-it:
i have exchange 2010 sp1
when i open outllok 2007 always give to enter the user name and password then ii will attach the error that i got in the file



But as the previous user comments if u get it on OL2003 then it must use Public folders not Cas server.


if its  using OL 2003 please let us know
0
 
MegaNuk3Commented:
The picture looks like Outlook 2007 to me. I don't think 'RSS Feeds' existed in Outlook 2003.
0
 
praveenkumare_spCommented:
Yes MegaNuk3 that what is confusing as ncheung has comment the below

"Because you are running Outlook 2003 with a mailbox on Exchange 2010, you need to assure the public folder properly generates a version of the OAB for your Outlook 2003 clients"
0
 
ncheungCommented:
I think the RSS feed folder appeared due to Exchange 2010.  Note there is no ribbon bar, hence Outlook 2003 was my assumption.

Have you verified the public folder and such is intact?  If so, the next step is to assure the distribution of the OAB to Outlook 2003 clients by using Exchange management console and seeing the properties of your OAB to enable for distribution to Outlook 2003.

http://technet.microsoft.com/en-us/library/bb124719.aspx
0
 
bugs-itAuthor Commented:
no i it outllok 200 i don't have outlook 2003  just a question again when i add a forward zone in the internak DNS for the domain.com let use the inside this zone i create A recoder with name mail and i put the public ip of the mail.domain.com it is true configuation or not ?
and someone have any article realy help straightforward how to configure DNS when exch2010 avialable cos i couldn't find a lot about just a lot of words inteh technet i would like simple and short way if there is
cos i think a lot of problem cos of  DNS configuration
thx
0
 
MegaNuk3Commented:
No, if you are configuring internal DNS then you must point at internal ip addresses for the exchange resources you are trying to reach internally.

So in internal DNS mail.domain.com maps to the internal IP address of your CAS server.

In External DNS the mail.domain.com points to the external/Internet IP address f your CAS server
0
 
MegaNuk3Commented:
Did you try my comment ID:35043975 ? That should solve your OAB 8004010F issue.
0
 
bugs-itAuthor Commented:
i try it then i will test the client tomorrow an dlet you know actually now i have some issue with dns cos of this i was asking, regarding the DNS  to clarify i mean in the dns server i create 2 forward zone one is domain.local  secomd is domain.com
so in the domain.local A record created it is point to internl ip of exchange server
the second which is the domain.com i create the record A then i give name mail and then the ip shloud poit then to the internal exchange server ip or to the public ip that ISP create mx recorder for and reserver mail.domain.com to that IP
0
 
MegaNuk3Commented:
Point mail at the internal IP in the internal DNS zones.

In the external/Internet/ISP DNS ( that everyone on  the Internet sees) you leave things pointing at the public/ Internet addresses.

This is called split DNS
0
 
bugs-itAuthor Commented:
hello again i try your solution and sorry didn't work for me still teh same send & receive stuck at 50 %  receiving processing  and discription offline address book connecting to microsoft exchnage
0
 
MegaNuk3Commented:
How long have you left Outlook doing a Send/Receive for? Does it still come back with 0x8004010F?

Time to test outlook autoconfig:
With outlook open, hold down CTRL key and right click on the Outlook icon in the bottom right hand side of your screen, them on the popup menu select the "Test Autoconfiguration". Select that, enter valid credentials and select the "autodiscover" option only and test. Look for the OAB URL
0
 
bugs-itAuthor Commented:
i have  under the protocol exchange  RPC
OABthe url https://exch10.domain.local/OAB?3356045d-7504-463b-9d31-a236d5e70d69/


and under teh exchange http
AOB https://mail.domain.com/OAB/3356045d-7504-463b-9d31-a236d5e70d69/
 and as much as i wait no matter it takes forever and stcuk at 50%

0
 
MegaNuk3Commented:
Start outlook /rpcdiag and see if it is connecting over TCP/IP or HTTP.

Also do
Get-OABVirtualDirectory | fl
And post the result (edit out the domain names if you want)
0
 
bugs-itAuthor Commented:
ok here it is

RunspaceId                      : 720c2eb3-77ce-45b8-9a39-8bb052703baf
Name                            : OAB (Default Web Site)
PollInterval                    : 480
OfflineAddressBooks             : {\Default Offline Address Book}
RequireSSL                      : True
BasicAuthentication             : False
WindowsAuthentication           : True
MetabasePath                    : IIS://EXCH10.levantfactors.local/W3SVC/1/ROOT/OAB
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : EXCH10
InternalUrl                     : https://exch10.levantfactors.local/OAB
InternalAuthenticationMethods   : {WindowsIntegrated}
ExternalUrl                     : https://mail.levantfactors.com/OAB
ExternalAuthenticationMethods   : {WindowsIntegrated}
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCH10,CN=Servers,CN=Exchange Admin
                                  istrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=M
                                  icrosoft Exchange,CN=Services,CN=Configuration,DC=levantfactors,DC=local
Identity                        : EXCH10\OAB (Default Web Site)
Guid                            : 59311d7a-f1fd-4fe7-8962-8bc29b9c9138
ObjectCategory                  : levantfactors.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                     : 3/7/2011 1:11:50 AM
WhenCreated                     : 2/19/2011 1:42:48 PM
WhenChangedUTC                  : 3/6/2011 11:11:50 PM
WhenCreatedUTC                  : 2/19/2011 11:42:48 AM
OrganizationId                  :
OriginatingServer               : WINSTD08.levantfactors.local
IsValid                         : True
 
 
0
 
bugs-itAuthor Commented:
hello also i am using the defualt exchange self-signed  certificate
the BOA url internal and url the external will be different or the same ?
and also ine owa and autodicover should be the same or different?
0
 
MegaNuk3Commented:
Ok
Does outlook /rpcdiag show the connection as HTTp or TCP/IP?

Do EMS
Get-offlineaddressbook | update-offlineaddressbook
Wait 15 minutes and restart msexchangeFDS service on the CAS server, then wait 5 minutes and try download the OAB

If it doesn't work check the app event log on the OAB generating server for OAL Generator errors

Also do EMS
Test-outlookwebservices |fl
0
 
bugs-itAuthor Commented:
hello this the Diag
   RPC
OABthe url https://exch10.domain.local/OAB?3356045d-7504-463b-9d31-a236d5e70d69/


 http
AOB https://mail.domain.com/OAB/3356045d-7504-463b-9d31-a236d5e70d69/
 and as much as i wait no matter it takes forever and stcuk at 50%

0
 
MegaNuk3Commented:
Try open
https://exch10.domain.local/OAB?3356045d-7504-463b-9d31-a236d5e70d69/OAB.XML
From a client machine and see if you get:
1.) certificate warning
2.) credentials prompt
3.) does the XML file have content about a whole bunch of LZX files?
0
 
bugs-itAuthor Commented:
i try to open certificate warning the directly this error
server error
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
0
 
bugs-itAuthor Commented:
ok
outlook  /rpcdiag show the connection as tcp/ip
from the server.domain.local
0
 
bugs-itAuthor Commented:
another thing do i have to make the OAB internal and external URl same
i mean now  the ExternalUrl : https://mail.levantfactors.com/OAB
and the InternalnalUrl : https://exch10.levantfactors.local/OAB
do i have to change the internalUrl to https://mail.levantfactors.com/OAB
yes or no and might help  
0
 
MegaNuk3Commented:
What name is on your cert? If it is just Exch10.levantFactors.local then changing the internal URL to mail.levantfactors.com is not going to help at all.

What happens if you try go to this link from a client
https://exch10.domain.local/OAB/3356045d-7504-463b-9d31-a236d5e70d69/OAB.XML
0
 
bugs-itAuthor Commented:
hello by the way to day i install office 2010 on the win7 laptop to conneted to the Dc then the issue of OAB error disapears but the first tiem i open the outllok to configure the exchange account it show a security certificate warrraning and i press yes and i send and recevie normall but the problem did solve in the outlook 2007 , ?
0
 
MegaNuk3Commented:
So does Outlook 2010 just give you the cert error once? What is the cert error saying?
0
 
bugs-itAuthor Commented:
hello this is the errro then it works,  but ask  password
2010-outllok-error.PNG
0
 
MegaNuk3Commented:
Time to buy a 3rd party cert if you are going to have external users, if you are only going to have internal users the install your own CA
0
 
MegaNuk3Commented:
Or you can try changing all your URLs to match the only name you have on your self signed cert
0
 
bugs-itAuthor Commented:
hello agian
changing all  URLs to match the only name you have on your self signed cert
ok here you mean all the will be to the  mail.domain.com ? yes
then do i have to change somethign at the internal DNS ?
another think that will help me nomally use outlook anywhere ?

and do i really need to order a 3D party certificate if i have some external users to access exchange? if yes do you have a suggestion for the best choise ?
0
 
MegaNuk3Commented:
No, your self signed cert will only have a name of e2k.internaldomain.local so can't be used externally

You can install an enterprise CA and then make your own SAN Certs which can be installed on external computers

Or buy a cert from godaddy
0
 
bugs-itAuthor Commented:
hello i install outlook 2010 solve the problem of OBA but i still have te security  alert message as above  when i first configure the exchange for the fist time  ,
0
 
MegaNuk3Commented:
Click on the " View Certificate" button and see what names the cert has...

Have you bought a 3rd party one or are you using an internal Enterprise CA yet? The exchange self signed cert is not usable for external Outlook Anywhere clients if your internal FQDN is not externally accessible e.g. .local internal domain
0
 
bugs-itAuthor Commented:
i didn't buy but if will solve my problem i will specialy cos users arei going to use OMA too
0
 
MegaNuk3Commented:
Even a cheap single name cert would make your life so much easier:
http://www.amset.info/exchange/singlenamessl.asp
0
 
bugs-itAuthor Commented:
Hello i read this link http://support.microsoft.com/kb/940726
you mean that i ahve to change all to mail.domain.com even for the internal URL  and then creaet Ns  to point to mail.domain.com in the DNS ,
i think  i had try this solution before but didn't solve the OBA problem, isolve OBA by outlook 2010
and i am going to use OMA so i don't know if this woould also help or o have to buy CA
 
0
 
praveenkumare_spCommented:
ya u have to do that

give it a try
0
 
bugs-itAuthor Commented:
didn't completly solve he problem
0
All Courses

From novice to tech pro — start learning today.