Exchange 2010 OAB and Cisco ASA 5510

Posted on 2011-04-28
Last Modified: 2012-08-14
Running out of ideas, we have spent over 20 hours with Microsoft Exchange Support on this issue.  We have a new Exchange 2010 server which is working and in production.  It is in coexhistance with Exchange 2003 and CAS is working between two servers.  However the OAB will NOT distribute to Outlook 2007/2010 clients for Exch 2010 users (outside of the domain).  Microsot paid support has spent endless hours going through settings and they are now saying it is a firewall issue (because domain joined PC can download the OAB..just https/rpc clients cannnot)  We have a Cisco asa 5510 as the firewall, our isp gave us an interface public IP w/ a CIDR block of which we are using one of the static IP's to static nat ports 443 and 80 to exchange.   Any ideas?  we can download the oab xml file via from the internet.. Hopefully someone has an idea of what could be causing this problem in our Cisco.

Question by:corpdsinc
    LVL 35

    Expert Comment

    by:Ernie Beek
    Is anything showing in the logs of the ASA when a client tries to get the OAB?
    LVL 1

    Author Comment

    Worked with msft again last night and found that outlook 2003 and 2010 can both download the oab , but Outlook 2007 cannot.   So strange.
    LVL 1

    Accepted Solution

    This issue is now resolved.  The issue was that was created but not autodiscover.domain.NET was not.   Creating the second A record and adding that domain to the SSL cert fixed the issue.  Took MSFT 2 weeks to figure it out, but it actually was very simple.  
    LVL 1

    Author Closing Comment

    Closing as it was resolved by Microsoft Paid Support

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    Suggested Solutions

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now