Problems accessing ExchangeOAB subfolders from Exchange 2010 server

Posted on 2012-08-24
Last Modified: 2012-08-28
We have an Exchange 2010 setup with 12 servers at various AD sites and geographic locations. We noticed an issue with one of the sites where we have 1 multi-role server (CAS, Mailbox, Hub Transport). This server could not update the GAL and upon inspection we could open the ExchangeOAB share on the server generating the GAL but cannot open the subfolder containing the GAL updates the explorer window appears to hang then eventually reports:

xxxxxxxx is not accessible. You might not have permision to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The Specified network name no is no longer available.

It also cannot open the c$ or other admin shares on the GAL server. Non-admin shares work fine with the exception of the aforementioned address book folder. I've tried creating a new GAL but the problem is the same with the new GAL subfolder. The OABGenerator server is the only one contactable by all exchange servers so i cant move the GAL to another server.

Doing some troubleshooting the problem only crops up if i install the Mailbox role, if i remove this it works fine. For the sake of troubleshooting we also removed all AV from the server.

We don't have this issue from the DC at the same site or from any of the other Exchange servers. We also dont have this problem from the same server to other exchange server c$ shares, including other servers at the same site as the OABGenerator server.

If i try to RDP to the OAB server, i get prompted for credentials, the window opens with just a black screen (no taskbar etc then after a few seconds i get:

The Remote Desktop Session has ended.

It generates the following error on the OAB server System log:

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP:

RDP also works fine without the mailbox role installed.

All Exchange Servers are running Windows 2008 R2 Enterprise with latest updates and Service Packs.
Question by:graememutch
    LVL 52

    Accepted Solution

    Did you check the permissions on the ExchangeOAB folder ?
    If there is an issue when you do an update OAB you will get some error on the EMC or in Eventviewer.
    Are all the Microsoft services running on the Exchange server ?

    - Rancy
    LVL 7

    Expert Comment

    Can you access OAB files from another CAS server --


    Updates under ExchangeOAB folder is current? whats the date it got generated?

    Author Comment

    Can access the OAB files from all other CAS servers.

    Updates to the OAB work, i see them generating when i force an update.

    Author Comment

    ExchangeOAB permissions are as follows:

    System - Full Control
    Organization Management - List Contents/Read
    View-Only Organization Management - List Contents/Read
    Exchange Servers -  - List Contents/Read
    Administrators - Full Control

    I can access the ExchangeOAB share itself, its the subfolder i cant get into, it has the same permission inherited from above.

    OAB updates work fine to all other servers.

    Just noticed i neglected to mention the MS Exchange Address Book service will also not start with the following error:

    Unable to register the MSExchangeAB RPC interface. Failed with the error code The endpoint is a duplicate (1740)

    I'm back at the client tomorrow and will look at port conflicts, also saw suggestions regarding NIC teaming being a problem which they do have setup but i would have expetced that to be a problem without the mailbox role installed as well. Possible the mailbox role is using the same port for something, theyre not statically assigned though.
    LVL 33

    Expert Comment

    Here is what I would suggest you to do for MSExchangeAB RPC Interface (and yes !! this does cause issues for OAB)

    => Confirm whether this box is a DC or NOT, if it is a DC - you have to promote it to a GC and reboot the server.
    => If the box, where you're having issues with this service is also a hub server - in that stop transport service and then start AB RPC Server FIRST and then transport service and NOW check the OAB Issue
    => If from the above two steps you're issue doesnt get solved - run netstat -amo from you're command prompt, verify if an unknown service is working on ports 6002-6004.

    Once done, reboot the box just once and provide us results.

    Worst case scenario, we'll ask you to bump up the logging on MSExchangeSA\OAB Generator And MSExchangeFDS service.

    Oh and please please do not forget to run Exchange Best Practice Analyzer tool.

    LVL 52

    Expert Comment

    MS Exchange Address Book service - thats the reason i asked to check all Exchange services :)

    I'm back at the client tomorrow and will look at port conflicts, also saw suggestions regarding NIC teaming being a problem which they do have setup but i would have expetced that to be a problem without the mailbox role installed as well. Possible the mailbox role is using the same port for something, theyre not statically assigned though - Good catch ... update what you find and we can proceed

    Hope we have a local GC server and also the RPCClient service is running :)

    Please check the below article has helped a lot resolutions

    - Rancy
    LVL 33

    Expert Comment

    So, what solved the issue?


    Author Comment

    Thanks for all the replies. :)

    Tracked this down to having Avaya IP Office Manager installed which we had to do temporarily and didn't remove. I got to that from chasing the Address book not starting as found in this thread:

    This fixed everything, i and understand it causing the address book not to start but seems odd to cause the problems with RDP and Admin folder access, stopping the Address Book service after removing the Avaya software didnt cause the same symptoms so the conflict must have been deeper than that i guess.

    Lesson learned, a mail server is for email not multi-purpose ;)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now