Exchange 2007 Offline Address Book (OAB) keeps asking for authentication

If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure this will help you:

First thing is first make sure you have a vaild OAB

1. open Exchange Management console

2. open organization Configuration > Go to mailbox > choose Offline address book tab.

3. Make sure you have at least one address book here if not create one.

4. Right click on the address book go to properties > distribution Tab . ensure all boxes are ticked. > click on the ADD here you need to locate the appropriate server. > hit Ok.

5. You should be back to the OAB listings, if you have more then one that’s fine leave them for the time being, but choose the one you would like to be the default OAB and right click on it and choose ’set as default’

6. Now we need to update this OAB, right click on the default OAB you have created and then choose ‘update’

7. to ensure that the OAB has updated go to the event viewer and check the application log.

If you get a successful update great move on to step 9

if you get a warning with this event log below:

Log Name:      Application
Source:        MSExchangeSA
Date:          3/03/2009 9:10:24 AM
Event ID:      9320
Task Category: OAL Generator
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      server.domain.com.au
Description:
OALGen could not generate full details for some entries in the offline address list for address list ‘\Global Address List’.  To see which entries are affected, event logging for the offline address list generator must be set to at least medium.
- xxxxxxx Offline Address Book
Event Xml:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeSA" />
    <EventID Qualifiers="32768">9320</EventID>
    <Level>3</Level>
    <Task>13</Task>
    <Keywords>0×80000000000000</Keywords>
    <TimeCreated SystemTime="2009-03-02T22:10:24.000Z" />
    <EventRecordID>14197</EventRecordID>
    <Channel>Application</Channel>
    <Computer>server.domain.com.au</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Global Address List</Data>
    <Data>xxxxxx Offline Address Book</Data>
  </EventData>
</Event>

 

You need to set the event logging a little higher to do this open up the exchange powershell console and run the below command:

Set-EventLogLevel -Identity "MSExchangeSA\OAL Generator" -Level Expert

Now repeat step 7

you should now have some errors

event ID: 9330 MSExchangeSA

OALGen encountered error 80040115 (internal ID 50004ef) accessing Active Directory servername for ”.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxxx Offline Address Book

 

and

Event ID 9334 MSExchangeSA

OALGen encountered error 80040115 while initializing the offline address list generation process. No offline address lists have been generated. Please check the event log for more information.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxx Offline Address Book

 

8. If these are the same kind of errors you must open ADSIedit (only included in the support package supplied by micorosft)

once you have installed the support tools

start > run > adsiedit.msc

go to

Using ADSIEdit:
1. Navigate to the ‘Default Global Address List’ object
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
2. Go to the properties of the ‘Default Global Address List’ object
3. Copy the distinguishedName attribute of the ‘Default Global Address List’.
It should look similar to the one below.
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
4. Navigate to the ‘Microsoft Exchange’ container.
CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
5. Go to properties of the ‘Microsoft Exchange’ container
6. Select the GlobalAddressList attribute and click Edit.
7. Paste in the distinguishedName attribute of the ‘Default Global Address List’ and click Add
8. Click OK twice to close out of the properties.
9. Replicate domain controllers
10. Rebuild the OAB again

above taken from http://forums.msexchange.org/m_1800488370/tm.htm

 

9. Check your permissions on your OAB go to c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\ find the correct GUID that related to your OAB, right click on the GUID and then go to the security tab. Ensure that administrators and system have full control and authenticated users have only read access. (leave the other permissions)

—- you can use this command to find out

get-offlineaddressbook | fl > c:\OAB_Version.txt

 

10. Ensure that the OAB has populated with an XML file you can find this in :\Program Files\Microsoft\Exchange Server\Client Access\OAB\GUID_here\oab.XML.

If you have not got an XML file the OAB has not populated revist your event viewer.

 

11. Now in IIS you should have an OAB virtual directory if you do not you must create this use the below

New-OABVirtualDirectory -DomainController <Fqdn> -ExternalUrl <Url> -InternalUrl <Url> -Path <String> -PollInterval <Int32> -RequireSSL <$true | $false> -Server <ServerIdParameter> -WebSiteName <String>

more info here: http://technet.microsoft.com/en-us/library/aa996917.aspx

If you do already have the virtual directory Change that virtual directory to an application.

That’s it, everything should work now!

this took me 2 days to work out and all it really was, was that darn virtual directory set by MS as default.

I hope I save someone the pain and frustration I went through with solving this.


Leave a Reply