Exchange 2007 Offline Address Book (OAB) keeps asking for authentication
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure this will help you:
First thing is first make sure you have a vaild OAB
1. open Exchange Management console
2. open organization Configuration > Go to mailbox > choose Offline address book tab.
3. Make sure you have at least one address book here if not create one.
4. Right click on the address book go to properties > distribution Tab . ensure all boxes are ticked. > click on the ADD here you need to locate the appropriate server. > hit Ok.
5. You should be back to the OAB listings, if you have more then one that’s fine leave them for the time being, but choose the one you would like to be the default OAB and right click on it and choose ’set as default’
6. Now we need to update this OAB, right click on the default OAB you have created and then choose ‘update’
7. to ensure that the OAB has updated go to the event viewer and check the application log.
If you get a successful update great move on to step 9
if you get a warning with this event log below:
Log Name: Application
Source: MSExchangeSA
Date: 3/03/2009 9:10:24 AM
Event ID: 9320
Task Category: OAL Generator
Level: Warning
Keywords: Classic
User: N/A
Computer: server.domain.com.au
Description:
OALGen could not generate full details for some entries in the offline address list for address list ‘\Global Address List’. To see which entries are affected, event logging for the offline address list generator must be set to at least medium.
- xxxxxxx Offline Address Book
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeSA" />
<EventID Qualifiers="32768">9320</EventID>
<Level>3</Level>
<Task>13</Task>
<Keywords>0×80000000000000</Keywords>
<TimeCreated SystemTime="2009-03-02T22:10:24.000Z" />
<EventRecordID>14197</EventRecordID>
<Channel>Application</Channel>
<Computer>server.domain.com.au</Computer>
<Security />
</System>
<EventData>
<Data>\Global Address List</Data>
<Data>xxxxxx Offline Address Book</Data>
</EventData>
</Event>
You need to set the event logging a little higher to do this open up the exchange powershell console and run the below command:
Set-EventLogLevel -Identity "MSExchangeSA\OAL Generator" -Level Expert
Now repeat step 7
you should now have some errors
event ID: 9330 MSExchangeSA
OALGen encountered error 80040115 (internal ID 50004ef) accessing Active Directory servername for ”.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxxx Offline Address Book
and
Event ID 9334 MSExchangeSA
OALGen encountered error 80040115 while initializing the offline address list generation process. No offline address lists have been generated. Please check the event log for more information.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxx Offline Address Book
8. If these are the same kind of errors you must open ADSIedit (only included in the support package supplied by micorosft)
once you have installed the support tools
start > run > adsiedit.msc
go to
Using ADSIEdit:
1. Navigate to the ‘Default Global Address List’ object
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
2. Go to the properties of the ‘Default Global Address List’ object
3. Copy the distinguishedName attribute of the ‘Default Global Address List’.
It should look similar to the one below.
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
4. Navigate to the ‘Microsoft Exchange’ container.
CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
5. Go to properties of the ‘Microsoft Exchange’ container
6. Select the GlobalAddressList attribute and click Edit.
7. Paste in the distinguishedName attribute of the ‘Default Global Address List’ and click Add
8. Click OK twice to close out of the properties.
9. Replicate domain controllers
10. Rebuild the OAB again
above taken from http://forums.msexchange.org/m_1800488370/tm.htm
9. Check your permissions on your OAB go to c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\ find the correct GUID that related to your OAB, right click on the GUID and then go to the security tab. Ensure that administrators and system have full control and authenticated users have only read access. (leave the other permissions)
—- you can use this command to find out
get-offlineaddressbook | fl > c:\OAB_Version.txt
10. Ensure that the OAB has populated with an XML file you can find this in :\Program Files\Microsoft\Exchange Server\Client Access\OAB\GUID_here\oab.XML.
If you have not got an XML file the OAB has not populated revist your event viewer.
11. Now in IIS you should have an OAB virtual directory if you do not you must create this use the below
New-OABVirtualDirectory -DomainController <Fqdn> -ExternalUrl <Url> -InternalUrl <Url> -Path <String> -PollInterval <Int32> -RequireSSL <$true | $false> -Server <ServerIdParameter> -WebSiteName <String>
more info here: http://technet.microsoft.com/en-us/library/aa996917.aspx
If you do already have the virtual directory Change that virtual directory to an application.
That’s it, everything should work now!
this took me 2 days to work out and all it really was, was that darn virtual directory set by MS as default.
I hope I save someone the pain and frustration I went through with solving this.
May 15th, 2009 at 1:35 am
I do not have OAB virtual directory on my exchmb server, but it is on Exchange Client access server. Shell I crete the one.
May 15th, 2009 at 8:47 am
Its is a single server setup (front and back end)?
If so then yes recreate the Virtual Dir.
April 20th, 2010 at 4:58 am
The easiest way to drive visitor is to acquire a high quality backlinks. It is just a matter of proper backlinking and your site will flood out visitors.This is a true asset if website traffic is concern. one way backlinks is a plus. Although backlinks have many types but I prefer backlinks with high quality. Although there are many ways to drive visitors, but my first choice is through backlinks because in this way you can easily build traffic to your site and the more traffic, the more money will come to your pocket.backlinks list
August 25th, 2010 at 9:54 pm
Brad, your notes have been a big help to me. I was able to locate that the folders below Client Access\OAB do not allow SYSTEM full control on the subfolders. If I add it manually, I’m able to see the LZX files get copied over when I restart the File Distribution service. However, within a few minutes, the SYSTEM rights get cleared by some process. The Client Access\OAB folder does have the correct permissions, but the subfolders will not hold these settings.
I’m running Exchange 2010 with Update4.
Thanks for any suggestions that you may have.
August 25th, 2010 at 10:07 pm
Hi Ken,
I am running Exchange 2007 unfortunately, however it sounds like you are running a DFS or alike on the server is this the case?
August 25th, 2010 at 10:47 pm
I’m not running DFS on the Exchange 2010 server. It’s running Windows 2008 R2 and Exchange only. That’s it.
September 10th, 2010 at 4:33 am
Thanks for the info, changing the folder in IIS to an application was the key I had been missing.
February 3rd, 2011 at 1:27 am
Greetings, this is a truly absorbing Internet weblog and I have cherished learning several from the content material and posts contained around the internet website, keep up the exceptional work and desire to study a great deal extra stimulating content articles within the long term.
February 3rd, 2011 at 11:43 am
Hi Kenia,
Great to hear you got it working!!!!!
I have’t had a good look at this script for a while, but I think there maybe be a way to do this, but it would require significate changes to the script… the things that I can see after a very quick look would be
objShell.RegWrite RegKey , “AD_xxxxx”
objShell.RegWrite RegKey07 , “AD_xxxxx”
objShell.RegWrite RegKey10 , “AD_xxxxx”
UserDataPath = ObjShell.ExpandEnvironmentStrings(“%appdata%”)
FolderLocation = UserDataPath &”\Microsoft\AD_xxxxxxx\”
HTMFileString = FolderLocation & “xxxxxxx.htm”
Would more than likely have to change
You would need to create a new HTML section and have this referenced to the above, and some components below… I would love to try and get this added as extra functionality… but time has been very tight for the last few months unfortunately, So in this instance I would say give it ago yourself, but if you come unstuck you may be better off just having 2 of these scripts, called by 1 batch file, but remove this section from the one that you DONT want the default profile to be set as:
Call SetDefaultSignature(“xxxxx”,”")
‘ Use this version (and comment the other) to
‘ modify a named profile.
‘Call SetDefaultSignature _
‘ (“Signature Name”, “Profile Name”)
Sub SetDefaultSignature(strSigName, strProfile)
Const HKEY_CURRENT_USER = &H80000001
strComputer = “.”
February 25th, 2011 at 7:11 am
Thanks for the article
March 30th, 2011 at 8:57 pm
Thank you for the benefit of sharing this insight!
September 1st, 2011 at 4:30 am
Thank you for posting this. This solved my problem with your very accurate information.
November 22nd, 2011 at 6:36 am
maizelight…
[...]Exchange 2007 Offline Address Book (OAB) keeps asking for authentication | Brad Marsh’s Weblog[...]…
September 29th, 2020 at 12:57 am
Karla Dietz…
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure…
January 6th, 2021 at 6:24 pm
Selling Proxy…
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure…
June 20th, 2021 at 9:07 pm
Buy Proxy…
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure…
July 30th, 2021 at 7:35 am
Blazingseollc…
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure…
January 13th, 2022 at 9:16 am
1dividend…
…
April 22nd, 2022 at 11:39 pm
Cheap Proxies Shop…
If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure…