none
New mailbox users not showing up in GAL since transition from Exch 2007 to Exch 2010

    Question

  • About a month ago we transitioned from Exchange 2007 to 2010.  I have everything moved over to the new 2010 server, but the old 2007 is still up and running for now.  I read that I should leave it up long enough for most users to open Outlook so that the 2007 server can tell them that their mailbox is now located on the 2010 box.

    Since the transition I have created two new mailboxes.  Neither of them will show up in the GAL in the Outlook client.  Both of them show up in the GAL when using Outlook Web App.

    We only have one offline address book.  In the properties of the default offline address book (in EMC>Organization Config>Mailbox>OAB tab) I have include the default global address list checked under the address lists tab, I have Outlook 2003 SP2 or later (version 4) checked under client support, enable web-based distribution is checked and the 2010 server is set as the distribution server under Distribution Points.  I don't have enable public folder distribution checked because we don't use those.

    I don't see anything in the logs that suggests a problem.

    Tuesday, May 11, 2010 3:56 PM

Answers

  • I think I might have solved my problem, but would like feedback as to whether or not it is a good solution. Also take a look at my post above and let me know if it looks ok.  Looks good to me.

    In IIS, I noticed that the folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission.  I granted authenticated users read only rights to the OAB folder and also turned off the require SSL setting.

    I then went into Outlook and was able to download the OAB and my 2 users and 1 room mailbox were there.  I tried turning require SSL back on for the OAB folder, but that prevented Outlook from downloading the OAB.

    To summarize, I need to add read only permissions for authenticated users and turn off SSL for the OAB folder in IIS to solve the problem.

    • Marked as answer by R.Mattern Thursday, May 13, 2010 3:39 PM
    Thursday, May 13, 2010 3:39 PM
  • Had this problem show up on an Exchange 2010 server I think after removing a role (unified messaging). After much head banging I found the Microsoft Exchange File Distribution service was set to disabled and stopped. From my limited understanding of this, the Microsoft Exchange File Distribution service is critical to copying/updating the GAL to the OAB. I found the files in C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\GUID were stale and not being updated. Enabling/starting the Microsoft Exchange File Distribution service fixed the issue and updated the OAB.
    • Proposed as answer by matternrj Tuesday, February 15, 2011 2:04 PM
    • Marked as answer by R.Mattern Tuesday, February 15, 2011 2:04 PM
    Friday, October 01, 2010 6:47 PM

All replies

  • I would assume if you took your Outlook clients out of cached mode they will see the address list just fine.  This means its a problem with the OAB not the GAL.

    First, I would ensure you have moved the OAB to 2010.  right-click it and choose move.  This will change the "generation server" column in the EMC view.

    Second, (wait a while) hold ctrl and right-click the Outlook icon by the task bar and choose "test autoconfig".  uncheck both guessmart boxes.  Then look at the column that says OAB.  Then ensure the outlook client can connect to that url and there aren't any dns, cert issues, etc.

    Third, make sure you have Outlook 2007 or 2010 only as clients.  Outlook 2003 cannot use web-based distribution of offline Address Books.


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Tuesday, May 11, 2010 11:19 PM
    Moderator
  • Is it necessary to move the OAB and have the 2010 server as the generation server ? Can the oab be copied (replicated) instead to 2010 public folder database and see if that resolves the problem first ?
    Wednesday, May 12, 2010 1:40 AM
  • I thought you were not using public folders for OAB distribution?

    You can use Web-based and/or PF-based distribution.  You need to look at the autodiscover settings I suggested to see where the client is trying to connect to. 

    It is not a requirement to move the OAB generation server but it is a best practice to have the latest version of Exchange handle the task. (#8)


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Wednesday, May 12, 2010 3:02 AM
    Moderator
  • I double checked and the generation server column for the default offline address book (we only have one) is set to the new 2010 server.  The distribution mechanism is web-based (you are correct we don't use public folders).

    If I go into the properties of the OAB under the distribution tab, I have OAB (default web site) under distribution points with the correct server.  My 2007 server used to be listed underneath as a second distribution point but I removed it over the weekend because I thought maybe that was causing problems.

    I tested autoconfig and the availbility service URL, OOF url, OAB url, and unified message service url are all pointing to the 2010 server.  Auth package says unspecified.

    The log shows that it tried to first go to the 2007 server and then was redirected to the 2010 server and succeeded.

    Wednesday, May 12, 2010 12:47 PM
  • cab you download the OAB on a client machine and see if there is an error or something
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I and other MVPs post here: http://www.enowconsulting.com/ese/blog.asp Or follow my blog: http://busbar.blogspot.com or our corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an asnwer
    Wednesday, May 12, 2010 12:49 PM
  • I just checked the connection status (right-click the Outlook icon whlie holding ctrl) and it is connected to the 2007 server for public folders.  It's connected to the 2010 server for mail.

    I forgot to mention above that we are only using Outlook 2007 clients.  No 2003 clients are around anymore.

    Wednesday, May 12, 2010 12:51 PM
  • please follow these steps to download the OAB:

    http://office.microsoft.com/en-us/outlook/HA101535321033.aspx

    and see any errors


    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I and other MVPs post here: http://www.enowconsulting.com/ese/blog.asp Or follow my blog: http://busbar.blogspot.com or our corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an asnwer
    Wednesday, May 12, 2010 12:56 PM
  • I've tried to download the OAB with my Outlook client and it never completes.  I've tried leaving the download changes since last send/receive box checked and I've tried unchecking it.  I've tried both full details and no details.  I let it go for hours and it never finishes no matter what options I choose.
    Wednesday, May 12, 2010 12:59 PM
  • so you have an issue with the OAB, because it doesn't download.

    can you follow the steps to configure the web services and OAB and make sure that you have the correct settings and then try again, also if you can post the OAB urls and to where they point that will jelp us:

    http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Exchange-2007-2010-Web-services-and-Autodiscover-Ultimate-Troubleshooting-Guide.html


    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I and other MVPs post here: http://www.enowconsulting.com/ese/blog.asp Or follow my blog: http://busbar.blogspot.com or our corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an asnwer
    Wednesday, May 12, 2010 1:04 PM
  • OAB (default web site) URLs from EMC:

    Internal: http://mail.wanee.org/OAB, External: https://mail.wanee.org/OAB

    The AutoConfig results show the OAB URL as: http://mail.wanee.org/OAB/d33d3462-d961-4efe-a66b-85ab5e66502c4

    In IIS there is a folder under OAB that matches d33d3462...etc

    Should I be requiring SSL for the OAB directory in IIS?  That box is checked and client certificates are set to ignore.

    Wednesday, May 12, 2010 1:16 PM
  • ok don't require HTTPs for now, and to where mail.wanee.org points internally.
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I and other MVPs post here: http://www.enowconsulting.com/ese/blog.asp Or follow my blog: http://busbar.blogspot.com or our corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an asnwer
    Wednesday, May 12, 2010 1:25 PM
  • Is the OAB being copied from the mailbox server (to CAS) as expected?

    See here also:

    http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/f38762dc-e1f6-4c7b-b1b6-4be890e5cf8c


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Wednesday, May 12, 2010 2:02 PM
    Moderator
  • I tried unchecking require SSL for the OAB directory in IIS and it didn't help.  It still stalls out when I try to download the OAB through Outlook.  It doesn't error out, but it doesn't finish either.

    Going step-by-step through your ultimate troubleshooting link:

    OWA is working great, autodiscover is working, and EAS works.

    In EMC I typed get-webservicesvirtualdirectory and it returned results for both the old and new server.  The URLs appear to be correct.

    In EMC I typed get-oabvirtualdirectory and it returned results for both the old and new server.  The only difference is that the old server doesn't have a URL listed for external url and the new server does.

    Wednesday, May 12, 2010 2:04 PM
  • We only have one server (not counting the old Exchange 2007 we just transitioned from).  All roles reside on the same Exchange 2010 box.  Does that matter?

    Wednesday, May 12, 2010 2:08 PM
  • In EMC under Server Config>Client Access I went into the properties of the OAB and saw that it was being stored at C:\Program Files\Microsoft\Exchange Server\v14\clientaccess\OAB.  I went there and the folder d33d3462... that I mentioned earlier was last modified today at 3:08 am.  Is it safe to assume that the OAB is being copied correctly (or at least that it is trying to be copied from the mailbox server) from that information?
    Wednesday, May 12, 2010 2:14 PM
  • I found one warning that is repeated a few times in the Microsoft Exchange with Database Availbilty Group Events under Custom Views>Server Roles.

    The source is the system attendant, event ID 9320, task category (13).  It says: OABGen could not generate full details for some entries in the offline address list for address list '\Global Address List'.  To see which entries are affected, set event logging for the offline address list generator to at least medium.

    Wednesday, May 12, 2010 2:21 PM
  • This is the error, can you increase the logging level to see what happens exactly.
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I and other MVPs post here: http://www.enowconsulting.com/ese/blog.asp Or follow my blog: http://busbar.blogspot.com or our corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an asnwer
    Wednesday, May 12, 2010 2:30 PM
  • I found this: http://blogs.msdn.com/dgoldman/archive/2009/12/01/please-read-events-9320-and-9359-on-new-installation-of-exchange-2010.aspx that says that error is nothing to worry about.

    I will increase the logging level anyway.

    Wednesday, May 12, 2010 2:36 PM
  • Is the OAB being copied from the mailbox server (to CAS) as expected?

    See here also:

    http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/f38762dc-e1f6-4c7b-b1b6-4be890e5cf8c


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!


    I went to that site and I found an event in my log that is very similar the one your link mentions.

    It says: Process MSExchangeFDS.exe (PID=2848). The offline address book synchronization cycle is complete. 1 offline address book(s) were successfully synchronized.  Event ID: 1008

    Wednesday, May 12, 2010 6:31 PM
  • Hi,

    Whether all users could not see the two new mailboxes under the GAL in Outlook?

    Since the 1008 event was received, this indicates the FDS service is running fine and make the OAB files sync between the Mailbox server and CAS. Now please run test-outlookwebservices |fl command in EMS in order to make sure the OAB URL could be contacted without issue, then post the information on the forum.

    Thanks

    Allen

    Thursday, May 13, 2010 8:39 AM
    Moderator
  • Here is what I got after running the command you suggested Allen.  I'm not sure what you were asking in your question.  I've added 2 users and 1 room since transitioning from our Exchange 2007 box to the new 2010 box.  If they use OWA they can see all 3 (GAL?).  If they use the Outlook 2007 client (OAB?), they cannot see any of the 3.

    [PS] C:\Windows\system32>test-outlookwebservices | fl


    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1019
    Type       : Information
    Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is https://mail.wanee.org/Autodiscover/Autodiscover.xml.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1006
    Type       : Information
    Message    : Contacted the Autodiscover service at https://mail.wanee.org/Autodiscover/Autodiscover.xml.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1016
    Type       : Information
    Message    : [EXCH] The AS is configured for this user in the AutoDiscover response received from https://mail.wanee.org/Autodiscover/Autodiscover.xml.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1015
    Type       : Information
    Message    : [EXCH] The OAB is configured for this user in the AutoDiscover response received from https://mail.wanee.org/Autodiscover/Autodiscover.xml.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1014
    Type       : Information
    Message    : [EXCH] The UM is configured for this user in the AutoDiscover response received from https://mail.wanee.org/Autodiscover/Autodiscover.xml.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1022
    Type       : Success
    Message    : Autodiscover was tested successfully.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1024
    Type       : Success
    Message    : [EXCH] Successfully contacted the AS service at https://mail.wanee.org/EWS/Exchange.asmx. The elapsed time was 988 milliseconds.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1026
    Type       : Success
    Message    : [EXCH] Successfully contacted the UM service at https://mail.wanee.org/EWS/Exchange.asmx. The elapsed time was 46 milliseconds.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1024
    Type       : Success
    Message    : [EXPR] Successfully contacted the AS service at https://mail.wanee.org/ews/exchange.asmx. The elapsed time was 46 milliseconds.

    RunspaceId : adb890c5-afa1-4880-a1cb-d6c5d1aaf539
    Id         : 1026
    Type       : Success
    Message    : [EXPR] Successfully contacted the UM service at https://mail.wanee.org/ews/exchange.asmx. The elapsed time was 31 milliseconds.

    Thursday, May 13, 2010 12:31 PM
  • I think I might have solved my problem, but would like feedback as to whether or not it is a good solution. Also take a look at my post above and let me know if it looks ok.  Looks good to me.

    In IIS, I noticed that the folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission.  I granted authenticated users read only rights to the OAB folder and also turned off the require SSL setting.

    I then went into Outlook and was able to download the OAB and my 2 users and 1 room mailbox were there.  I tried turning require SSL back on for the OAB folder, but that prevented Outlook from downloading the OAB.

    To summarize, I need to add read only permissions for authenticated users and turn off SSL for the OAB folder in IIS to solve the problem.

    • Marked as answer by R.Mattern Thursday, May 13, 2010 3:39 PM
    Thursday, May 13, 2010 3:39 PM
  • if it requires SSL, I would change the url to include ssl instead of turning off ssl.

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Thursday, May 13, 2010 4:43 PM
    Moderator
  • Good advice Mike.  I changed the internal url to https:// in the OAB properties in EMC and then checked the require ssl box in IIS for the OAB directory.

    Tested it and it still works.

    Thursday, May 13, 2010 6:10 PM
  • Had this problem show up on an Exchange 2010 server I think after removing a role (unified messaging). After much head banging I found the Microsoft Exchange File Distribution service was set to disabled and stopped. From my limited understanding of this, the Microsoft Exchange File Distribution service is critical to copying/updating the GAL to the OAB. I found the files in C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\GUID were stale and not being updated. Enabling/starting the Microsoft Exchange File Distribution service fixed the issue and updated the OAB.
    • Proposed as answer by matternrj Tuesday, February 15, 2011 2:04 PM
    • Marked as answer by R.Mattern Tuesday, February 15, 2011 2:04 PM
    Friday, October 01, 2010 6:47 PM
  • Had this problem show up on an Exchange 2010 server I think after removing a role (unified messaging). After much head banging I found the Microsoft Exchange File Distribution service was set to disabled and stopped. From my limited understanding of this, the Microsoft Exchange File Distribution service is critical to copying/updating the GAL to the OAB. I found the files in C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\GUID were stale and not being updated. Enabling/starting the Microsoft Exchange File Distribution service fixed the issue and updated the OAB.

    This fixed it for us - many thanks.
    itswt
    Wednesday, July 06, 2011 11:09 AM
  • I think I might have solved my problem, but would like feedback as to whether or not it is a good solution. Also take a look at my post above and let me know if it looks ok.  Looks good to me.

    In IIS, I noticed that the folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission.  I granted authenticated users read only rights to the OAB folder and also turned off the require SSL setting.

    I then went into Outlook and was able to download the OAB and my 2 users and 1 room mailbox were there.  I tried turning require SSL back on for the OAB folder, but that prevented Outlook from downloading the OAB.

    To summarize, I need to add read only permissions for authenticated users and turn off SSL for the OAB folder in IIS to solve the problem.

    Hi Mattem

    Your post is so helpful for me . thank you very much  thanks for the solution 

    Saturday, February 18, 2012 9:55 AM
  • I've been fighting with this this week as well

    Exchange - New User(s) Not Showing Up On Global Address List

    Pete


    Regards Pete Long http://www.petenetlive.com

    Monday, February 25, 2013 1:38 PM