locked
Exchange 2007 Client Synchronization RRS feed

  • Question

  • We have an Exchange 2007 Server with a Hub transport server on our network that we recently switched to from an Exchange 2003 server. The current problem is that certain changes made in the Exchange management console on the 2007 server do not appear to be made in the address lists of the client machines (Xp and Win 7, Office 2007 and 2010). We have a group called Dining Services Department that had a email address listed that doesn't exist (dsd@domain.com), so users sending mail to this group get the 550 Unkown User error.

    On the 2007 server, I have removed the bad email address and changed the alias for the group. These changes appear in OWA but not on the clients ( I waited 24 hours for the OAB to update). Am I correct in assuming this is a problem with the OAB, or is there something else I should be looking at?

    Thank you!

    Wednesday, February 22, 2012 9:44 PM

Answers

All replies

  • If you can see that change in OWA and say using Outlook in online mode then it;s an issue with OAB.  I would look into that.

    Sukh

    Thursday, February 23, 2012 12:05 AM
  •  

    Hello,

    Try to update oab manually and check if the issue persists.

    Best Regards,

    Lisa

    Thursday, February 23, 2012 5:56 AM
    Moderator
  • Alright, it does appear that OAB is the issue. I Tested the Autoconfiguration on a client machine and the result for OAB Url was "https://server/OAB/GUID/oab.xml/Guid/" If I run Get-OABVirtualDirectory on the server however, the result is "//server/OAB/Guid/oab.xml" How would I fix the incorrect link that AutoConfig is giving me?

    Tuesday, February 28, 2012 8:38 PM
  • Sounds like you need to fix the OAB URL

    Run Get-OABVirtualDirectory | fl and post output.

    and use Set-OABVirtualDirectory to fix


    Sukh

    Tuesday, February 28, 2012 8:53 PM
  • Here's what prints if I run Get-OABVirtualDirectory

    Name: OAB (Default Web Site)

    PollInterval: 480

    OfflineAddressBooks: (\Default Offline Address Book 1)

    RequireSSL: False

    BasicAuthentication:False

    WindowsAuthentication: True

    MetabasePath: IIS://server.domain.local/W3SVC/1/ROOT/OAB

    Path: C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB

    ExtendedProtectionTokenChecking: None

    ExtendedProtectionFlags: {}

    ExtendedProtectionSPNList:  {}

    Server: servername

    InternalUrl: https://server/OAB/GUID/oab.xml

    InternalAUthenticationMethods: {WindowsIntegrated}

    ExternalUrl: https://webacces.website.org/OAB/

    ExternalAuthenticationMethods: {WindowsIntegrated}

    AdminDisplayName:

    ExchangeVersion: 0.1 (8.0.535.0)

    DistinguidhedName: CN=OAB (Default Web Site), CN=HTTP, CN=Protocols, CN=servername, CN=Servers, CN=Exchange Administrative Group (FYDIBOHF23PDLT), CN=Administative Groups, CN=Company, CN=Microsoft Exchange, CN= Services, CN=Configuration, DC = domain, DC =local

    Identity: Server\OAB (Default Web Site)

    GUID: fa395ad1-2923-461d-b8cb-9cf6a27fa449

    ObjectCategory: domain.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory

    ObjectClass: {top, msExchVirtualDirectory, msExchOABVirtualDirectory}

    WhenChanged: 2/28/2012 10:13:27 AM

    WhenCreated: 9/30/2011 12:12:24 PM

    IsValid: True

    As far as I can tell, this looks fine. Is there any other information that might help troubleshoot this?

    Wednesday, February 29, 2012 7:27 PM
  • Change your internal URL to the same as your external URL.

    Sukh

    Wednesday, February 29, 2012 8:40 PM
  • Alright, I did that and Get-OABVirtualDirectory on the server confirms it, but Test E-mail AutoConfiguration still lists the wrong URL for the OAB. Any other suggestions?

    Wednesday, February 29, 2012 9:27 PM
  • Can you post a screen shot?

    Can you try creating a new profile an test again?


    Sukh

    Wednesday, February 29, 2012 10:29 PM
  • Aha! Recreating the profile did fix the URL issue. However, when I try and download the OAB now I get the following error:

    "Unknown Error 0x80072F06". Thanks again for all of your help so far :)

    Wednesday, February 29, 2012 10:36 PM
  • In IIS on the OAB vdir, do you have require SSL ticked?

    Sukh

    Wednesday, February 29, 2012 10:58 PM
  • No, Require SSL is unticked and Client Certificates is set to Ignore. Should Require SSL be ticked?

    Side note because some research suggests this might have something to do with certificates, we have an Edge Transport Server and when we were setting the Hub and the Edge up we issued a self-signed certificate. (I don't have an excellent grasp on certificates and their role in Exchange 2007 so I'm not sure if this is the problem or not).

    Wednesday, February 29, 2012 11:18 PM
  • That may be related

    Do you use any 3rd part certs at all for any Exch server.

    Run Get-ExchangeCertificate | fl

    Post the resutls, if you're only using self-signed then we may have to change the URL to

    http://FQDN of Cas server/OAB


    Sukh

    Wednesday, February 29, 2012 11:32 PM
  • Yes, we are only using self-signed certificates. Here's the results:



    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {server.domain.local, server, localhost}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Default CA, C=US
    NotAfter           : 10/4/2016 10:05:57 AM
    NotBefore          : 10/6/2011 10:05:57 AM
    PublicKeySize      : 1024
    RootCAType         : Registry
    SerialNumber       : 73DED04ABA9267B7
    Services           : IMAP, POP
    Status             : Unknown
    Subject            : CN=server.domain.local
    Thumbprint         : 7E6CAF419322BC8F9BCDAA0E8E9BA7548699725B

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                         ssControl.CryptoKeyAccessRule}
    CertificateDomains : {server, server.domain.local}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=server
    NotAfter           : 9/30/2016 12:10:42 PM
    NotBefore          : 9/30/2011 12:10:42 PM
    PublicKeySize      : 2048
    RootCAType         : None
    SerialNumber       : 5B65656F2A697A92493AC9BC99F986E6
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=server
    Thumbprint         : E4712968B9C4C6E0ED46271297488396B46D596D

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {WMSvc-server}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=WMSvc-server
    NotAfter           : 9/27/2021 11:59:16 AM
    NotBefore          : 9/30/2011 11:59:16 AM
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 395181AE7FE92495413258BDAFA59AB3
    Services           : None
    Status             : Valid
    Subject            : CN=WMSvc-server
    Thumbprint         : 678E4C03B45C593D29B1DC01A4AD61B9FBD103D7

    Wednesday, February 29, 2012 11:54 PM
  • It is for IIS, then change the URL as mentioned above

    https://FQDN of Cas server/OAB


    Sukh

    Thursday, March 1, 2012 12:01 AM
  • Awesome, it's working! Thanks for all your help Sukh, this was driving me crazy. :)
    Friday, March 2, 2012 7:06 PM
  • no worries

    Sukh

    Friday, March 2, 2012 7:16 PM