OAB backdated issue RRS feed

  • Question

  • Hi,

    Our OAB is backdated (new employees are gone and terminated employees show up). this issue happen once when we demoted a old DC last month. but it happened again this morning after I reboot the main DC and the exchange server last night.

    Our consultant helped us to fix this issue, but unfortunately, he is on vacation and out of country. Below is the email he sent after he fixed the issue. I followed these steps and check the settings already,  but still cannot fix this problem. anyone has any clue?

    Exchange 2007 @ Windows 2003 R2


    • Edited by beidog Monday, July 22, 2013 9:18 PM
    Monday, July 22, 2013 9:18 PM

All replies

  • How many domain controllers do you have? Are they replicating without errors? Was Exchange installed on a DC? Was that the DC you demoted?

    Based on a small amount of information it looks like the demotion of the DC left metadata in the directory that needs to be cleaned up.

    To get a general idea of replication health you can run "repadmin /replsummary".

    --- Rich Matheisen MCSE&I, Exchange MVP

    Tuesday, July 23, 2013 1:00 AM
  • Hi,

    I am agree with Rich Matheisen.
    The attributes should contain stale or bad data.
    Try to retrieve event id to confirm whether they are 9126,9330,9339 with error 8004010e.

    If they are, please clean up the bad data.

    More details in the followig KB:
    Exchange OAB generation failures caused by Attributes containing stale or bad data

    If not , let’s check the following points to make sure the Exchange side OAB related features are fine:
    Check the OAB files (.lzx) in Mailbox and CAS servers to confirm that they have the latest update.
    Locations as followed (according to the individual situation):
        MBX: program files/Microsoft/exchange server/v14/exchangeOAB
        CAS: program files/Microsoft/exchange server/v14/clientaccess/OAB

    If the .lzx files on MBX server are not the latest, it should be the issue about OAB generation.
    If the MBX is OK, but the CAS is not, it may be the issue about sync. Please force to do the synchronization by restarting the exchange file distribution service.

    Feel free to let me know if there are any questions.
    If you are satisfied with my solution, please mark as an answer.


    Tuesday, July 23, 2013 9:46 AM
  • Thank you for all the responses.

    The Exchange is not a DC and we have multiple DC across three offices(2 DC at this offices). Between DCs, they are seems replicating fine. The Exchange is pointed to a main DC and the exchange was restarted before the main DC was up. From the event log i can see that the Exchange was looking for a DC  but the main DC is not up yet(maybe 5-10 minutes later). 

    Regarding the error id 8004010e, I didn't find in on "Application" event log, should i look for another log?

    I took a screen shot for the MBX and CAS folders.

    6/5 is the date the consultant fix the issue for us and seems fine until we restart the servers on 7/19.

    I will restart  the exchange file distribution service or the whole exchange server one more time today during after hours. Anything else i can check????

    Tuesday, July 23, 2013 4:51 PM
  • Attachment is here:

    Tuesday, July 23, 2013 5:00 PM
  • Have a look in the application event log for Event-ID 2080 (the source is "MSExchange ADAccess"). Post the results, along with the names of the DCs that you think are the DCs in your AD forest. I'll bet you find an extra name in the 2080 event. If not, restart the System Attendant service to have it rediscover the AD topology.

    If you can't connect to the AD then something probably went wrong during the DC demotion that left metadata in the directory that leads Exchange trying to connect to something that no longer exists.

    Have a look at the "Domain Controllers" OU in ADUC. Do you see the demoted DC there? How about in "Active Directory Sites and Services"? Do you see the server in the "Servers" part of the Site? Are there servers in the site that don't have a "NTDS Settings" container (or any other container)?

    Are there service records left in DNS that refer to the demoted DC?

    Clean up the AD and DNS if you find things that shouldn't be there. If the AD isn't "right" you can't expect Exchange to work properly.

    --- Rich Matheisen MCSE&I, Exchange MVP

    Tuesday, July 23, 2013 9:36 PM
  • Thanks for the reply.

    I have checked the Event-ID 2080 today and a few days back, the demoted DC is not listed there. only the active DCs are.

    For the DNS records, serves, pointers, etc, we did go through a check list to make sure we clean the old DC record and update setting on the new DC after the demote from Day 1. I just double checked again from the things you mentioned above, i still didn't find anything wrong on the DC side.

    Address List will show up correctly in Online Mode from Outlook but not cache mode, if the local OAB is delete it, and restart Outlook, the Address list is correct until I hit the download Address Book button. On the exchange, I previewed "Default Global Address List" and it's already backdated.

    Tuesday, July 23, 2013 10:22 PM
  • Create another OAB and make it the default OAB on your mailbox databases. If that works, delete the default OAB.

    --- Rich Matheisen MCSE&I, Exchange MVP

    Wednesday, July 24, 2013 10:03 PM
  • I am still thinking that it may be something wrong on the replication between exchange and AD. "somewhere" in exchange is probably pointed to the old DC??? since the GAL on exchange is already not right, how can the OAB be correct?

    I use ASDI and found the following:

    Under configuration,

    CN=Configuration, CN=Service, CN=Microsoft Exchange, CN=CompanyName , CN=Connections

    I found the old DC is still listed it. so how should i fix this? edit it or delete it? this server is no longer a DC, but it still active as a member server. Is there any place I should look into beside this one?

    Thursday, July 25, 2013 1:32 AM
  • Do you find the same situation when you examine the copy of the configuration container on each DC? Or is it incorrect on only one DC?

    If it's wrong on only one then there's an AD replication problem that you need to fix.

    --- Rich Matheisen MCSE&I, Exchange MVP

    Friday, July 26, 2013 1:59 AM
  • Ok, we did some clean up during the weekend. we deleted the original GAL and set the "Default Global Address List" back to default.

    However, some users reported their Address list is completely empty. I also checked outlook in online mode and OWA, "Default Global Address List" is empty too. Address List "All Users" is actually correct, so we let users temporary use this one .

    I guess this is related issue:  when a existing user log in to a new machine and try to setup outlook, we get this message:

    "The name cannot be matched to a name in the address list" 

    I think it may still look for the old list.

    Monday, July 29, 2013 5:18 PM