Outlook OAB download fails with 0x80004005 and/or 0x8004010F

KB ID 0000035 

Problem

0x8004010F is caused by client not being able to see the Offline Address Book.

0x8004010F Error With Exchange 2013/2016/2019

Firstly make sure your autodiscover is correct, on the Exchange server open the Exchange management shell, and issue the following  command.

[box]

Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri

[/box]

If you need to fix/change it, use the following syntax.

[box]

Set-ClientAccessServer -Identity PNL-MAIL-2019 -AutoDiscoverServiceInternalUri "https://mail.petenetlive.com/autodiscover/autodiscover.xml"

[/box]

Then check that the Offline Address Book is set correctly also.

[box]

Get-OabVirtualDirectory -server PNL-MAIL-2019

[/box]

 

If you need to fix/change it, use the following syntax.

[box]

Set-OabVirtualDirectory -Identity "PNL-MAIL-2019\oab (default web site)" -InternalUrl "https://mail.petenetlive.com/oab" -ExternalUrl "https://mail.petenetlive.com/oab"

[/box]

Then ensure ALL Mailbox databases are set to use the Default Offline Address Book.

[box]

Get-Mailboxdatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book”
Get-MailboxDatabase | Ft Name, *book*

[/box]

Then check for the existence of the ‘Arbitration Mailbox’

[box]

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*OAB*”} | ft Name, Servername, Database

[/box]

If its broken/ missing then you can do the following.

[box]

New-OfflineAddressBook -Name “NEW-OAB” -AddressLists “\Default Global Address List” -VirtualDirectories “PNL-MAIL-2019\OAB (Default Web Site)”
Get-Mailboxdatabase | Set-MailboxDatabase -OfflineAddressBook “NEW-OAB”
Create New-Mailbox -Arbitration -Name “OAB-GEN” -UserPrincipalName OAB@pnl.com –DisplayName “OAB-Generation-Mailbox” -Database MBX-DB-2019v2
Set-Mailbox -Arbitration OAB@pnl.com -OABGen $true

[/box]

Then finally restart the Exchange services WARNING this will cause downtime.

[box]

$services = Get-Service | ? { $_.name -like "MSExchange*" -and $_.Status -eq "Running"};foreach ($service in $services) {Restart-Service $service.name -Force}

[/box]

For Exchange 2020 / 2007 (0x8004010F Error)

1. Log onto the Exchange Server.
2. Start > All Programs > Exchange Management Console > Organisation Configuration > Mailbox > Offline address Book > Create a new one (Must have a different name to {Default}.
3. Delete the Old Offline Address Book.
4. Set the one you created as the default.

WAIT 20 MINUTES – If the Problem Persists

1. Log onto the Exchange Server.
2. Start > All Programs > Exchange Management Console > Server Configuration > Mailbox.
3. Select the Mailbox store in the middle section > Right Click > Properties.
4. Client Settings tab > Browse > Select the Address book you created above > OK > OK.

WAIT 20 MINUTES

Note: I’ve also fixed by creating a new mail profile – though when I switched back to the original one it was ok – so I may not have been patient enough.

Related Articles, References, Credits, or External Links

NA

Exchange 2013 – Working with and Managing the OAB

KB ID 0000745 

Problem

Exchange 2013, has changed the way Offline Address Books are handled, with previous versions only one server (the first server holding the mailbox role) was responsible for generating the OAB. With 2013 however multiple servers generate the OAB, In fact every server that has a special arbitration mailbox called an organization mailbox will create a copy. This is better for fault tolerance and resilience, and you will find the OAB files located at %ExchangeInstallPath%ClientAccessOAB. Another change is the way the OAB is distributed, now it can only be distributed via the web (no public folder distribution any more).

With the new Exchange Admin Center (https://localhost/ecp) there are no options to mange the OAB, so you will need to do that via PowerShell.

Solution

Pre-Requisites

If your AD environment contains more than one forest, you need to change the parameters that the management shell is going to use first, (or you will get no results). To do that execute the following command;

[box] Set-ADServerSettings -ViewEntireForest $true [/box]

Locate the OAB Generation Server(s)

[box]

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*oab*”} | ft name,servername

OR If your serveris a member of a DAG group, first get the database name,

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*oab*”} | ft name,database

Then use that like so,

Get-MailboxDatabaseCopyStatus database-name

[/box]

Create a new OAB for Exchange 2013

[box] New-OfflineAddressBook -Name “PNL OAB” -AddressLists “Default Global Address List” -VirtualDirectories “EX1OAB (Default Web Site)”[/box]

Force Exchange 2013 to Update the OAB

Simply restarting the Microsoft Exchange Mailbox Assistant service should do this, however you can force the issue with the following command.

[box] Update-OfflineAddressBook “default offline address book” [/box]

Related Articles, References, Credits, or External Links

NA

 

Exchange 2019: Presenting Outlook Anywhere With WAP

KB ID 0001548

Problem

Note: Applies to Exchange 2019, 2016, and 2013.

This is pretty much PART TWO, of presenting ‘Exchange Web Services’ using Web Application Proxy. Back in PART ONE we looked at publishing OWA and ECP, and that required having an ADFS server. To present the other web services, e.g Outlook Anywhere, Exchange Active Sync, Offline address book etc. You don’t need ADFS, you simply use ‘pass through‘ authentication with your WAP Server, directly to Exchange.

Solution

Before you start, you need to make sure in addition to the DNS records we used for OWA and ECP, you also need to be able to publicly resolve your Autodiscover record. I prefer doing this with public SRV records, see the following article for clarification;

Creating an AutoDiscover SRV Record

You now need, to make sure that the URLs that Exchange uses for it’s web services are set correctly, to do that use the following PowerShell commands;

[box]

Get-OutlookAnywhere |select InternalHostname,ExternalHostname
Get-OABVirtualDirectory |select InternalUrl,ExternalUrl
Get-ActiveSyncVirtualDirectory |select InternalUrl,ExternalUrl
Get-WebServicesVirtualDirectory |select InternalUrl,ExternalUrl
Get-MapiVirtualDirectory |select InternalUrl,ExternalUrl
Get-ClientAccessService |select AutoDiscoverServiceInternalUri

[/box]

 


Make sure your internal URLS are resolvable inside and your external/public URL’s are resolvable outside, (To the public IP address of your WAP Server).

Exchange URLS To Publish with WAP

As with the URLs we published previously remember to publish them with a trailing ‘slash’. You need to publish and ‘Reverse Proxy‘ the following URLs;

Outlook Anywhere: https://mail.ubique.com/rpc/  
Offline Address Book: https://mail.ubique.com/oab/
Active-Sync: https://mail.ubique.com/Microsoft-Server-ActiveSync/
Exchange Web Services: https://mail.ubique.com/EWS/  
MAPI: https://mail.ubique.com/MAPI/
Autodiscover: https://mail.ubique.com/Autodiscover/

Note: Obviously your domain will have a different name!

Publish Outlook Anywhere with WAP

From the ‘Remote Access Management Console’ > Publish > Next.

Select ‘Pass-Through’ > Next.

Give the Published rule a sensible name like “Outlook Anywhere” > Enter the URL’s, and select your public certificate > Next.

Publish.

Close

Publish Active Sync with WAP

Active Sync is required for phones and mobile devices that cannot use Outlook Anywhere. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Offline Address Book with WAP

Offline Address Book is required by devices to download a cached copy of the global address list. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

Exchange Web Services allow clients to access calendars, contacts and scheduling information remotely. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange MAPI with WAP

Mail Application Programming Interface (over HTTPS) if the default connection protocol in modern Exchange deployments. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Publish Exchange Web Services with WAP

If you’ve used Exchange since version 2007, you will know how important Autodiscover is, (probably because of the headaches caused when it’s not setup correctly!) To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

Final Sanity Check

When complete, your WAP settings should look like this, (this is for all the pass-through, AND ADFS published settings).

Once setup correctly, Outlook should work fine externally, like so;

Related Articles, References, Credits, or External Links

NA

Event ID 9327

KB ID 0000480 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA
Event ID: 9327
Task Category: (13)
Level: Warning
Keywords: Classic
User: N/A
Description:
OALGen skipped some entries in the offline address list 'Global Address List'. To see which entries are affected, event logging for the OAL Generator must be set to at least medium. 

This is just an instruction to enable logging so that you can see the REAL error.

Solution

Option 1 Enable Logging via the Exchange Management Shell

1. Launch the Exchange Management Shell and check the current logging level it will probably be set to “Lowest” Issue the following command:

[box]Get-EventLogLevel[/box]

Then scroll down to “MSExchangeSAOAL Generator” and check its status.

2. To turn the logging Level Right up issue the following command:

[box]Set-EventLogLevel -Identity “MSExchangeSAOAL Generator” –Level Expert[/box]

Option 2 Enable Logging via the Exchange Management Console

1. Launch the Exchange Management Console > Server Configuration > Right click the offending server > Manage Diagnostic Logging Properties > Expand MSExchangeSA > Select OAL Generation > Tick Expert > Configure > Finish.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, you will see this error again but there should be a more descriptive error near it to let you know what is failing.

 

Related Articles, References, Credits, or External Links

NA

Event ID 9323

KB ID 0000481 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA Event ID: 9323 Task Category: (13) Level: Warning Keywords: Classic Description: Entry ‘{Username}’ has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for ‘Global Address List’.

Solution

1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.

If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.

2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.

3. I didn’t need to renew this certificate, so I simply removed it.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.

Related Articles, References, Credits, or External Links

NA

Event ID 9323

KB ID 0000481 

Problem

Seen when an Exchange server attempts to build the Offline Address book but encounters an error.

Source: MSExchangeSA
Event ID: 9323
Task Category: (13)
Level: Warning
Keywords: Classic
Description:
Entry '{Username}' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for 'Global Address List'. 

Solution

1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.

If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.

2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.

3. I didn’t need to renew this certificate, so I simply removed it.

Then rebuild the Offline address Book

1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.

2. Select “Yes” when prompted.

3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.

 

Related Articles, References, Credits, or External Links

NA

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated

KB ID 0000516 

Problem

Seen when manually trying to update the Global Address List, with the following powershell command:

[box]Update-GlobalAddressList -identity ‘Default Global Address List'[/box]

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/{A Public Folder Name}” is invalid and couldn’t be updated.

or

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 2” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 3a” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/Offline Address Book – /o={your domain name}V/cn=addrlists/cn=oabs/cn=123” is invalid and couldn’t be updated.

This is commonly seen when an Exchange environment has been migrated from Exchange 2003. And it happens because the Alias names for the particular public folders have spaces in them (or a character that Exchange does not like).

Solution

1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Toolbox > Public Folder Management Console.

2. If you error is about OAB / Address books skip to step 5, If it’s to do with a public folder that your organisation has created, expand default public folders and locate one of them that’s causing the error (In the example above I’ve highlighted one called “1045 – Greengairs” > Select its parent > Then select it (in the central pane) and open its properties.

3. As soon as you select the “Exchange General” tab, you will get an error popup which indicates the problem, there is a problem with the Alias name, in this example there’s spaces in it remove them.

Error: The properties on this object have invalid data. If you click OK, default values will be used instead and will be saved if you do not change them before hitting Apply or OK on the property page. If you click cancel, the object will be displayed read-only and corrupted values will be retained.

4. Once removed apply the changes.

5. If your error references OAB or address books, expand system Public Folders > OFFLINE ADDRESS BOOK > Check the properties of ALL its child objects > and on the Exchange General tab remove any spaces or unusual characters.

 

Related Articles, References, Credits, or External Links

NA

Event ID 9335 and 9331 Offline Address Book Update Errors

KB ID 0000849

Problem

Seen on an Exchange 2010 server, this server had previously been upgraded from Exchange 2007, and that was upgraded from Exchange 2003.

Event ID 9335

Log Name: Application
Source: MSExchangeSA
Event ID: 9335
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 while cleaning the offline address list public folders under
 /o=org/cn=addrlists/cn=oabs/cn=Default Offline Address Book. Please make sure the public folder
 database is mounted and replicas exist of the offline address list folders. No offline address 
lists have been generated. Please check the event log for more information.
- Default Offline Address Book 

Event ID 9331

Log Name: Application
Source: MSExchangeSA
Date: 29/08/2013 06:10:50
Event ID: 9331
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 (internal ID 50101f1) accessing the public folder database 
while generating the offline address list for address list '/'.
- Default Offline Address Book 

Solution

Note: If you don’t have any Outlook 2003 clients left in the organisation, this is a moot point. Simply disable distribution of the offline address book via public folder. (Newer Outlook clients use web based distribution.)

1. Before we do anything make sure that the offline address book has been specified, is shown on the correct server, and is set as default.

2. From the Exchange Management Console > Toolbox > Public Folder Management > system Public Folders > OFFLINE ADDRESS BOOK > Then in the center window, right click each one > Properties > Replication > The server that hosts the public folder should be in here > (In my case it was not.) > Add it in.

3. Now you can force the OAB to update with the following command;

[box]Get-OfflineAddressBook | Update-OfflineAddressBook[/box]

4. Now recheck the event logs, and you should no longer get Events 9335 and 9331.

Related Articles, References, Credits, or External Links

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated