Hello, We have two Exchange servers that we recently updated to Exchange SP3. Since applying these service packs the Outlook clients are receiving a certificate error message from my second exchange server when the client performs an address book download. Where I am confused is that the mailbox is on serverA and the Outlook client is trying to pull the address book from serverB. I've verified my OAB url settings and they are accessible by the client pc's so I don't know why the clients are going to serverB for the address book.

What version of Exchange and Outlook is this? Is this a web-based or pf-based OAB?

Hi Andy, Exchange server 2007 and this occurs in all versions of outlook (2003, 2007, 2010).

Since there are Outlook 2003 and Outlook 2007 clients, both Public Folder and Web Distribution method are used to download OAB. To troubleshoot the issue, please perform the following steps. 1. Please type the cmdlet Get-EventLogLevel -Identity “MSExchange\OAL Generator” –Level Expert to increase the Event logging level. 2. Reproduce the problem and monitor the Event log. 3. Please post the certificate error message and Event application error here for research. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Novak, The certificate error is that the certificate is expired. This I already know. In fact running the powershell command get-exchangeCertificate -Thumbprint 22738897EFD0E103117945C6BF4EDAB9E07A2AF3 |new-exchangeCertificate –services:IIS,SMTP does resolve my issue. My only question at this point is what dependency is there on the other server? Why if my CAS server where my mailbox resides and is also configured with an internal OAB url to point to itself, is my Outlook client going to one of my other CAS servers?

Hi Novak, The certificate error is that the certificate is expired. This I already know. In fact running the powershell command get-exchangeCertificate -Thumbprint 22738897EFD0E103117945C6BF4EDAB9E07A2AF3 |new-exchangeCertificate –services:IIS,SMTP does resolve my issue. My only question at this point is what dependency is there on the other server? Why if my CAS server where my mailbox resides and is also configured with an internal OAB url to point to itself, is my Outlook client going to one of my other CAS servers? Are the CAS in a load-balanced array with NLB URLs defined? Doesnt sound like it. Autodiscovery will hand out any valid URL to the client. Typically the 1st CAS server installed in the AD site.

Ah ha. That is what is happening, I'm getting a certificate from the first installed CAS server. How can I change the behavior of autodiscover?

Hi, You can refer to the following steps to remove the first CAS server to stop distribute OAB. 1. Select Mailbox under the Organization Configuration container 2. Click on the Offline Address Book tab 3. Right-click the default oflline address book and view its properties 4. Click on the Distribution tab 5. Remove the problematic server under “Distribute the Offline Address Book from these Virtual Directories”. For more information, please refer to the following article: http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/offline-address-book-part1.html Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.