Certificate errors on Exchange 2007

Similar Messages

• Renew certificate on two Exchange 2007 CAS servers

  Hi, there:
  Our environment: Exchange 2007 SP3 with two HUB/CAS servers, let's assum server name for these two CAS servers are: CAS1 and CAS2.
  Please note these two CAS servers are NOT running with NLB.
  Now the certificate(not self-signed) on these two servers are about to expired and I am planing to install new certificate on them.
  The old certificate is issued by internal CA server.
  My plan is as below:
  On CAS1:
  I am going to use "New-ExchangeCertificate" with -privatekeyexportable to generate the certificate request file then submit the request file to CA, after I get the
  .pfx file run "Import-ExchangeCertificate" to import the new certificate, after the old certificate is expired, run "enable service"
  to let exchange use the new certificate.
  On CAS2:
  repeat the above procedure.
  I did a serach on technet and found this:
  http://social.technet.microsoft.com/Forums/exchange/en-US/20adfb3d-2fa6-4ff9-b785-cb47a772ed58/3rd-part-certificate-renewal-for-exchange-2007-cas?forum=exchangesvrgenerallegacy
  the procedure mentioned in this thread is different. it export the newly created certificate from CAS1 and import it into CAS2.
  however the CAS server mentioned in that thread run with NLB.
  The two CAS servers in our environment is NOT NLB.
  Any suggestions?

  Both plans will work. You can generate a cert for each individual CAS with the correct subject names on each cert relative to the CAS that you will enable it on or create one cert with the correct subject names that cover both CAS and export and import
  the cert from one CAS to the other. Up to you.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Error during Exchange 2007 mailbox provisioning with IDM 8.1.1.1

  Hi
  We want to create Exchange 2007 mailboxes from IDM.
  When we let Exchange set the SMTP address (EmailAddressPolicyEnabled=true), it works fine
  But when we set the SMTP address in IDM with the attribute PrimarySmtpAddress (and EmailAddressPolicyEnabled=false) there are an error and an information in the provisioning task
  Error : PowerShell:6c13f14c-3825-4064-a585-48b4756de3a3 is not a mailbox user
  Information : Added exchange mailbox to the user based on the RecipientType change from: 'User' to: 'UserMailbox'
  We see that the mailbox has the SMTP address set by Exchange.
  After 5mn, the task ends successfully and we see that the SMTP address is the one set by the IDM attribute PrimarySmtpAddress.
  We guess that this error is caused by the active directory replication delay between controllers.
  Does anybody know how to solve this problem ?
  Thank you

  Hi Patrick
  Thank you for your answer.
  The cmdlet enable-mailbox can be used with the PrimarySmtpAddress option and, in this case, the EmailAddressPolicyEnabled option is automatically set to false.
  Cf. the MS technet help : "The PrimarySmtpAddress parameter specifies the primary SMTP address for the mailbox. By default, the primary SMTP address is generated based on the default e-mail address policy. If you specify a primary SMTP address by using this parameter, the command sets the EmailAddressPolicyEnabled attribute of the mailbox to $false, and the e-mail addresses of this mailbox aren't automatically updated based on e-mail address policies."
  I have tested this option on our Exchange 2007 environment and it works fine.
  In IDM if PrimarySmtpAddress is used but not EmailAddressPolicyEnabled, there is an error : "PowerShell:The e-mail addresses for this recipient are automatically generated based on e-mail address policies. To modify the primary SMTP address for this recipient, you must disable automatic updating of e-mail addresses based on e-mail address policy”
  If PrimarySmtpAddress is used and EmailAddressPolicyEnabled is set to false, then the log shows that 2 powershell commands are run by the gateway, the second immediately after the first.
  Enable-Mailbox with the parameters -Identity and -Database, run with no error
  Set-Mailbox with the parameters -Identity, -EmailAddressPolicyEnabled (set to FALSE) and -PrimarySmtpAddress, run with the error “…is not a mailbox user.”
  After 5 mn (the retry delay) another powershell command is run :
  Set-Mailbox with the parameters -Identity, -EmailAddressPolicyEnabled (set to FALSE) and -PrimarySmtpAddress, run with no error.
  The solution would be that IDM, when PrimarySmtpAddress is set, runs only the command Enable-Mailbox with the parameters PrimarySmtpAddress, which set automatically EmailAddressPolicyEnabled to FALSE
  Gilles

• Errors Decommissioning Exchange 2007 Server

  We are attempting to decommission an Exchange 2007 Server (single server). We have already gotten 2010 set up, installed, mailboxes moved and public folders moved. We went through and removed the replicas on the old server as well as removing the mailbox
  database and public folder database.
  From this point we are attempting to Uninstall Exchange 2007 using either the Wizard or through cmd using setup.com /mode:uninstall after navigating to the Bin folder in the Exchange server. Each time however, we get the same error regardless of how we are
  doing it.
  We uncheck all roles, hit Next, and it fails during the Readiness Check within 10 seconds on each role (Mailbox, Client Access, Hub Transport) each time saying: 'An error occurred while running the test. The Computer may be out of Memory, or the XML files
  have been modified. Parameter name: ConfigurationFileLocation'
  I've gone through using ADSI Edit and removed the server from the Configuration>Services>SiteDomain>Administrative Groups>Exchange Administrative Groups>Servers
  and it was none existent in the Databases section.
  Even after all of these steps I'm still getting the error about the memory or XML file issue. Is there a way to replace the XML files with 'clean' ones or a way to repair the existing ones? I'm just simply wanting to uninstall it at this point.
  Thanks!

  Hi,
  From your description, I would like to clarify the following things:
  1. It is not recommended to uninstall Exchange server in ADSIEdit.
  2. The above error indicates that one of the xml files is corrupted, you need to re-download it for troubleshooting.
  Hope my clarification can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Exchange 2007 EXCDO 8206 error in Exchange 2007 SP2 with Rollup 4

  Dear sir,
      We have a problem on Exchange 2007 Server. When user use OWA to access web mail calendar, server event log will show EXCDO error 8206:
  Calendaring agent failed with error code 0x8000ffff while saving appointment
  Type: Error
  Event ID: 8207
  Category: General.
       Moreover server becomes working in very slow web mail response during any user click web mail calendar.   Server performance return back after error message appeared  in event log.
  It doesn't has problem if using Outlook to access mailbox calendar.
  Any suggestion to fix it ?
  Joe

  Hi Joe,
  We are also finding the same issue with getting that EXCDO error. The problem stemmed when users noticed some previously accepted appointments disappeared (As I suspect you discovered with your users). 
  The workaround has been to get the user to accept the appointment again by going into deleted items, this seems to add the appointment as it should have the first time.
  We have done the following but it didn't fix the problem:
  Disabled extra SEP features on the clients - No Change
  Disabled non-essential Outlook add-ons - No Change 
  Removed BES Express and CDO MAPI From Exchange server - No Change
  Disabled MS Defender on Exchange - No Change
  Fixed any Public folder errors - No Change
  Disable Window services WSS and UNC sharing feature in Active Sync - No Change
  Also ensured Autoupdate and auto process was enabled for affected users - No Change
  I'm going to try the reg change mentioned in this thread but other than the built in MS Defender we don't have anti-virus on our mail server. 
  At first we thought it was Active Sync as it only seem to impact those with a A/S device, but now it's intermittent for other users using Outlook.  We are currently using Exchange 2007 SP3 with RU13. We are looking at trying an update
  to RU14 but I am doubtful it will fix the problem. Did you have any luck finding a solution?
  Thank you in Advance.

• ActiveSync 500 error and Exchange 2007/2013 coexistence

  Hello,
  We have Exchange 2007, and we've deployed Exchange 2013 and coexistence appears to be working.  We have done a small pilot migration of 11 users, and I have 2 of those users that are not able to get iPhone/ActiveSync working.  OWA and Outlook access
  work without a problem.  https://testconnectivity.microsoft.com/ is telling me "The test of the FolderSync command failed." and "Exchange
  ActiveSync returned an HTTP 500 response (Internal Server Error)"
  The error I'm receiving on the mailbox server event log is:
  An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
  Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
  URL=
  --- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=LASTNAME\, FIRSTNAME.,OU=XXX,OU=People,DC=DOMAIN,DC=local. 
  Most articles I've found with this issue say to confirm that "Inherit parent permissions" is check on the AD object, but that is already checked?
  The funny thing is that most of our pilot users don't have this issue.  It is only for some of them.
  Any help is appreciated.

  An update here, I was able to get the 2 pilot user's iPhone/ActiveSync access working by adding the following permissions by hand:
  Add Exchange Servers, in Apply onto select
  msExchActiveSyncDevices objects (note it's plural) and selecting
  Full Control.  
  Once I did this, my problems went away.
  So the big question is why aren't these permissions in place already?  Isn't this something that the adprep/domain prep should have taken care of?
  Thanks!

• Address list service failed to respond error on Exchange 2007 (after adding first 2013 server)

  Hi,
  We just installed an Exchange 2013 server within an Exchange 2007 environment.
  The Exchange 2013 (CU6) server will be used to setup a hybrid connection with O365, and move mailboxes to O365.
  After installing the Exchange 2013 server it isn't possible anymore to create/enable mailboxes on the Exchange 2007 server.
  We end up with an error :
  Mig1 TestAccount
  Failed
  Error:
  The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error.
  Exchange Management Shell command attempted:
  Enable-Mailbox -Identity 'domain.be/customer/TEMP/Mig1 TestAccount' -Alias 'mig1' -Database 'Exchange2007\SG01\DB02'
  When executed via EMS we receive this error :
  The Exchange server address list service failed to respond. This could be because of an address list or email address policy configuration error

  Hi Lyncer
  This error can be caused if the default Public Folder Database not being pointed to the exchange 2007 database which you are trying to create a new mailbox.
  Also it can happen if System Attendant service is not running.
  Troubleshooting steps:
  1) Restart the System Attendant Service 
  2) Point the affected database to the default public folder
  Follow the below steps to do that 
  Open EMC
  Go to Organization Configuration > Mailbox.
  Select the mailbox database that you want to change the default public folder database.
  Right click the database and select properties
  In <Mailbox Database Name> Properties, click the Client Settings tab.
  Next to the Default public folder database box, click Browse.
  In Select Public Folder Database, select the public folder database from the list of public folder databases, and then click OK.
  Cheers!!!
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Certificate errors with Exchange 2013 and Outlook 2013

  Hello, I wonder if someone could help.
  I've recently set up a network with one Windows 2012 domain controller and one windows 2012 server running Exchange 2013.
  Clients run Outlook 2013 and are all one the same Lan. Outlook's setup wizard finds the exchange server automatically and sets up the profile. However if I choose the manual setup and enter the server
  name and user name it does not find the server.
  When I check the server name in Outlook it shows as 
  [email protected] rather than the real name of the server: AYCEX01.AYC.local.
  When Outlook is opened there is a certificate error saying "The name on the security certificate is invalid or does not match the name of the site." and another error saying "There is
  a problem with the server's security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.ardfernyacht.co.uk. Outlook is unable to connect to the proxy server. (Error code 10)
  The external address by which users connect to OWA and active sych is mail.ardfernyacht.co.uk. The
  certificate which is used is one automatically generated by Exchange.
  Any suggestions you may have would be appreciated.
  Many thanks,
  Ruaridh
  Ruaridh Mackintosh

  Self sign cert wont work With autodiscover.For that you need 3rd part or from Your own CA.
  Please follow this guide to install CA in Your domain:
  http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
  Please follow this guide to request New cert in Exchange 2013:
  http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/
  Your cert must contain external hostname of Your mail.domain.com
  Also configure Your Virtual directories to contain internal and external hostname:
  http://blogs.msdn.com/b/mvpawardprogram/archive/2013/03/18/virtual-directories-exchange-2013.aspx
  Regarding servername when using autodiscover,it should automatically resolve mailbox guid instead of servername.
  Please check if Your DNS is setup With autodiscover.domain.local (which is pointed to Your Exchange server)
  Hope this helps!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• Exchange 2007 Certificate Expired Error when using VPN

  We recently did a server migration to a new domain (split away from part of the company - sept 2013).  I set up the exchange certs and everything worked fine, even when people used the vpn.  Recently (it probably started a few months ago) it has
  started giving cert errors again, but just for VPN users.
  This happens when someone takes their computer or has Outlook 2010 set up on their home computer.  They VPN in and when the program starts, it gives the certificate errors for exchange and for autodiscover saying "The security certificate has expired
  or is not yet valid".  I have checked to make sure that the certs are in fact up to date and are pointing to the correct certificates in IIS.  They haven't changed since I originally set them up.  
  One of the users sent me a picture of the certificate and it is the old cert (that is expired) that used to belong to the previous address when we used the other (completely different) exchange server.  The other users haven't sent me the errors they
  see, but I assume they are similar.  They are able to use exchange if they hit ok on the error box.  I couldn't find anywhere online saying that there was any kind of local caching for certs - it should always call home when connecting.  So
  why are their systems pulling up the old cert when they VPN in, but not when they are hardwired to the internal network on the same computer?
  When using the internal network without the vpn, there aren't any error messages.
  Any ideas?  I've looked around the forums, but I didn't see anything that has helped.  I'm using godaddy for my certs currently.

  Hi,
  Since the Outlook clients work well without VPN, I suggest re-build the VPN (if you don't mind) to verify whether it is a caches issue.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Mail (Lion) & Exchange 2007, periodically stops receiving messages, does no hang

  As the title says, we are having this issue.  I saw another post last year about Exchange 2010 hanging, and an old certificate caused the issue.  Our network admin is looking into that. 
  We are not experiencing any hangs.  Mail "works" fine.  We have multiple accounts setup (all Exchange) and 2 of the 3 are sending and receiving fine.  The last mailbox, the actual use account, will stop receiving.  There are no errors or indicators.  Typically someone will call and ask why she isn't responding.  She closes Mail and reopens and the emails come in.  Sometimes it's once a day, sometimes more.  I've removed the Exchange account and added it back in and it helped, but didn't resolve the issue.
  Any thoughts?

  After having the same error ("opening mailbox - Requesting latest information" - hang) and fighting for months on my Mac (Lion) to solve it, including writing angry bug reports to Apple - I think I finally found the source of the problem:
  There was an old (invalid) certificate installed in Exchange (2007, in my case), enabled for SMTP.
  Nobody seems to care about this - including Snow Leopard Mail, Outlook and all iOS devices - but Lion Mail cared, and just stuck. Typically after some time - maybe sleep/wake or just a couple of hours - Mail was stuck and did not receive any new mails anymore, until I Force Quit it.
  I got the hint from another forum (somebody suggested changing the properties in the locally installed certificates in Lion - but this was not the solution) and after seeing the question popping up once in Mail Preferences (do you want to trust this (old) certificate).
  After removing the old certificate from Exchange (good luck with this admin user interface - no wonder we did not notice it) - everything works ok for me, already a day without any hangs.
  Hope it helps! (Let us know the outcome...)

• Exchange 2007 and 2013 Co-existnec - ActiveSync Issue

  Hi
  We have introduced Exchange 2013 servers in our existing Exchange 2007 environment. We have a customized Exchange 2007 ActiveSync setup i:e we created a custom separate website in IIS for ActiveSync to serve the ActiveSync devices. After the introduction
  of Exchange 2013 CAS servers, when we installed the new certificate on them and configured the virtual directory with ActiveSync URLs, the Exchange 2013 servers seems to be receiving Activesync requests but they can't just proxy it to Exchange 2007 for some
  reason. following Warning is logged on Exchange 2013 servers:
  [Eas] Marking ClientAccess 2010 server MIA-EXCAS01.utg.uvn.net (https://mia-excas01.utg.uvn.net/Microsoft-Server-ActiveSync) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
  at System.Net.HttpWebRequest.GetResponse()
  at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
  We still need to install new Certificate on the Exchange 2007 servers. Wondering what could be the issue here, can Exchange 2013 proxy the connection to Exchange 2007 on a custom website ? or it looks for one under Default Website?
  Can the absence of new certificate (meaning certificate mismatch) lead to this issue?
  Thanks
  Taranjeet Singh 
  zamn

  Actually 2013 can proxy ActiveSync to 2007
  Please follow this.
  1. Set AutodiscoverInternalURL using this command for every CAS server
  Set-ClientAccessserver -identity -CAS1 -AutodiscoverInternalURI
  https://mail.yourcompany.com/autodiscover/autodiscover.xml (for FQDN , using your CAS NLB name if exist)
  2. Set OWA virtualdirectoy (2013) via EAC
  Internal URL : https://mail.yourcompany.com/owa External URL : https://mail.yourcompany.com/owa
  3. Set ECP virtualdirectory (2013) via EAC
  Internal URL : https://mail.yourcompany.com/ecp External URL : https://mail.yourcompany.com/ecp
  4. Set OAB virtualdirectory (2013) via EAC
  Internal URL : https://mail.yourcompany.com/OAB External URL :
  https://mail.yourcompany.com/OAB
  5. Set EWS virtualdirectory (2013) via EAC
  Internal URL : https://mail.yourcompany.com/EWS/Exchange.asmx External URL :
  https://mail.yourcompany.com/EWS/Exchange.asmx
  6. Set ActiveSync virtualdirectory (2013) viaEAC
  Internal URL : https://mail.yourcompany.com/Microsoft-Active-Sync
  External URL : https://mail.yourcompany.com/Microsoft-Active-Sync
  For 2007
  1. Set AutodiscoverInternalURL using this command for every CAS server
  Set-ClientAccessserver -identity -CAS1 -AutodiscoverInternalURI
  https://mail.yourcompany.com/autodiscover/autodiscover.xml (for FQDN , using your CAS NLB name)
  2. Create DNS record
  legacy.yourcompany.com = your CAS2007 NLB (if exist)
  3. Set OWA virtualdirectory (2007) via EMC
  External URL = https://legacy.yourcompany.com/owa
  4. Set ActiveSync (2007) via EMC
  Internal URL = https://serverFQDN/Microsoft-Active-Sync   <<<< Using for proxy
  External URL =
  https://legacy.yourcompany.com/Microsoft-Active-Sync <<<< Using for redirect
  5. OAB via EMC
  External URL = https://legacy.yourcompany.com/OAB
  6. EWS via Exchange shell
  External URL = https://legacy.yourcompany.com/EWS/Exchange.asmx
  FYI

• Migrating from Exchange 2007 to exchange 2013 ( special case )

  Hello , 
  what is the BEST scenario ( fastest , most efficient , most secure in terms of data loss )  , to migrate from exchange 2007 ( one server , all exchange roles installed on this server , 1200 mailbox ) , to exchange 2013 ? 
  knowing my environment needs to be connected to their mailboxes , 24/7 ! 
  it's very frustrating . 
  and i have no clue even if this is the right place to post about this , if not please refer me as to where to post . 
  Also , All my domain controllers are 2008 .

  It's fine to post your question here, and you are fine with Server 2008 Domain Controllers - that is a supported scenario.
  If you haven't performed such an upgrade and you need to have 24/7 mailbox availability, I would seriously recommend you to duplicate the production environment on a test network and run through the upgrade at least once.
  Most people neglect the Outlook clients requirements - they need to be updated and include several specific updates, which allow the automatic reconfiguration of internal clients. If you are preparing for this upgrade, you should be aware that all internal
  Outlook clients switch to Outlook Anywhere. Clients that miss these updates will get connectivity problems.
  Another common problem is the configuration of the Exchange URL - I mean the Exchange 2013 URL and the modified Exchange 2007 URL that will allow the co-existence. In your case, you definitely need to plan for co-existence - that includes requesting and
  installing a new Exchange UCC (Multiple Domain Certificate) on both Exchange servers, configuring Split DNS (or preferably PinPoint DNS zones), and correct timing when replacing the existing Certificate on the Exchange 2007 server. Failure to configure the
  correct URL (and it's quite easy to miss one, so triple check them) will get you in trouble.
  Once you get through the switchover (switching the mail flow and Client Access through the Exchange 2013 server), move just a couple of test mailboxes and check the result.
  Finally, if you are moving the Public Folders, make sure that the lock is really applied before you complete the process. Most people proceed right away and that get's the process stuck. If you can afford it (the mailboxes are already on the Exchange 2013
  server at that point), just restart the Exchange 2007 server (after locking the Public Folders) and then complete the Public Folder migration.
  Good Luck with the project!
  Step by Step Screencasts and Video Tutorials

• Certificate error on Outlook 2013 clients, Outlook 2007 clients do not get certificate error, Exchange 2010, dot local domain name

  Hi
  I'm looking for a solution that I can't seem to find.  I have an Exchange 2010 server running in a dot local domain (domainname.local), so my SSL certificate is installed using the servers external email DNS name.  email.mycompany.com
  I have followed the instructions to resolve this on the Exchange server, implemented the changes so autodiscovery sees the server as email.mycompany.com.  This works great for my Outlook 2007 users.  The downside is that none of my Outlook 2013
  clients can access their email without the certificate error server name mismatch.  
  I know Outlook 2013 has tighter security but I need to get rid of these cert errors, any thoughts out there?

  Hi,
  Since both your Outlook 2007 users and Outlook 2013 users are using Exchange 2010 with the same server configuration, it should be working in both Outlook client version.
  Please restart your IIS service by running IISReset /noforce from a Command Prompt window in Exchange to have a try. In Outlook, please re-create a Outlook profile to check whether the issue persists.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2007 Out of Office Certificate Error

  Hello,
  I have an Exchange 2007 Server and for some odd reason this week, we have been having issues enabling Out of Office in Outlook. It is some sort of issue with the Autodiscover service, but despite reading forum post after forum post, nothing has worked for
  me. At first when we would go into Outlook and click on Out of Office, it would freeze and then say the server is unavailable. I realized that it was trying to resolve a URL so I added a manual A record in the DNS server pointing to the local IP of the server
  and it fixed the issue, kind of. Now when we click on Out of Office Assistant, we get a security certificate error and it is driving my users crazy. I have updated the SRV record and many things, still unable to get it to work. 
  Any help would be super!! 
  Thanks!

  Hi,
  1.First of all please check the name what you are using for autodiscover service is available on SAN certificate.
  2.Please check the name resolution is happening for autodiscover namespace.
  I.e if you try to resolve autodisccover.mydomain.com (or) mail.mydomain.com in your problematic PC it should have to resolved in to cas server ip address or in some scenarios it will get resolved in to LB
  3.Then please check whether you have properly set the autodiscover internal URL in all the cas servers.
  It might be like below
   https:\\autodiscover.mydomain.com\autodiscover\autodiscover.xml
  (or)  
  https:\\mail.mydomain.com\autodiscover\autodiscover.xml
  4.Then please check for the web services url in all the cas servers and that is the major thing which will make the availability services (i.e OOF,free busy lookup) to work perfectly .
  5.In the problematic please uncheck the internet proxy exceptions.
  6.You cane use test email configuration to check whether the outlook client is fetching up the proper url for autodisocver and ews .
  7.test-outlookwebservices (we can use this command to check the fuctionality of autodiscover for an problematic user account)
  8.Please check the root certificates in the problematic client to check whether it is a expired or not .Root certificates is nothing but the one which will come by default with OS .
  9.If all the above is set as perfect but still you are facing the issue.Please follow the below one and this may be not required.
  Please export the san certificate from exchnage to pfx file which should have to include the certificate key by using MMC.Then import the pfx file in to problematic client .Let us see what happens .
  Same on my side i am having few questions about your environment .
  1.Are you facing any certificate errors in OWA .Because why i am asking please check the installed SAN certificate in exchange is valid and or it is not expired ?
  2.what is the problematic client operating system veriosn?
  Please reply me if you have any issues .
  Regards
  S.Nithyanandham

• After Exchange 2007 Migration to Exchange 2010, OAB is erroring

  Hello all, 
  I migrated from single server Exchange 2007 to single Exchange 2010 2 months ago using a co-existence environment.  The 2007 server is still running, but it's not doing anything but SMTP relay, as I am waiting on Oracle admin to point their server at
  my new 2010  server.  Yesterday, I noticed a new mail enabled user we created was not showing up in the Address Book.  He is in the Global Address list when I check it from OWA.  And I can see him in my Address book if I search All Users,
  instead of the Global Address List.  Everytime I try to update the Offline Address Book, I get the following error
  OABGen encountered error 80004005 while cleaning the offline address list public folders under /o=2007Server/cn=addrlists/cn=oabs/cn=Default Offline Address Book.  Please make sure the public folder database is mounted and replicas exist of the offline
  address list folders.  No offline address lists have been generated.  Please check the event log for more information. 
  - \Default Offline Address Book 
  There was a Public Folder on the 2007 server, but I don't think anyone was using it.  All of our clients our 2007 or later.  Enable Web-based distribution is enabled and Generation server is my new 2010 server.  Enable public folder distribution
  not enabled.
  Any help would be greatly appreciated.  

  No, the Enable public folder check box is not ticked.  However, the link you provided has led me to other clues.  The author says "To locate the actual
  OAB distribution point on the Client Access Server, the Outlook client will use the autodiscover service."  I wonder if still having the CAS role on the old 2007 Exchange Server still installed is causing issues with Autodiscover.  Below
  are the results of the Test E-mail AutoConfiguration from Outlook.
  The Results tab of the Test E-mail AutoConfiguration:
  Autoconfiguration found the following settings:
  Display Name:  User1
  Redirect URL:  https://Exchange2010.Contoso.com/Autodiscover/Autodiscover.xml
  Internal OWA URL: https://Exchange2010.Contoso.com/owa
  External OWA URL: https://Exchange2007.Contoso.com/owa
  Protocol: Exchange RPC
  Server: Exchange2010.Contoso.com
  Login Name:  user1
  Availability Service URL: https://Exchange2010.Contoso.com/EWS/Exchange.asmx
  OOF URL: https://Exchange2010.Contoso.com/EWS/Exchange.asmx
  OAB URL: https://Exchange2010.Contoso.com/OAB/43e497ff-6fc4-47f8-8e7b-fe252e84ddf6/
  Unified Messaging Service URL: https://Exchange2010.Contoso.com/EWS/UM2007Legacy.asmx
  Auth Package: Unspecified
  Exchange Control Panel URL: https://Exchange2010.Contoso.com/ecp/
  ECP Sub URL: ?p=customize/voicemail.aspx&exsvurl=1
  ECP Sub URL: ?p=personalsettings/EmailSubscriptions.slab&exsvurl=1
  ECP Sub URL: PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=Is<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>
  ECP Sub URL: ?p=organize/retentionpolicytags.slab&exsvurl=1
  Protocol: Exchange HTTP
  Server: Exchange2010.Contoso.com
  Login Name: user1
  SSL: Yes
  Mutual Authentication: Yes
  Availability Service URL: https://Exchange2007.Contoso.com/ews/exchange.asmx
  OOF URL: https://Exchange2007.Contoso.com/ews/exchange.asmx
  OAB URL: https://Exchange2010.Contoso.com/OAB/43e497ff-6fc4-47f8-8e7b-fe252e84ddf6
  Unified Message Service URL: https://Exchange2007.Contoso.com/ews/UM2007Legacy.asmx
  Auth Package: Basic
  Certificate Principal Name: msstd:Exchange2010.Contoso.com
  Exchange Control Panel URL: https://Exchange2007.Contoso.com
  ECP Sub URL: ?p=customize/voicemail.aspx&exsvurl=1
  ECP Sub URL: ?p=personalsettings/EmailSubscriptions.slab&exsvurl=1
  ECP Sub URL: Personalsettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>
  ECP Sub URL: ?p=organize/retentionpolicytags.slab&exsvurl=1
  The Log tab of the Test E-mail AutoConfiguration:
  [email protected]
  Attempting URL https://Exchange2007.Contoso.com/Autodiscover/Autodiscover.xml found through SCP
  Autodiscover to https://Exchange2007.Contoso.com/Autodiscover/Autodiscover.sml starting
  GetLastError=0; httpStatus=401.
  GetLastError=0; httpStatus=302.
  Autodiscover to https://Exchange2007.Contoso.com/Autodiscover/Autodiscover.xml Failed (0x800C8204)
  Autodiscover URL redirection to https://Exchange2010.Contoso.com/Autodiscover/Autodiscover.xml
  Autodiscover to https://Exchange2010.Contoso.com/Autodiscover/Autodiscover.xml starting
  GetLastError=0; httpsStatus=200
  Autodiscover to https://carus.Contoso.com/Autodiscover/Autodiscover.xml Succeeded (0x00000000)
  The XML tab of the Test E-mail AutoConfiguration:
  <?xml version="1.0" encoding="utf-8"?>
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
      <User>
        <DisplayName>Chad Wingo</DisplayName>
        <LegacyDN>/o=Exchange2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=cwingo</LegacyDN>
        <AutoDiscoverSMTPAddress>[email protected]</AutoDiscoverSMTPAddress>
        <DeploymentId>c389bc85-adbe-4481-aa25-1fbc209a6fde</DeploymentId>
      </User>
      <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <Protocol>
          <Type>EXCH</Type>
          <Server>Exchange2010.contoso.com</Server>
          <ServerDN>/o=Exchange2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Exchange2010</ServerDN>
          <ServerVersion>738280F7</ServerVersion>
          <MdbDN>/o=Exchange2007/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Exchange2010/cn=Microsoft Private MDB</MdbDN>
          <PublicFolderServer>Exchange2010.contoso.com</PublicFolderServer>
          <AD>DATA.domainskc.com</AD>
          <ASUrl>https://Exchange2010.contoso.com/EWS/Exchange.asmx</ASUrl>
          <EwsUrl>https://Exchange2010.contoso.com/EWS/Exchange.asmx</EwsUrl>
          <EcpUrl>https://Exchange2010.contoso.com/ecp/</EcpUrl>
          <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
          <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
          <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
          <OOFUrl>https://Exchange2010.contoso.com/EWS/Exchange.asmx</OOFUrl>
          <UMUrl>https://Exchange2010.contoso.com/EWS/UM2007Legacy.asmx</UMUrl>
          <OABUrl>http://Exchange2010.contoso.com/OAB/43e497ff-6fc4-47f8-8e7b-fe252e84ddf6/</OABUrl>
        </Protocol>
        <Protocol>
          <Type>EXPR</Type>
          <Server>Exchange2010.contoso.com</Server>
          <SSL>On</SSL>
          <AuthPackage>Basic</AuthPackage>
          <ASUrl>https://Exchange2007.contoso.com/ews/exchange.asmx</ASUrl>
          <EwsUrl>https://Exchange2007.contoso.com/ews/exchange.asmx</EwsUrl>
          <EcpUrl>https://Exchange2007.contoso.com/ecp/</EcpUrl>
          <EcpUrl-um>?p=customize/voicemail.aspx&amp;exsvurl=1</EcpUrl-um>
          <EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;</EcpUrl-mt>
          <EcpUrl-ret>?p=organize/retentionpolicytags.slab&amp;exsvurl=1</EcpUrl-ret>
          <OOFUrl>https://Exchange2007.contoso.com/ews/exchange.asmx</OOFUrl>
          <UMUrl>https://Exchange2007.contoso.com/ews/UM2007Legacy.asmx</UMUrl>
          <OABUrl>https://Exchange2010.contoso.com/OAB/43e497ff-6fc4-47f8-8e7b-fe252e84ddf6/</OABUrl>
        </Protocol>
        <Protocol>
          <Type>WEB</Type>
          <Internal>
            <OWAUrl AuthenticationMethod="Basic, Fba">https://Exchange2010.contoso.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXCH</Type>
              <ASUrl>https://Exchange2010.contoso.com/EWS/Exchange.asmx</ASUrl>
            </Protocol>
          </Internal>
          <External>
            <OWAUrl AuthenticationMethod="Fba">https://Exchange2007.contoso.com/owa/</OWAUrl>
            <Protocol>
              <Type>EXPR</Type>
              <ASUrl>https://Exchange2007.contoso.com/ews/exchange.asmx</ASUrl>
            </Protocol>
          </External>
        </Protocol>
      </Account>
    </Response>
  </Autodiscover>
  Unified Messaging role has not been installed on 2010 Exchange Server yet and UM has been uninstalled on 2007 Exchange Server.  The URLs are just left in IIS I'm guessing.
  I have also noticed that this directory has not updated since the 11/12/2013 C:\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB.  While this directory continues to update C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB