Issue with Outlook Offline Address Book (OAB)

Question

Hi all

We have an issue with the Outlook Offline Address Book (OAB). Outlook cannot download the OAB (all users are affected). Additionally there are further problems with generating a new OAB. Below I provide you more details.

It is an on-premises Exchange Server 2019 (Build: 15.02.1118.012) DAG cluster with two servers (MAIL01 and MAIL02, Windows Server 2019). The clients are using Microsoft Outlook 2019 MSO (16.0.10339.20026) 32-bit on Windows 10.

When a user tries to download the OAB manully in outlook (https://learn.microsoft.com/en-us/exchange/address-books/offline-address-books/offline-address-books), we get the following error message (0x80190194):

We also removed that Outlook Profile and created a new one. Still the same error. We also used a different E-Mail box and client, but the same result, it is not working. We also found out, that all users in the company have the same problem.

We then executed the e-mail autoconfiguration. All entries look good.

From the tab "XML" we copied the "OABUrl", added /oab.xml to the URL and tried to open that path.
The paths looks like: https://<server>/OAB/a2b33e53-afcb-43f2-94c8-ffa9647af2ee/oab.xml
When we try to open that path, we are prompted for username and password. Afterwards we get a 404 not found error. Maybe this is related to the error message in the Outlook Client with Code 0x80190194. I read in the TechNet Forum, that the Error 0x80190194 is translated into a BG_E_HTTP_ERROR_404 (https://social.technet.microsoft.com/Forums/lync/en-US/dde49a5a-9778-4c39-94af-9462dddf1dd5/oab-sync-fails-with-0x80190194-error?forum=exchangesvrclientslegacy), which also means NOT FOUND.

Afterwards we checked the virtual directories of the OAB:
Get-OabVirtualDirectory -Server MAIL01

Virtual directories are defined. We cross checked that with IIS and folder on the C-Drive. All of that seems to be configured correctly. But we saw, that the oab.xml file in the location %ExchangeInstallPath%ClientAccess\OAB\<GUID> was last updated over 3 months ago.

Therefore we ran the following commands:
get-offlineaddressbook | update-offlineaddressbook
update-offlineaddressbook <OAB name>

The commands are executed without any errors, but the Date/Timestamp is not updated on the file location. Therefore I assume, that the OAB was not updated.

We then created a new OAB with powershell command (https://learn.microsoft.com/en-us/exchange/email-addresses-and-address-books/offline-address-books/oab-procedures?view=exchserver-2019). If we verify the creation of the OAB, we use this command:
Get-OfflineAddressBook | Format-List Name,AddressLists,GeneratingMailbox,IsDefault,VirtualDirectories,GlobalWebDistributionEnabled

We can see the new OAB. But in the Client Access path we cannot see a new GUID / new OAB: %ExchangeInstallPath%ClientAccess\OAB\

Afterwards we checked HTTP log of IIS. There we found the following entry:
"ignoring request to generator OAB files because we have made this request recently"

In the event viewer we saw an entry - OAB Generation fails with EventID 17004, which seems to be security related.
Therefore we checked the permissions on the OAB directory, which looks good:

We also executed the Health Check for Exchange Server and didn't find any problems (https://aka.ms/ExchangeHealthChecker).

Any ideas?

Many thanks!

Answer 1

Hi @Yannick Schlecht ,

Thanks for your feedback above which shared more information and glad to know that your issue is resolved now! Since our forum has the policy that The question author cannot accept their own answer. They can only accept answers by others, and according to the scenario introduced here: Answering your own questions on Microsoft Q&A

I would make a brief summary of this post so that other forum members could easily find useful information here:

[Issue with Outlook Offline Address Book (OAB) - Summary]

Issue Symptom:
Outlook cannot download the OAB (all users are affected), there are further problems with generating a new OAB, OAB Generation fails with EventID 17004

Cause:
This issue occurs because the Network access: Restrict clients allowed to make remote calls to SAM policy is enabled

Solution:
Added the group "Exchange Servers". Afterwards the error event ID 17004 disappeared, OAB could be updated and the clients could download the OAB again.

Reference Link:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/authz-fails-access-denied-error-application-access-check

You could "Accept Answer" for this summary to close this thread, and your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding!

---

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi @Jame Xu-MSFT
I couldn't update to the newest Oct22SU (Build: 15.02.1118.015), but I could solve the issue.

The error 17004 message was:

Generation of OAB "\DefaultOAB" failed.
Dn: <hidden>
ObjectGuid: 9237abc3-a2ca-4e8f-b51d-8c92b54afd4d
Stats:
S:Exp=Microsoft.Exchange.Security.Authorization.AuthzException: Fehler bei "AuthzInitializeContextFromSid" für User SID: S-1-5-21-364200044-153767818-1232828436-22737. ---> System.ComponentModel.Win32Exception: Zugriff verweigert

I found the following article:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/authz-fails-access-denied-error-application-access-check

Cause
This issue occurs because the Network access: Restrict clients allowed to make remote calls to SAM policy is enabled.

Solution
I added the group "Exchange Servers". Afterwards the error event ID 17004 disappeared, OAB could be updated and the clients could download the OAB again.

Thanks for your support.