OAB to fail on "outlook anywhere clients"

Consider the following
You setup a client as an outlook anywhere client. sending and receivng mail works, autodiscover worked fine, it found the user account and properly setup the user, but you can’t get the client to download the offline address book via web.
The server side had “publish oab via web” enabled, but it won’t work.

Go into your email policy, change the @company.dom to alias or whatever you use, such as cn@company.com. You don’t have to apply the policy, it just can’t contain blank space before the @ sign.

frigging bizarre


Exchange 2007 / 2010 and Blackberry server

add-exchangeadministrator service_account_name -role ViewOnlyAdmin
get-exchangeadministrator | Format-List

The Windows account should be displayed with a ViewOnlyAdmin role.

Send As, Receive As, and Administer Information Store permissions

get-mailboxserver server_name | add-adpermission -user service_account_name -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
get-mailboxserver server_name | get-ADpermission -user service_account_name | Format-List

and in most cases, you will fine the service account name is besadmin

Ping back to this great article for Exchange 2010 update. (12.22.2011 update)


Exchange 2007 OWA timeouts in the registry

The trusted-client timeout is stored as a DWORD, calibrated in minutes, at:

For public clients, it’s a different value in the same branch:
(also a DWORD calibrated in minutes)
The default timeout for trusted clients is 24 hours; the default timeout for public clients is 15 minutes. The PublicClientTimeout value can never be larger than the TrustedClientTimeout value.
If your company policy is exceptionally strict, you can set the public client timeout to a mere five minutes. If you’re confident that only properly authenticated users will be accessing your intranet desktops, you can set the value for trusted clients as high as 43200, or 30 days.

Be all the Uber Geek and do it from Exchange Powershell

set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA’ -name TrustedClientTimeout -value 1440 -type dword
set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA’ -name PublicClientTimeout -value 1440 -type dword

then perform an iisreset /noforce command on the cmd prompt