It has been a while since I posted but thought this would be useful to folks out there if you see this issue.
A colleague of mine ran into an interesting issue when using Exchange 2007 on Windows 2008 the other day. We are migrating our client from Exchange 2003 to Exchange 2007. He ran into some issues with the Offline Address Book (OAB) with Exchange 2007 and Outlook 2007. I thought it would be nice to share the findings and the results.
He just got off a phone call with Microsoft about OAB issues in Outlook 2007 and Exchange 2007. We learned a couple of very useful pieces of information that I thought were worth sharing.
If you have OAB issues where the users get prompted in Outlook 2007 repeatedly for credentials and if you try to browse to the xml file in the OAB virtual directory and you get repeatedly prompted for credentials you can always remove and recreate the virtual directory. Here is the TechNet Article on doing so: http://technet.microsoft.com/en-us/library/bb123595.aspx
There is a new level of security in IIS7 called Kernel Mode Security. It is available on Virtual Directories/Websites that are using Windows Authentication. Exchange 2007 doesn’t know how to deal with Kernel Mode as it was developed before Windows Server 2008 was in the picture. The best practice according to the Support person was that you disable it on any Exchange 2007 CAS servers that are running on Windows Server 2008. Below is the command to disable Kernel Mode Security globally for IIS7. Make sure that when you use it, you put it in notepad first and make sure that it is all on one line.
%systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false
The second interesting thing is that IPv6 needs to be turned off in more than one place to actually be “Off”. There are 3 places to turn it off, and 2 of the 3 have to be disabled for it to truly be disabled. They are:
1. Network Card Settings
2. Registry
3. HOSTS file
So we have all probably done this in the network card configuration before which is easy. The HOSTS file is also easy and should be done there and then it is truly off. To do this, just make sure that you comment out or delete the entry for “::1 localhost” in the HOSTS file. Once this is done you are set.
The last thing and possibly most important is that when you are specifically having issues with OWA, Outlook Anywhere, or CAS servers in general, and you open up a support case with Microsoft, MAKE SURE THAT YOU ASK TO BE PUT INTO THE “Exchange Client Server Infrastructure” team queue. These are the folks that specialize in CAS servers so ask for them specifically.
I will plan on posting items out there more frequently as I see them come across.