The Exchange 2003 or 2007 OAB Generation process fails to generate an OAB and logs error 9301

Every Offline Address Book will have a GAL (Global Address Lists) associated with it. This is the GAL that we are using to read our objects from so we can construct the OAB files that will be downloaded by the Outlook clients. If you delete a GAL that is associated with an OAB the generation process will fail and log a 9301 error.

How to reproduce this behavior in your lab
1. Create an address list called TestGAL
2. Create an Offline Address Book called TestOAB
3. Generate the Offline Address Book and look for the 9107 event – (Shows that we finished successfully).
4. Delete the TestGAL
5. Generate the TestGAL
6. Rebuild the Offline Address Book and you will see the following event in the application log.

Event ID : 9301
Event Type : Error
Event Source : MSExchangeSA
Event Category : General
Description : Failed to generate offline Address Book
/dc=local/dc=company/cn=Configuration/cn=Services/cn=Microsoft Exchange/cn=First Organization/cn=Address Lists Container/cn=Offline Address Lists/cn=Default Offline Address List, error ‘80072030’

Now the important thing is to look at the ‘80072030’ error. Using err.exe (The Microsoft Exchange Server Error Code Look-up) against this error I can see that this particular object is not found in the active directory and this is represented by the ERROR_DS_NO_SUCH_OBJECT.

C:\WINXP\system32>err 80072030
# as an HRESULT: Severity: FAILURE (1), FACILITY_WIN32 (0x7), Code 0x2030
# for hex 0x2030 / decimal 8240
# There is no such object on the server.
# 1 matches found for “‘80072030’

How to Fix if the GAL is missing from the OAB
1. Look at the properties for the Offline Address Book specified in the 9301 event. You will notice that if the GAL that was associated has been deleted this will be blank.
2. Add a GAL to this Offline Address Book or make sure you check “Include the default Global Address List”
3. Regenerate your Offline Address Book.

NOTE: Now there is one other problem that will cause you to get the 9301. This has to deal with permissions. If you happen to remove the Authenticate Users [Read & Open Address List] rights you will also cause this problem. For more information on how to fix this if it is a permissions issue.

How to fix if the permissions are missing
All Global Address List permissions should be as followed:

  • Authenticate Users Allow Aces – “Read”, “Open Address List”, “List Contents”
  • Exchange Servers Allow Aces – “Read”, “Open Address List”
  • SYSTEM Allow Aces – “Read”, ‘Write”, “Create All Child Objects”, “Delete All Child Objects”, “Open Address List”

1. You can use ADSIEdit.msc and navigate to the All Address Lists container and add these permissions.

Or you can add these permissions using the Exchange Scripting Console for Exchange 2007:

1. First you need to set the container by typing the following: $container = “CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=com”

2. You need to add the access rights for the Authenticated Users by running the following command: Add-ADPermission $container -User “Authenticated Users” -AccessRights GenericRead, ListChildren -ExtendedRights Open-Address-Book

Once you run this command you will see the following output listed below:

Identity                   User                            Deny  Rights
\Default Global A… Domain\Authenticated  Users False Open-Address-Book
\Default Global A… Domain\Authenticated  False ReadProperty
\Default Global A… Domain\Authenticated  False ListObject, GenericExecute
\Default Global A… Domain\Authenticated  False ListChildren


Comments (2)

  1. Lijin Nair says:

    This is really good, Thank you for posting!

  2. Publishing Exchange Client Access with ISA 2006 – The Complete Solution (Part 3) Exchange Cluster Checks