Full OAB downloads caused by mis-configured anti virus software settings

  • Article

Over the last few months I have seen a rash of calls come in where clients were being forced to download a full.  Full OAB downloads can cause very high network usage and cause more havoc than anything.

Typically in these situations it is pretty easy to tell what is going on from the event errors that are logged. The two following events are as follows:

Event ID     : 9116
Raw Event ID : 9116
Record Nr.   : 860555
Category     : OAL Generator
Source       : MSExchangeSA
Type         : Warning
Generated    : 4/7/2009 5:19:17 PM
Written      : 4/7/2009 5:19:17 PM
Machine      : OABServer
Message      : OALGen encountered an error while generating the binpatch.oab file for differential downloads of address list '\Global Address List'.  Clients will not be able to incrementally update to the new version of the offline address list, they will perform a full download instead.  This is normal if this is the first time this offline address list has been generated.  Check other logged events to see if this is a serious error.
- Default Offline Address List

NOTE: This is the first indication that you have a problem! You should never see a 9116 event any other time then when you generate your OAB for the first time.

Event ID     : 9109
Raw Event ID : 9109
Record Nr.   : 860554
Category     : OAL Generator
Source       : MSExchangeSA
Type         : Warning
Generated    : 4/7/2009 5:19:17 PM
Written      : 4/7/2009 5:19:17 PM
Machine      : OABServer
Message      : OALGen encountered an error ffffffff (internal ID 50303f6) while generating address list '\Global Address List'.  Check other logged events to see if this is a serious error.
- Default Offline Address List

The key here is to check your anti-virus software to make sure that none of the OAB files have been quarantined. Being that the details.oab file is the biggest OAB file, it has the potential to get looked at more by anti-virus software than the other OAB files due to it’s size and usage. More evidence that the anti virus software had foul play here is to look at the data.oab file. In doing so you will see that it might contain one attachment called Deleted attachment.txt.

When this happens the client can not apply the difference file which results in the 9116 which most of the time is a normal event if you just built your OAB for the first time.

The Fix

  1. Make sure your anti virus software has the proper exclusions set to not monitor the exchange OAB directories on your exchange server.
  2. Make sure on the client you are excluding the *.oab files.

Dave