Event 9344 - OAL Generator (error)

During the last week I have troubleshooted Offline Address Book (OAB) generation on a Exchange 2007 deployment. The OABs didn't generate any files on the mailbox server (in the C:\Program Files\Microsoft\Exchange Server\ExchangeOAB directory).

The application log gave the following information:
Source: MSExchangeSA
Category: OAL Generator
Event ID: 9344
Description: OALGen could not find the address list with the Active Directory object GUID of '/guid=08EF907625C16F47833B53E2AA26BE08' in the list of available address lists. Please check the offline address list configuration object. - Administrators OAB

After checking the GUID for the Address List that Administrators OAB was built from with a VBScript (see below for script) I thought this had something todo with permissions on the Address List container inside Active Directory. I checked the permissions on the following containers:
  • CN=All Address Lists,CN=Address Lists Container,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
  • CN=All Global Address Lists,CN=Address Lists Container,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
  • CN=Offline Address Lists,CN=Address Lists Container,CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
After looking at the permissions I notices that Network Service didn't had permissions to any of the address lists in the different containers. After adding Network Service with default permissions the Offline Address Lists generated successfully:
  • List Contents
  • Read All Properties
  • Read Permissions
See Exchange 2007 Server Setup Permissions Reference for details about permissions modified during setup.

Please also note that Network Service in the default configuration inherits the permissions from CN=,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com and are not explicit set on the Address List containers. The Exchange organization that I investigated was set up to be a hosting provider and that was the reason for breaking inheritance.

VBscript for checking GUID of an address list
Dim obArgs
Dim cArgs
Dim Path
Set obArgs = WScript.Arguments
cArgs = obArgs.Count
If cArgs <> 1 Then
WScript.Echo "Usage: cscript scripname Addresslist"
WScript.Echo "Written by Rikard Strand, Net Works AS, 2007"
wscript.quit
End If
'Modify the path below to match the Active Directory and Exchange
organizationPath = "LDAP://CN=" & obArgs.Item(0) & ",CN=All Address Lists,CN=Address Lists Container,CN=ExchangeOrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,dc=com"
wscript.echo "------------------"
wscript.echo "Running query on:"
wscript.echo Path
wscript.echo "------------------"
Set objUser = GetObject(path)
arrbytGuid = objUser.object
GuidstrHexGuid = OctetToHexStr(arrbytGuid)
Wscript.Echo "User Guid in hex string format: " & strHexGuid
strGuid = HexGuidToGuidStr(strHexGuid)
Wscript.Echo "User Guid in display format: " & strGuid
Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
' From http://www.rlmueller.net/
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
NextEnd
Function
Function HexGuidToGuidStr(strGuid)
' Function to convert Hex Guid to display form.
' From http://www.rlmueller.net/
Dim k
HexGuidToGuidStr = ""
For k = 1 To 4
HexGuidToGuidStr = HexGuidToGuidStr & Mid(strGuid, 9 - 2*k, 2)
Next
HexGuidToGuidStr = HexGuidToGuidStr & "-"
For k = 1 To 2
HexGuidToGuidStr = HexGuidToGuidStr & Mid(strGuid, 13 - 2*k, 2)
Next
HexGuidToGuidStr = HexGuidToGuidStr & "-"
For k = 1 To 2
HexGuidToGuidStr = HexGuidToGuidStr & Mid(strGuid, 17 - 2*k, 2)
Next
HexGuidToGuidStr = HexGuidToGuidStr & "-" & Mid(strGuid, 17, 4)
HexGuidToGuidStr = HexGuidToGuidStr & "-" & Mid(strGuid, 21)
End Function
Tastes:
Posted by RikardStrand at 11:01

No comments:

Post a Comment