Friday, 30 January 2015

OAB in Exchange Server 2013

In Exchange 2013, the Offline Address Book (OAB) is generated by each Exchange 2013 Mailbox server(s) that hosts a special type of arbitration mailbox, called organization mailbox. OAB generation is not bound by the Server parameter anymore.

The unbinding of OAB from a specific server allows the same OAB to be generated by multiple Mailbox servers. This new architecture provides greater resiliency in OAB generation.

The OABGeneratorAssistant, a mailbox assistant running under the Microsoft Exchange Mailbox Assistants service, generates the OAB. Like most other mailbox assitants, the OABGEnerationAssistant is a throttled process – it runs or pauses according to the workload on the server.

The OAB files are generated and stored in the Organization Mailbox first and later copied to the %ExchangeInstallPath%\ClientAccess\OAB\ folder.

In Exchange 2013, OAB files are not stored locally on the CAS. CAS 2013 proxies all OAB download requests to the appropriate Exchange 2013 Mailbox server. With this change in the architecture, the Microsoft Exchange File Distribution Service is removed from the CAS role.

In Exchange 2013, this is the flow of OAB download:

Outlook receives OAB URL from Autodiscover and reaches designated CAS 2013 through OAB URL.

The CAS server performs the following actions:

1. Performs initial authentication for OAB.
2. Queries Active Directory and determines the closest Organization Mailbox for the requesting user.
3. Queries Active Directory again to determine the mailbox database hosting the Organization Mailbox.
4. Queries the Active Manager to determine the mailbox server where the mailbox database is active (mounted).
5. Proxies the request to the Mailbox server identified in step 4.
6. Retrieves OAB files and passes them to the client.

The Organization Mailbox is a new type of arbitration mailbox introduced with Exchange 2013. The arbitration mailbox with persisted capability OrganizationCapabilityOABGen is referred to as Organization Mailbox. It plays a crucial role in OAB generation, storage and distribution. Each Exchange Server 2013 mailbox role hosting an Organization Mailbox will generate all Exchange 2013 OAB’s defined in the environment. The OAB is generated in the Organization Mailbox first and later copied to the disk.

For a non-DAG environment, use following command to identify the OAB Generation servers:
Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like "*oab*"} | ft name,servername

For a DAG environment, identifying OAB generation server(s) is a two-step process:

Step1: Identify the mailbox database hosting organization mailbox with OAB Gen capability:
Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like "*oab*"} | ft name,database

Step2: Identify the mailbox server where the database hosting organization mailbox is mounted:
Get-MailboxDatabaseCopyStatus mbx01

The server where database status is “mounted” is the current OAB generation server.

The following example creates OAB for address list named “Global Address List FAB”:
New-OfflineAddressBook -Name OAB-FAB -AddressLists "Global Address List FAB"

Move the organization mailbox to a mailbox database on a server intended to be designated as OAB Generation server.

DB1 is a single copy database present on the server Exch1 and hosts the organization mailbox. DB2 is mailbox database present on Exch2.

The following command can be used to move the organization mailbox to DB2 and make Exch2 the OAB generation server.

Get-Mailbox -Arbitration -database db1| where {$_.PersistedCapabilities –like “*oab*”} | New-MoveRequest -TargetDatabase db2

Administrators can create additional Organization Mailboxes for fault tolerance or for serving users in a geographically disbursed Exchange deployment.

Step1: Create a new arbitration mailbox

New-Mailbox -Arbitration -Name "OAB Seattle" -Database DB2Seattle -UserPrincipalName –DisplayName “OAB Mailbox for Seattle”

Step2: Enable OABGen capability

Set-Mailbox -Arbitration oabs -OABGen $true

The OAB Generation till Exchange Server 2010 was based on a “Schedule” set on OAB properties. You might see a “Schedule” defined when viewing properties of Exchange 2013 OAB. But, the Exchange Server 2013 OAB generation does not take place according to the “Schedule” defined on OAB properties:

Get-OfflineAddressBook “Default Offline Address Book” | fl schedule

Instead, Exchange Server 2013 OAB Generation takes place according to OABGeneratorWorkCycle and OABGeneratorWorkCycleCheckpoint properties configured at the Mailbox Server.

Get-MailboxServer ExMBX01 | fl *oab*

These default values mean OAB is generated once every day.

To change the OAB generation schedule so it runs every 4 hours:
Set-MailboxServer ExMBX01 -OABGeneratorWorkCycle 01.00:00:00 -OABGeneratorWorkCycleCheckpoint 04:00:00

The new OAB generations can be confirmed in the Application log under events with Source: MSExchangeMailboxAssistants and ID: 17002.

The Exchange Server 2013 CAS role proxies the OAB download request to an appropriate Mailbox role server. The CAS role maintains log of each request it handles in the log files, present in folder %ExchangeInstallPath%\Logging\HttpProxy\OAB\

These log files are an excellent tool to identify which mailbox server the CAS chose to serve the request.

TargetServer Name of Mailbox role server to which request was proxied

Below command will force OAB generation of an OAB named "Default Offline Address Book" across all organization mailboxes.
Update-OfflineAddressBook "default offline address book"

Exchange Server 2013 CAS role proxies the OAB download request to a “nearest” mailbox server hosting an active Organization Mailbox. It can proxy the request in round robin fashion if it finds more than one organization mailbox active in same AD site. Prior to CU5, this will result in frequent full OAB downloads and is therefore, not recommended.

Prior to CU5, customers should only deploy a single OAB generation mailbox per Exchange organization to prevent users from accessing different OAB generation mailboxes and requiring a full OAB download. With CU5 and later, customers can assign OABs to specific OAB generation mailboxes and not have to worry about accidentally triggering full OAB downloads due to accessing different OAB generation mailboxes.

What happens to my existing OABs when I upgrade to CU5?

When you upgrade to CU5, all existing OABs are linked to the system arbitration mailbox, SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}, regardless of whether there are additional OAB generation mailboxes within the environment. This ensures that all OABs are still generated after CU5 is installed. This has two implications:

1. If you were not aware of our guidance of deploying only a single OAB generation mailbox per organization, and instead, deployed multiple OAB generation mailboxes, those mailboxes will no longer generate OABs after the servers hosting their databases are upgraded to CU5. This means that Outlook clients will perform a full OAB download (as they are now accessing a different OAB instance).

2. Once you dedicate an OAB to a specific OAB generation mailbox, this will be a new OAB instance and thus, will trigger a full download for the Outlook clients.

Note: Users will not experience full OAB downloads after CU5 is deployed if your deployment does not contain multiple OAB generation mailboxes.

Does upgrade order of roles matter?

The upgrade order of the roles only matters if you have multiple OAB generation mailboxes deployed. In CU5, the HTTP proxy logic in the Client Access server role was updated to ensure that an OAB request is routed to the correct OAB generation mailbox. Therefore, it is important to upgrade your Client Access servers prior to upgrading your Mailbox servers if you have multiple OAB generation mailboxes deployed in your environment. If you upgrade your Mailbox servers to CU5 before upgrading your Client Access servers, users will potentially be routed to OAB generation mailboxes that are not responsible for the OAB the user is requesting, resulting in failed download requests.

How do I dedicate an existing OAB to specific OAB Generation Mailbox?

Once CU5 is deployed, you can dedicate existing OABs to specific OAB generation mailboxes by executing the following command, utilizing the GeneratingMailbox parameter:

Set-OfflineAddressBook "Portland OAB" –GeneratingMailbox "CN=OAB Mailbox 1,CN=Users,DC=contoso,DC=com"

The GeneratingMailbox parameter only accepts the distinguished name value of the OAB generation mailbox; other identity types (e.g., domain\account, UPN, alias, etc.) do not work.

Once you have linked the OAB to an OAB generation mailbox, you will need to execute Update-OfflineAddressBook:

Update-OfflineAddressBook "Portland OAB"

To change the default OAB:

Set-OfflineAddressBook -Identity "My OAB" -IsDefault $true

Change the default offline address book
Managing OAB in Exchange Server 2013
OAB Improvements in Exchange 2013 Cumulative Update 5
OAB in Exchange Server 2013
Offline address book procedures

No comments:

Post a Comment