After our transition to Exchange 2010 most things were working as expected. One thing that wasn’t was the OAB. I did set it to the new generation as I was supposed to, but the clients were still not getting any updates.
After some hunting around the web I discovered that I also needed to update the distribution point from the virtual directory of the old 2007 server to the new 2010 server. I hoped that this would fix it, but it did not. It turns out that something I had set to make my life easier made my life harder!
I had setup folder redirection to point OWA access to https from http, as well as redirecting to /owa so that users would not have to remember everything in the url. This was working but it broke the OAB delivery and gave an error 500. It turns out that when you setup the redirection on the root folder in IIS7/7.5, and you then turn that off for the underlying virtual directories, IIS sets up a web.config file in every underlying directory. You have to then go into the file structure on the server and allow ‘Authenticated Users’ read and read-execute permissions on that web.config file. Once I had done this my OAB was then available and all the clients went and downloaded it.
Yet another one of the little gotchas that is not documented.