Exportar (0) Imprimir
Expandir todo
Expandir Minimizar

How to Troubleshoot Parent Distinguished Name Changes

 

Última modificación del tema: 2006-11-02

By David Goldman.

With Microsoft® Exchange Server 5.5 coming to the end of its support life cycle, many companies have been migrating from Exchange 5.5 to Exchange 2000 Server or Exchange Server 2003. One major component that is affected by mixed mode site migrations and consolidation is the Offline Address Book (OAB). Troubleshooting OAB Parent Distinguished Name (PDN) changes is an important part of Exchange 5.5 migrations.

This article describes an OAB PDN table change, and how to isolate and fix issues and problems associated with PDN changes.

A PDN table is a string table that is maintained by Offline Address Book Generation (OABGen) of Parent Distinguished Names. When the OAB Generation process is generating an address list, it will split the ExchangeLegacyDN and x500 proxy addresses that belong to an object into two separate parts:

  1. PDN – Parent Distinguished Name - /o=ORG/ou=SITE/cn=CONTAINER/
  2. RDN – Relative Distinguished Name - /CN=dgoldman

The PDN table is used as a reference for the Exchange client (such as Microsoft Outlook®) when it builds Messaging Applications Programming Interface (MAPI) entry IDs of mail recipients. Because most recipients in the OAB share the same small set of PDNs, a table is used to save space instead of storing them separately for each recipient. Before Exchange 2003 SP2, the OAB Generation process had problems dealing with the addition and removal of PDNs. When a PDN table change is detected, it will cause the OAB generation process to skip one day’s differential build. OAB Version 2 and OAB Version 3a clients are affected by this and the ramifications are a full download for the client. With the addition of Exchange 2003 SP2, this is no longer a problem for OAB Version 4 clients (Outlook 2003 SP2 and later versionslater).

noteNOTA:
When you use Offline Address Book version 4, you must use Exchange 2003 SP2 (or later versions) later on the server and Outlook 2003 SP2 (or later versions) later on the client.
  • If you upgrade to Exchange Server 2003 SP2, the server will generate the new Offline Address Book version 4 files. However, if you have not installed Outlook 2003 SP2 on the client computers, Outlook 2003 cannot locate the Offline Address Book version 4 files. Therefore, Outlook 2003 continues to download the earlier versions of Offline Address Book files.
  • If you upgrade to Outlook 2003 SP2 and you continue to use versions of Microsoft Exchange Server that are earlier than Exchange 2003 SP2, the clients will continue to download the earlier versions of Offline Address Book files.
    For more information about OAB version 4, see Microsoft Knowledge Base article, 906559 "Information about the changes that occur to the Offline Address Book after you install Outlook 2003 SP2 and Exchange Server 2003 SP2".

For more information about previous OAB versions, see the section titled Offline Address Book Folders Structure in the Microsoft Knowledge Base article, 823817 "Exchange Server 2003 public folder administration improvements"

http://go.microsoft.com/fwlink/?linkid=3052&kbid=823817.

When generating an address list, you may receive a combination of the following Events IDs: 9340s, 9341s, 9342s and (9360s - discussed later in this document).

Event Type: Warning (Added PDN)
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9340
Date: 11/2/2005
Time: 10:06:25 AM
Computer: SERVERNAME
Description: A new parent Legacy Exchange DN container value '/o=ORG/ou=SITE/cn=CONTAINER/cn=A/cn=SITE' was found during generation of the differential update file for offline address list '\Global Address List'.  This will force clients using this offline address list to do a full download of the offline address list. - Default Offline Address List

Event Type: Warning (PDN Removed)
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9341
Date: 11/2/2005
Time: 10:06:25 AM
Computer: SERVERNAME
Description: The parent Legacy Exchange DN container value '/o=ORG/ou=SITE/cn=CONTAINER/cn=A/cn=SITE' was not found during generation of the differential update file for offline address list '\Global Address List'.  This will force clients using this offline address list to do a full download of the offline address list. - Default Offline Address List
Event Type: Warning (No Previous Diff found
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9342
Date: 11/2/2005
Time: 10:06:25 AM
User: N/A
Computer: SERVERNAME
Description: No earlier version of an offline address list for '\Global Address List' can be found. No differential update file will be produced. This is expected if this is the first time this offline address list has been generated. - Default Offline Address List
Event Type: Error
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9360
Date: 11/2/2005
Time: 10:06:25 AM
User: N/A
Computer: SERVERNAME
Description: OALGen encountered an error when generating the changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'.  The offline address list has not been updated so clients will be unable to download the current set of changes.  Check other logged events to find the cause of this error.

  1. If the PDN table changes in the OAB by either a new PDN or removal of a PDN, then all Outlook cached mode clients using V2 of V3 OAB will also attempt a full download. The PDN table is the set of all PDNs found in the directory.
  2. The administrator can cause a change in the PDN table in these ways:
  3. Manually modifying a legacyExchangeDN in the AD to create a PDN that did not exist before. This most frequently is done by accident if someone is editing this value and mistypes the value, therefore creating a new PDN. With Exchange 5.5 and ADC, creating a new container in 5.5 and inserting an object into it, or deleting the last object in a 5.5 container.
  4. With Exchange 5.5 and ADC, and the ADC set to replicate the container hierarchy to 5.5, creating new mail-enabled objects in a new AD container. The ADC will create the new container in 5.5 and back-replicate the new 5.5 distinguished name as the legacyDN of the AD object creating a new PDN.
  5. Adding an Administrative Group (AG). The first mailbox created on a server in this AG will cause a new PDN to appear in the directory.
  6. Deleting the last object that uses a particular PDN in its legacyExchangeDN or proxyAddresses. Example: Several years after consolidating and deleting a site, the last mailbox formerly in that site is finally deleted. The x500 placeholder is gone and reduces the size of the PDN table.
  7. Adding/removing/modifying an X500 proxy address that has a new PDN. You can do this using ADU&C. If the X500 address is in the local org, but the organizational unit (OU) and containers are new or mistyped, a PDN will be added or deleted from the table.
    noteNOTA:
    The reason why this is such a problem is because the pdndex.oab file cannot be re-indexed after it has been created on the client (Outlook) side. This can only occur on a full download. To stop Outlook clients from being affected by this, both the Outlook 2003 client and Exchange Server 2003 must be running SP2. If the Outlook 2003 client is on SP2 it should automatically update to the version 4 providing that the client is already using a Unicode profile and that the Outlook 2003 SP2 client actually connected to the server where the OAB v4 is.

By default in Exchange 2003 SP2, there is a change in what OAB Version 2 and OAB Version 3 does when it detects a PDN change (addition or removal).

The old behavior (before Exchange 2003 SP2) was that we would not generate a differences file, but will still create a full OAB post. As soon as Outlook clients try to download the OAB differences files, it will notice that there is no differences file and the clients will be forced to do a full download. This can generate lots of heavy network traffic and cause other issues.

The new behavior (with SP2) is to generate neither a differences file nor full OAB post. You are also able to add a registry key on the Exchange server to force Exchange to post a full OAB message when a differential failure has occurred to revert to the old SP1 behavior.

To add the "OAL post full if diff fails" registry key
  1. Click Start, click Run, type regedit, and then click OK.

  2. Open: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters

  3. On the Edit menu, point to New, and then click DWORD Value.

  4. Type OAL post full if diff fails, and then press ENTER.

  5. Right-click OAL post full if diff fails, and then click Modify.

  6. In the Value data box, type 0x1 (1).

  7. Exit Registry Editor

If this registry key is added, an event will be logged when a differential generation fails:

Event Type: Warning
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9116
Date: 11/2/2005
Time: 10:06:25 AM
User: N/A
Computer: SERVERNAME
Description: OALGen encountered an error when generating the changes.oab file for differential downloads of address list '\Global Address List'.  Clients will be unable to incrementally update to the new version of the offline address list, they will perform a full download instead.  This is typical if this is the first time this offline address list has been generated. Check other logged events to see whether this is a serious error.

If the registry key does not exist or is set to zero, a new event is logged if a diff generation fails:

Event Type: Error
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9360
Date: 8/15/2005
Time: 5:06:52 AM
User: Unavailable
Computer: SERVERNAME
Description: OALGen encountered an error when generating the changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'.  The offline address list has not been updated so clients will be unable to download the current set of changes. Check other logged events to find the cause of this error. 

  1. Check for active directory related issues. If you have made changes and the OAB generation is diff is still failing, it is probably because the OAB generation is reading from a domain controller that does not contain the object changes. You can do this by running the following tools:
    Netdiag with the /v switch
    Dcdiag with the /v switch
    Network Monitor
    ExBPA - (Link provided at the bottom of this document)
    OABInteg - (Link provided at the bottom of this document)
    noteNOTA:
    You can run OABInteg to obtain this information or take a Network Monitor trace during OAB generation process to see where the NSPI calls are going. Then use ADSIEdit to check that domain controller first and compare the results to the other domain controllers in the site.
  2. If you have Exchange 2003 SP2 installed you can start the generation process and look for Event ID 9117.
Event Type: Information
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9117
Date: 10/26/2005
Time: 12:21:06 PM
User: N/A
Computer: SERVERNAME
Description: OALGen successfully opened a connection to Active Directory which will supply the current Address Lists. - Default Offline Address List 
  1. Do not change OAB generation servers. *The problem may continue to exist*. - Active Directory replication latencies or lack of replication can contribute to this problem and usually do. This is common because, when you generate the OAB it reads all the data in a linear manner from the active directory. You will find the same data if you are connecting to a domain controller that has not yet received the new data. In addition, you have to consider different service pack levels on servers. This could lead to different behavior when generating an offline address list.
  2. As soon as the objects have been located try to confirm what changes have been made. This should help you identify what must be done to correct it. You will only find objects that contain invalid X500 addresses and invalid legacyExchangeDNs.
  3. If you make any corrections and changes, you must make sure that you replicate all your active directory domain controllers. This will make sure that all domain controllers contain the up-to-date changes.

If you are in a mixed mode environment and you are cross-site migrating users manually, you will want to create a mail enabled object, add X500 addresses to this placeholder object for all the sites that you plan to migrate out of. You must do this so when the objects are moved we do not cause a PDN change.

noteNOTA:
Forgetting to add this X500 proxy address to the objects can cause your diff files to failing during the generation process. Otherwise, the diff generation will fail and all OAB Version 2 and OAB Version 3a clients will be making a trip to the server for the full OAB which can cause a network flood.
noteNOTA:
If you have Exchange 2003 SP1 you can use the new mixed-mode cross-site move mailbox functionality. Mail enabled objects that have been moved cross-site are associated with the distinguished name of the object that existed before the move. This association will be maintained because Exchange 2003 SP1 applies an X.500 proxy address on the mailbox or distribution list that references the original mailbox or distribution list object in the source site.

Note   When running in Exchange 2000 native mode, legacyDNs do not change when users are moved between admin groups.

Note   PDN changes are not based on the container being removed. It is based on the last recipient being removed. During the OAB generation process we will include X500 addresses to the OAB for recipients that belong to the same org (/O=<organization name>).

Note   You might see different behavior when generating an offline address list on an Exchange 2003 Service Pack 1 and Service Pack 2.

Refer to the section New default behavior with Exchange 2003 SP2.

When you receive an Event Id 9341 during an OAB generation
  1. Examine the Event ID 9341 and examine the legacyExchangeDN value '/O=Org/OU=Site/CN=Recipient' that is referenced. This means that no object in the current offline address list being generated has that value any longer. The object may have been deleted or mail disabled. Or, there may be an object in the active directory that still has a reference to that PDN. However, it is not in the current offline address list and is no longer in the PDN table for this OAB. This object can be any mail enabled object (Public Folder, Distribution List, or Contact).

  2. Create a placeholder object that would belong to the affected offline address list. This object will be in the form of a mail enabled contact. As soon as the contact is created, make sure that the Recipient Update Service stamps this user who has the default proxy addresses.

  3. Add an X500 address to this contact with the PDN that has been referenced in the 9341 Event ID: '/O=Org/OU=Site/CN=Recipient'. Before you ok this address you must add a Relative Distinguished Name to it /cn=ContactName.

Example of the X500 proxy address. '/O=Org/OU=Site/CN=ContactName’.

  1. Note   This will add the new PDN to the table and correct this issue.

You receive an Event ID 9341 for an object that has a temporary legacyExchangeDN. If there is an object in the active directory that does not have a legacyExchangeDN, the NT DS provider will add a temporary legacyExchangeDN that starts with /o=NT5 and this will contain the GUID of the forest. This DN will not appear in the Active Directory using LDAP tools, but is only returned by the Active Directory through its MAPI interface.

Event Type: Information
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9341
Date: 10/26/2005
Time: 12:21:06 PM
Computer: SERVERNAME
Description: The parent Legacy Exchange DN container value 
'/o=NT5/ou=EAEB4348E4B6DB41ADA82A87B993E4BD' was not found during generation of the differential update file for offline address list '\Global Address List'.  This will force clients using this offline address list to do a full download of the offline address list. 
- Default Offline Address List 

Note   You must have Exchange 2003 SP build (6.5. 7569.0) installed in order to use this registry key.

We can add a registry key to detect these values: To enable this functionality, you must set the OAL NT5 DN Rejection registry value.

Set the OAL NT5 DN Rejection registry value
  1. Click Start, click Run, type regedit, and then click OK.

  2. Locate and then click to select the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters

  1. On the Edit menu, point to New, and then click DWORD Value
  2. Type OAL NT5 DN Rejection, and then press ENTER.
  3. Right-click OAL NT5 DN Rejection, and then click Modify.
  4. In the Value data box, type 0x1 (1).
  5. Exit Registry Editor.

Note   This will warn us if we have temp legacyExchangeDNs for recipients and will not add them to the OAL.

You receive an Event ID 9340 that indicates that a new PDN has been added to the PDN table.

Event Type: Warning (Added PDN)
Event Source: MSExchangeSA
Event Category: OAL Generator
Event ID: 9340
Date: 11/2/2005
Time: 10:06:25 AM
Computer: SERVERNAME
Description: A new parent Legacy Exchange DN container value '/o=ORG/ou=SITE/cn=CONTAINER/cn=A/cn=SITE' was found during generation of the differential update file for offline address list '\Global Address List'.  This will force clients using this offline address list to do a full download of the offline address list. - Default Offline Address List

Note   When you change a PDN you receive a 9340 event. If you do not have the “OAL post full if diff fails” registry key set to let the OAB generate a full post, the Exchange server will still have the old PDN table before you first changed the legacyExchangeDN. When you change the legacyDN back to its original state, you will not see the 9341 Event ID. This is because the new PDN was never saved in the OAB.

To enable this functionality, you must set the “OAL post full if diff fails” registry value. To do this, follow these steps:

Click Start, click Run, type regedit, and then click OK.

Locate and then click to select the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters

On the Edit menu, point to New, and then click DWORD Value.

Type OAL post full if diff fails, and then press ENTER.

Right-click OAL post full if diff fails, and then click Modify.

In the Value data box, type 0x1 (1).

Exit Registry Editor.

Note   This will force the Exchange server to save the new changes and post a full OAB message after the failure.

Because there are several cases listed here that can cause many full OAB downloads, you should understand the effect on bandwidth a large OAB download will have on the network.

If many Outlook clients are trying to download the Full OAB at the same time, this can take significant time for all downloads to complete (Example: If an organization has a 10 MB OAB, with 50 Outlook clients at a remote site, this equates to 500 MB of data to download. Using the full bandwidth of a 256kbps link, without latency, it would take about 4.5 hours to transfer the 500 MB download.) In addition, the OAB is downloaded through MAPI and RPC. MAPI and RPC will add a small percentage of additional data to the total download, and the latency between Outlook and the Exchange server will limit how much of the overall bandwidth can be used for all the data to be transferred.

Overall each client may not take the whole time but between all clients, the network will be used for the overall duration of the OAB Download.

noteNOTA:
The 4.5 hour value was calculated by dividing 500 MB by 32 kilobytes per second (KBps) (32 KBps = 256 Kbps). This calculation does not consider any network latency, the extra traffic because of RPC, or any other uses of the network link.

To determine duration of OAB downloads, first determine the size of your Full OAB. You can use Exchange System Manager (ESM) from Exchange 2003 to determine the size or the OAB. Visit the Public Folders node in ESM. Right-click and select "View System Folders." Here, you can find the OAB Version 3a folder, and in the tabs on the right, select "Content." You will be able to see the last 30 days worth of changes. The larger object that has multiple attachments is the Full OAB and the size can be determined by adding the size of the attachments.

The Exchange server can easily handle many download requests for the OAB. Therefore, multiple attempts to download a Full OAB over a slow link can saturate a network. A saturated network happens when all the available bandwidth is being used. When this happens, there are two significant side effects.

  • Applications that need to use the WAN will perform slowly because the applications wait for their network request to traverse the saturated WAN link.
  • The actual traffic needed on the WAN will increase because individual network requests may time-out causing additional requests.

When the network becomes saturated, the latency increases not only the time that each client takes to download the OAB, but also the overall duration. Typically this means that the data rate for each client is reduced. However if the latency increases too much, RPC packets will time out. This causes additional RPC requests for the same data to be retrieved. In addition, if someone is using Outlook and the download is canceled or fails, Outlook will delete what has downloaded and re-attempt the download. Therefore, more data will be requested and increase the overall duration of a large set of OAB downloads.

When Outlook downloads the OAB from the Exchange server, it will download the OAB through a series of RPC packets. Each packet is received, acknowledged, and then the next one is sent. Based on the latency between Outlook and Exchange, a single Outlook client is limited on how fast it can receive and acknowledge each packet. Because of this delay a single Outlook client may be unable to saturate a network link. However, as more Outlook clients start to download the OAB, the combined download rate of all clients could saturate the link. The link will remain saturated until the Full OABs have been downloaded.

The relationship is linear, in that the larger the latency between the Outlook client and the Exchange server, the fewer packets can be received, and the more clients can download an OAB before a slow line is saturated. The reverse is also true, if latency is low, fewer clients are needed to saturate a slow link. The number of Outlook clients that can download the OAB at the same time without saturating the WAN will increase as either network latency increases or network bandwidth increases.

If your organization must minimize the effects of the full OAB downloads across a WAN, here are the recommended options available in Exchange 2003 SP1.

The first option is to limit large sets of full OAB downloads as much as you can. Review the earlier stated conditions and consider whether there are practices in your organization that can be put to use to limit the cases that cause a Full OAB Download.

Several Examples include the following:

  1. Consider how and when groups of users are moved between servers.
  2. Consider when large changes are being made to the Active Directory (such as applying a new area code).
  3. When in a mixed Exchange environment, consider where new mailboxes are created and if the growth of the PDN table can be limited.

As much as the items that trigger a full download can be limited in an organization, the need for a full OAB download can also be limited.

You can limit the OAB in Exchange 2003 with the following steps:

  1. Upgrade to Exchange 2003 SP2. There have been several fixes to the Exchange Offline Address Book service to filter out unnecessary attributes that include extra certificates that are not used by Outlook.
  2. Consider certificates. Certificates are the largest single attribute stored in the OAB, expired certificates or un-used certificates can be removed from the directory.
  3. Consider using the No Details OAB for Remote Desktop clients:
  4. The No Details OAB is an option for remote Outlook clients to only have a minimal OAB. This OAB version is very small and only contains the display name, e-mail addresses, and office location.

Benefits: The advantage of the No Details OAB is that it is small. Therefore, the cost of the download is limited.

Limitations: Any time Outlook tries to locate details about an address, Outlook will perform an online request directly to the Active Directory for the details. Offline access has very limited information so for laptop users who are primarily offline, this is not an option.

  1. Consider a Remote OAB Only Server for Remote Outlook clients:

An Exchange Public Folder Only Server (without mailbox stores) can be installed at a remote site that uses an OAB. All remote clients at this remote site would download the OAB from the local Exchange Public Folder server.

Benefits: Downloads of the Full OAB do not affect the WAN, and a full mailbox server is not required so mailbox servers can still be consolidated to a central location.

Limitations: An extra server is required at the remote site

  1. Limit number of users who access Exchange across a remote link:

The effect of the Full OAB download is directly related to the number of users

downloading the OAB. Your organization may have to consider how many remote Outlook clients can be supported across a WAN before the affect of a Full OAB download is too high, and limit the number of remote clients as needed.

OABInteg KB Article ID 907792: Description of the Offline Address Book Integrity (OABInteg) tool: http://go.microsoft.com/fwlink/?LinkId=74606

Microsoft Exchange Server Analyzer Tools: http://go.microsoft.com/fwlink/?LinkId=34707

 
¿Te ha resultado útil?
(Caracteres restantes: 1500)
Gracias por sus comentarios
Mostrar:
© 2014 Microsoft