Hi All,

Few Days Back we just migrate from Google Apps to Office365.Every things seems to be working fine except Offline Address Book.Offiline Address Book is not able to download just going in send and receive process and produce timeout error.

We just raised Service Request to Microsoft and below is their findings which they send on email.

Issue Definition:

Your users are not able to download Offline Address Book from Outlook. OWA is not affected. The Autodiscover Test from Microsoft Remote Connectivity Analyzer is successful. With a domain user logged on a domain joined machine, the issue can be reproduced from local network and from outside. With a machine not joined to the domain, the OAB can be downloaded without any problems. The issue is present for all users. For troubleshooting reasons we chose user: osama.mansoor@crescent.com.pk

Steps performed so far:

We ran again the Autodiscover test from Microsoft Remote Connectivity Analyzer and was successful.

We made the AutoConfiguration test from Outlook 2013. Test was successful and provided the same URL for OAB: https://outlook.office365.com/OAB/df3bf201-d31f-4a69-e51dcf5daa09/

We tested in the IE the OAB link: https://outlook.office365.com/OAB/df3bf201-d31f-4a69-e51dcf5daa09/OAB.xml. We were able to access the XML after entering the affected users credentials.

In Outlook Web App the issue is not present.

We started the ETL logging for Outlook 2013 and ran the Fiddler Trace Application to capture the HTTPS traffic decoded.

With Fiddler Trace running the issue was solved. Fiddler Trace application installed a certificate for decoding the HTTPS traffic. After removing the Fiddler Trace certificate the issue came back.

Steps to be performed:

Please send me by email the files collected in our LMI session.

We conclude that issue is not Office 365 related. Please check the following in your internal network:

1. verify the certificate installed for users from local AD.
2. if you have proxy, check if the OAB request is allowed to pass.
3. check that the Background Intelligence Transfer Service (BITS) service is running on the affected machine: http://blogs.technet.com/b/ehlro/archive/2014/03/21/oab-download-and-bits-service.aspx
4. please be sure BITS service is not blocked at proxy / firewall level.
5. please check local AD policies that can be related with BITS and certificates.

MY Question :

Can someone help me how can I check is localAD certificate having this problem or not ?

Hi Osama-Mansoor,

I am not quite understand some description in below information,

For first demand, 1, verify the certificate installed for users from local AD.

Since I am not familiar with how o365 certificate has configured your current PKI or whether you are using the third party certificate vendor, I cant not determine which certificate we need to check, at Windows Server PKI use scenario, for a client computer to trust the server certificates that you have installed from a local CA, you must install the root certificate from the CA on the client computer. Follow this procedure on any client computer that requires the root certificate. You can refer the following KB to check whether your client certificate installed correctly (assume you have one tier CA structure).

Installing a root certificate

https://msdn.microsoft.com/en-us/library/Cc750534.aspx

Since I am not familiar with o365 third party certificate use scenario, personal point is you can refer the following KB to check your certificate.

Plan for third-party SSL certificates for Office 365

https://support.office.com/en-my/article/Plan-for-third-party-SSL-certificates-for-Office-365-b48cdf63-07e0-4cda-8c12-4871590f59ce

For below question:

3.check that the Background Intelligence Transfer Service (BITS) service is running on the affected machine:  http://blogs.technet.com/b/ehlro/archive/2014/03/21/oab-download-and-bits-service.aspx

4.please be sure BITS service is not blocked at proxy / firewall level.

5.please check local AD policies that can be related with BITS and certificates.

You can check whether the BITS service is running or there have any BITS service error event occur, the following KB have the details information:

Background Intelligent File Transfer Service (BITS) Overview

https://technet.microsoft.com/en-us/library/cc732428.aspx

BITS Service

https://technet.microsoft.com/en-us/library/cc734614(v=ws.10).aspx

For the BITS firewall and group policy settings you can refer the following KB to check whether they have configured properly.

Internet Gateway Device Support

https://technet.microsoft.com/en-us/library/cc734709(v=ws.10).aspx

Group Policies

https://msdn.microsoft.com/en-us/library/aa362844(v=vs.85).aspx

Im glad to be of help to you!

Thanks Alex for Replying..............

BITS is Running and no polices or firewall is blocking BITS

I am not Office365 Expert but I just know that Office365 does not need any third party certificate on client machine although they just ask customers to access some certifcates sites to be access which is already allow

Please find the demand certificate by Office365 Team.

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity

We do not have configured any ROOT CA or Certificate Server so should I look into following links or should I ignore

<<<<<<<<<<<<<<<<<<<<<<

Installing a root certificate

https://msdn.microsoft.com/en-us/library/Cc750534.aspx

Since I am not familiar with o365 third party certificate use scenario, personal point is you can refer the following KB to check your certificate.

Plan for third-party SSL certificates for Office 365

https://support.office.com/en-my/article/Plan-for-third-party-SSL-certificates-for-Office-365-b48cdf63-07e0-4cda-8c12-4871590f59ce

>>>>>>>>>>>>>>>>>>>>>>>