Sometimes you have the need to download the Offline Addressbook (OAB) for the Outlook email client manually.
When initiating a manual OAB download you might encounter a 0x80200051 error. A common mitigation scenario is to switch between Outlook Online-Mode and Outlook Cached-Mode multiple times. This mitigation scenario does not solve the issue.
When you active Outlook Cached-Mode it is required to perform a full OAB download. The OAB download dialogue provides an option to download OAB changes only. This option ist selected by default. To start a full OAB download you must deselect the checkbox.
Using this download setting you will not encounter the mentioned error and the Offline Addressbook is downloaded by your Outlook email client sucessfully.
When you run software solutions that make use of TLS secured communication channels the applications need to have access to the certificate's private key. The private key is part of the certificate stored in the local certificate store of the computer. In most cases the software solution creates a new self-signed certificate and configures access rights appropriately.
When establishing TLS communication channels to external partners, the use of a public SSL/TLS certificate is a must have requirement.
The following step-by-step instructions describe how to assign Read permisson for the Email Security Solution Gateway NoSpamProxy. In this case the solution does not utilize a classic service account, but a so-called virtual service account. Virtual service accounts provide a much better access security when executing Windows services.
Open the local computers certificate store using the MMC Snap-Ins.
Select the certificate to use and open the context menu (right click).
Select Manage Private Keys to manage the private key permissions.
Click Add and add the required service accounts.
In this case the virtual service accounts are part of the local computer entity. Select the local computer and not the Active Directory domain as source when searching accounts. Virtual accounts us the prefix NT Service.
Add the follow accounts to configure read access for NoSpamProxy on a server having the Gateway and Intranet role installed.
Add the follow accounts to configure read access for NoSpamProxy on a server having the Gateway role installed only.
Click Check Names to verifiy the existence of the entered service accounts.
When correctly resolved the accounts names are replaced by theis respective display names. Click OK to add the accounts.
Configure read access for all added service accounts and click OK.
The software solution is now capable of accessing the private key of the certificate.