In an earlier post, we discussed a problem that affected our Outlook 2010 clients that connect to an Exchange 2007 server running on SBS 2008. After KB2553248 was installed on domain workstations, Outlook upon prompted for a smart card on Windows 7, and a displayed password dialog box on Windows XP. Previously, Outlook started up and connected to Exchange immediately without user interaction.
Uninstalling the offending patch (listed twice in Add/Remove) corrected the problem, so a few hours were spent on-site removing the update from workstations and finally declining it in the WSUS console. We had a similar break in Outlook-Exchange connectivity after deploying updates early in 2011 that we were not able to resolve without uninstalling them (KB2412171 and KB2509470) .
Around this same time, our client requested that we troubleshoot a separate, less severe problem with Outlook clients not receiving updates to the address book. Domain users had not been able to download the Offline Address Book since the initial download when Outlook first connected to Exchange. Initially, the OAB download immediately failed with error code 0x8004010F.
The first step to solving this was opening IIS Manager and configuring SSL for the Autodiscover virtual directory to ignore client certificates. It was by default set to Accept.
This alone did not resolve the problem. More research brought me to check the value of the OAB Internal URL field in the Exchange Management Console. The field was set by default to the external address we provided in the SBS Connect to the Internet wizard. When we changed the value to the internally accessible FQDN, all Outlook clients were now able to download the OAB.
We then wondered if any of the changes we made to correct the OAB download were related to why KB2553248 and the earlier Outlook updates caused us problems. After successfully testing those updates on a few machines and then rolling them out to the entire network, we had our answer.