Issues with OAB after applying URL simplification: Exchange 2010 SP1

Arriving at work I found out that OAB was giving some users issues. Specifically they are stuck at "Offline Address Book is connecting to Exchange Server".

A little research led me to discover others have had this behavior. http://social.technet.microsoft.com/forums/en-US/exchangesvrgeneral/thread/548f2ecc-faae-4744-8b33-7de536196d7d/?prof=required

Looking at C:\program files\Microsoft\exchange\v14\clientaccess\oab\ the permissions are set correctly. However, looking at the parent folder of \oab\ I discovered that there are not enough necessary permissions established to complete the permissions chain and give the desired effective permissions on the subfolder.

http://technet.microsoft.com/en-us/library/dd535384(EXCHG.80).aspx

I am still in testing on this one. I noticed that the CAS servers that did not have redirection performed upon them had the same /oab/ permissions structure so if this fixes the issue I am really confused. Alternatively, I am seeing some issue with permissions for the "authenticated users" on the web.config file that is generated by the redirection process. I have noticed that "authenticated users" have only read permissions on the web.config file and I am testing to see if https://mail.myorg.com/oab/yourguid/oab.xml returns an http 500 error code.

Well instead of http 500 I get 403; enalbed directory listing for the oab dir and now I can list the oab.xml. I have a new issue which is that using owa all distribution group members show up. Using outlook.exe only specific members of the groups show up. There is not a consistent listing of distribution group members between owa's oab and that of outlook.exe 2k7/2k10.

Still working on this issue; will update.