Symptoms
When you use an S/MIME certificate that contains the value of 2.5.29.37.0 for the Any Purpose object identifier (also known as OID) in the Enhanced Key Usage (EKU) attribute, the certificate is considered invalid and is not included in the Offline Address Book (OAB). Therefore, the OAB is not generated as expected.
Resolution
To resolve this issue, install the following update:
2961522 Update Rollup 7 for Exchange Server 2010 Service Pack 3
Workaround
To work around this issue, use a certificate that contains the value of 1.3.6.1.5.5.7.3.4 for the Secure Email object identifier in the EKU attribute.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about EKU, go to the following Microsoft website: