I ran into an interesting issue where the Exchange 2010 OAB failed to download to Outlook 2010, 2007, and 2003 clients. This started after configuring Outlook Web Access redirection using the IIS HTTP redirect capability (sending "/" to "/OWA"). In testing the issue, I attempted to browse to the OAB xml file manually through my web browser. I noticed that I received a HTTP 500 internal server error instead of receiving the OAB xml output.
I found that this was caused by the configuration of the redirect changing the security permissions on the web.config file within the OAB virtual directory.
To fix the problem, browse to the OAB virtual directory and re-add the authenticated users group to "read" and "read and execute" permissions on the web.config file.
Here are the corrected permissions:
I hope this helps everyone out!