exchange-2010 – 无法从O365共享日历忙/闲信息到外部联盟域

Windows 2020-06-18
我有两个域,我正在尝试通过联盟共享日历忙/闲信息. SiteA是Exchange 2010 SP2的内部部署. SiteB是Office 365企业版部署.

两个组织都通过MSFT网关联合.

共享从SiteA到SiteB的工作,这意味着SiteB的用户可以请求访问SiteA的用户并查看他们的日历.

共享无法从SiteB到SiteA.

运行Test-OrganizationRelationship显示以下内容

[PS] C:\Windows\system32>Test-OrganizationRelationship -UserIdentity me@site.a -Identity siteB -verbose
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Active Directory session settings for
'Test-OrganizationRelationship' are: View Entire Forest: 'False',Default Scope: 'mydomain',Configuration
Domain Controller: 'mydc',Preferred Global Catalog: 'mygc',Preferred
Domain Controllers: '{ mydc1,mydc2 }'
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Runspace context: Executing user:
me@site.a,Executing user organization:,Current organization:,RBAC-enabled: Enabled.
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Beginning processing &
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension
agent "Admin Audit Log Agent".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{,}},Recipient Write Scopes: {{,Configuration Read Scope: {{,Configuration Write Scope(s): {{,},Exclusive
Recipient Scope(s): {},Exclusive Configuration Scope(s): {} }
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "me" of type "ADUser" under the root
 "$null".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : PrevIoUs operation run on global catalog server
'mygc'.
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "siteB" of type "OrganizationRelationship"
under the root "$null".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : PrevIoUs operation run on domain controller
'mydc'.
VERBOSE: Test that organization relationships are properly configured.
VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Resolved current organization: .
VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the
 remote federation information.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : Generating delegation token for user me@siteA for
application http://outlook.com/.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The delegation token was successfully generated.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called
 to determine the remote organization relationship settings.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Client will call the Microsoft Exchange Autodiscover
service using the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity.
VERBOSE: [20:24:10.553 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service Failed to be
called at 'https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred:
 WebException.Response = <cannot read response stream>
Exception:
System.Net.WebException: The request Failed with HTTP status 404: Not Found.
   at System.Web.Services.Protocols.soapHttpClientProtocol.ReadResponse(SoapClientMessage message,WebResponse

我找不到任何理由让它失败.它在自动发现调用wssecurity时失败了.所有在线帖子都说要为虚拟目录启用wssecurity,但这不是Office 365完全在线部署的选项.坦率地说,O365的联合共享应该“正常工作”

下一篇文章是从SiteB(O365)到SiteA(EX 2010)的组织关系数据

PS C:\Users\me> Get-OrganizationRelationship | fl
Creating a new session for implicit remoting of "Get-OrganizationRelationship" command...


RunspaceId            : b56a8f0b-7e7e-4e8c-bf5c-c33209e59b13
DomainNames           : {SiteA}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel   : LimitedDetails
FreeBusyAccessScope   :
MailBoxMoveEnabled    : False
DeliveryReportEnabled : False
MailTipsAccessEnabled : False
MailTipsAccessLevel   : None
MailTipsAccessScope   :
PhotosEnabled         : False
TargetApplicationUri  : FYDIBOHF25SPDLT.SiteA.us
TargetSharingEpr      :
TargetowaURL          :
TargetAutodiscoverEpr : https://autodiscover.SiteA.us/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact   :
Enabled               : True
ArchiveAccessEnabled  : False
USEOAuth              : False
AdmindisplayName      :
ExchangeVersion       : 0.10 (14.0.100.0)
Name                  : SiteA
distinguishedname     : CN=SiteA,CN=Federation,CN=Configuration,CN=appriver3651001356.onmicrosoft.com,CN=ConfigurationUni
                        ts,DC=NAMPR04A001,DC=prod,DC=outlook,DC=com
Identity              : SiteA
Guid                  : d01ce3d5-6b47-41c6-b597-9f5ed5aca4a8
ObjectCategory        : NAMPR04A001.prod.outlook.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass           : {top,msExchFedSharingrelationship}
WhenChanged           : 7/19/2013 3:36:22 AM
WhenCreated           : 7/19/2013 3:36:13 AM
WhenChangedUTC        : 7/19/2013 10:36:22 AM
WhenCreatedUTC        : 7/19/2013 10:36:13 AM
OrganizationId        : NAMPR04A001.prod.outlook.com/Microsoft Exchange Hosted
                        Organizations/appriver3651001356.onmicrosoft.com - NAMPR04A001.prod.outlook.com/ConfigurationUn
                        its/appriver3651001356.onmicrosoft.com/Configuration
OriginatingServer     : BL2PR04A001DC06.NAMPR04A001.prod.outlook.com
IsValid               : True
ObjectState           : Unchanged

这是从SiteA(EX 2010)到SiteB(O365)

[PS] C:\Windows\system32>Get-OrganizationRelationship | fl

RunspaceId            : a9029d90-cdf0-494a-85ea-a960bc04f023
DomainNames           : {SiteB domains,4 total}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel   : LimitedDetails
FreeBusyAccessScope   :
MailBoxMoveEnabled    : False
DeliveryReportEnabled : False
MailTipsAccessEnabled : False
MailTipsAccessLevel   : None
MailTipsAccessScope   :
TargetApplicationUri  : http://outlook.com/
TargetSharingEpr      :
TargetowaURL          :
TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact   :
Enabled               : True
ArchiveAccessEnabled  : False
AdmindisplayName      :
ExchangeVersion       : 0.10 (14.0.100.0)
Name                  : SiteB
distinguishedname     : CN=SiteB,CN=First Organization,CN=Microsoft Exchange,CN=Services,DC=my,DC=site
Identity              : SiteB
Guid                  : 458f9921-f2f8-4286-92e2-a3f0b8c444f1
ObjectCategory        : Mysite/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass           : {top,msExchFedSharingrelationship}
WhenChanged           : 7/19/2013 10:37:58 PM
WhenCreated           : 7/19/2013 3:16:18 PM
WhenChangedUTC        : 7/20/2013 5:37:58 AM
WhenCreatedUTC        : 7/19/2013 10:16:18 PM
OrganizationId        :
OriginatingServer     : MyDC
IsValid               : True

应该注意的是,当我进入TargetAutodiscoverEPR(https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity)时,系统会提示我输入凭据,这意味着我得到的404错误是bunk.

我注意到的另一件奇怪的事情是我从SiteA到SiteB设置组织关系.运行Get-Federationinformation会为SiteB生成以下内容

PS C:\Users\me> Get-Federationinformation -DomainName SiteB
Creating a new session for implicit remoting of "Get-Federationinformation" command...


RunspaceId            : d6086380-948f-43db-9d0c-4ba7325b5a20
TargetApplicationUri  : outlook.com
DomainNames           : {SiteB domains,4 total}
TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris       : {urn:federation:MicrosoftOnline}
IsValid               : True
ObjectState           : Unchanged

TargetApplicationUri声明“outlook.com”,这就是我在SiteA EMC中设置组织关系时输入的方式.但是,分享不起作用,测试让我得到以下信息

PS C:\Users\me> Test-OrganizationRelationship -UserIdentity me@SiteB -Identity SiteA


RunspaceId  : d6086380-948f-43db-9d0c-4ba7325b5a20
Identity    :
Id          : ApplicationUrisDiffer
Status      : Error
Description : The TargetApplicationUri of the remote organization doesn't match the local ApplicationUri of the
              Federation Trust object. The remote URI value is http://outlook.com/. The local URI value is
              outlook.com/.
IsValid     : True
ObjectState : New

RunspaceId  : d6086380-948f-43db-9d0c-4ba7325b5a20
Identity    :
Id          : VerificationOfRemoteOrganizationRelationshipFailed
Status      : Error
Description : There were errors while verifying the remote organization relationship SiteB.
IsValid     : True
ObjectState : New

我不得不手动进入Org Relationship对象(SiteB对SiteB的信任)并将URI从“outlook.com”更改为“http://outlook.com”以便共享以便在该方向上工作.这是设置这一切的另一个怪癖,这让我觉得这是O​​365方面的MSFT问题……

我有完全相同的问题,我认为我设法解决它,但它是约5分钟

基本上今天我尝试使用“自动发现配置信息”重新发现设置

它将TargetAutodiscoverEpr从https://podxxxxx.outlook.com/autodiscover/autodiscover.svc/WSSecurity更改为https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity.它工作了大约5分钟,并开始出现401错误.重新发现并再次返回podxxxxxy格式.

希望能提供一些线索.

相关文章

Windows2012R2备用域控搭建
Windows2012R2备用域控搭建 前置操作 域控主域控的主dns:自...
主域控角色迁移和夺取(转载)
主域控角色迁移和夺取(转载) 转载自:http://yupeizhi.blo...
Windows2012R2 NTP时间同步
Windows2012R2 NTP时间同步 Windows2012R2里没有了internet时...
Windows注册表操作基础代码
Windows注册表操作基础代码 Windows下对注册表进行操作使用的...
黑客常用WinAPI函数整理
黑客常用WinAPI函数整理之前的博客写了很多关于Windows编程的...
一个简单的Windows Socket可复用框架
一个简单的Windows Socket可复用框架说起网络编程,无非是建...