我有两个域名,我试图通过联合之间共享日历忙/闲信息。 SiteA是Exchange 2010 SP2的内部部署。 SiteB是Office 365企业部署。
两个组织都通过MSFT网关进行联合。
从SiteA到SiteB共享作品,这意味着SiteB的用户可以请求访问SiteA的用户并查看他们的日历。
共享不能从SiteB到SiteA。
运行Test-OrganizationRelationship显示以下内容:
[PS] C:\Windows\system32>Test-OrganizationRelationship -UserIdentity [email protected] -Identity siteB -verbose VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Active Directory session settings for 'Test-OrganizationRelationship' are: View Entire Forest: 'False', Default Scope: 'mydomain', Configuration Domain Controller: 'mydc', Preferred Global Catalog: 'mygc', Preferred Domain Controllers: '{ mydc1, mydc2 }' VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Runspace context: Executing user: [email protected], Executing user organization: , Current organization: , RBAC-enabled: Enabled. VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Beginning processing & VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension agent "Admin Audit Log Agent". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} } VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "me" of type "ADUser" under the root "$null". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Previous operation run on global catalog server 'mygc'. VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "siteB" of type "OrganizationRelationship" under the root "$null". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Previous operation run on domain controller 'mydc'. VERBOSE: Test that organization relationships are properly configured. VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Resolved current organization: . VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the remote federation information. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : Generating delegation token for user me@siteA for application http://outlook.com/. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The delegation token was successfully generated. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called to determine the remote organization relationship settings. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Client will call the Microsoft Exchange Autodiscover service using the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity. VERBOSE: [20:24:10.553 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service failed to be called at 'https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred: WebException.Response = <cannot read response stream> Exception: System.Net.WebException: The request failed with HTTP status 404: Not Found. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse 我找不到任何失败的理由。 它在自动发现调用wssecurity时失败。 所有在线的post都说为虚拟目录启用wssecurity,但这不是完全在线部署Office 365的选项。坦率地说,从O365联合共享应该“Just Work”
下一部分是从SiteB(O365)到SiteA(EX 2010)的组织关系数据,
PS C:\Users\me> Get-OrganizationRelationship | fl Creating a new session for implicit remoting of "Get-OrganizationRelationship" command... RunspaceId : b56a8f0b-7e7e-4e8c-bf5c-c33209e59b13 DomainNames : {SiteA} FreeBusyAccessEnabled : True FreeBusyAccessLevel : LimitedDetails FreeBusyAccessScope : MailboxMoveEnabled : False DeliveryReportEnabled : False MailTipsAccessEnabled : False MailTipsAccessLevel : None MailTipsAccessScope : PhotosEnabled : False TargetApplicationUri : FYDIBOHF25SPDLT.SiteA.us TargetSharingEpr : TargetOwaURL : TargetAutodiscoverEpr : https://autodiscover.SiteA.us/autodiscover/autodiscover.svc/WSSecurity OrganizationContact : Enabled : True ArchiveAccessEnabled : False UseOAuth : False AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : SiteA DistinguishedName : CN=SiteA,CN=Federation,CN=Configuration,CN=appriver3651001356.onmicrosoft.com,CN=ConfigurationUni ts,DC=NAMPR04A001,DC=prod,DC=outlook,DC=com Identity : SiteA Guid : d01ce3d5-6b47-41c6-b597-9f5ed5aca4a8 ObjectCategory : NAMPR04A001.prod.outlook.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship ObjectClass : {top, msExchFedSharingRelationship} WhenChanged : 7/19/2013 3:36:22 AM WhenCreated : 7/19/2013 3:36:13 AM WhenChangedUTC : 7/19/2013 10:36:22 AM WhenCreatedUTC : 7/19/2013 10:36:13 AM OrganizationId : NAMPR04A001.prod.outlook.com/Microsoft Exchange Hosted Organizations/appriver3651001356.onmicrosoft.com - NAMPR04A001.prod.outlook.com/ConfigurationUn its/appriver3651001356.onmicrosoft.com/Configuration OriginatingServer : BL2PR04A001DC06.NAMPR04A001.prod.outlook.com IsValid : True ObjectState : Unchanged
这是从SiteA(EX 2010)到SiteB(O365)
[PS] C:\Windows\system32>Get-OrganizationRelationship | fl RunspaceId : a9029d90-cdf0-494a-85ea-a960bc04f023 DomainNames : {SiteB domains, 4 total} FreeBusyAccessEnabled : True FreeBusyAccessLevel : LimitedDetails FreeBusyAccessScope : MailboxMoveEnabled : False DeliveryReportEnabled : False MailTipsAccessEnabled : False MailTipsAccessLevel : None MailTipsAccessScope : TargetApplicationUri : http://outlook.com/ TargetSharingEpr : TargetOwaURL : TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity OrganizationContact : Enabled : True ArchiveAccessEnabled : False AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : SiteB DistinguishedName : CN=SiteB,CN=Federation,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=my,DC=site Identity : SiteB Guid : 458f9921-f2f8-4286-92e2-a3f0b8c444f1 ObjectCategory : Mysite/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship ObjectClass : {top, msExchFedSharingRelationship} WhenChanged : 7/19/2013 10:37:58 PM WhenCreated : 7/19/2013 3:16:18 PM WhenChangedUTC : 7/20/2013 5:37:58 AM WhenCreatedUTC : 7/19/2013 10:16:18 PM OrganizationId : OriginatingServer : MyDC IsValid : True
应该注意的是,当我inputTargetAutodiscoverEPR( https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity )时,系统提示input凭据,这意味着我得到的404错误是双层的。
我注意到的另一个奇怪的事情是,当我从SiteA设置组织关系到SiteB。 运行Get-FederationInformation为SiteB生成以下内容
PS C:\Users\me> Get-FederationInformation -DomainName SiteB Creating a new session for implicit remoting of "Get-FederationInformation" command... RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 TargetApplicationUri : outlook.com DomainNames : {SiteB domains, 4 total} TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity TokenIssuerUris : {urn:federation:MicrosoftOnline} IsValid : True ObjectState : Unchanged
TargetApplicationUri声明“outlook.com”,这就是我在SiteA EMC中设置组织关系时input的内容。 然而,共享没有工作,testing让我以下
PS C:\Users\me> Test-OrganizationRelationship -UserIdentity me@SiteB -Identity SiteA RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 Identity : Id : ApplicationUrisDiffer Status : Error Description : The TargetApplicationUri of the remote organization doesn't match the local ApplicationUri of the Federation Trust object. The remote URI value is http://outlook.com/. The local URI value is outlook.com/. IsValid : True ObjectState : New RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 Identity : Id : VerificationOfRemoteOrganizationRelationshipFailed Status : Error Description : There were errors while verifying the remote organization relationship SiteB. IsValid : True ObjectState : New
我不得不手动进入组织关系对象(SiteB的SiteA信任),并将URI从“outlook.com”更改为“ http://outlook.com ”分享工作在这个方向。 这是另一个怪异的设置这一切,使我的事情,这是O365方面的MSFT问题…
我有完全相同的问题,我想我设法解决它,但约5分钟
基本上今天我试图重新发现设置通过使用“ 自动发现configuration信息 ”
它从https://podxxxxx.outlook.com/autodiscover/autodiscover.svc/WSSecurity将TargetAutodiscoverEpr更改为https://podxxxxx.outlook.com/autodiscover/autodiscover.svc/WSSecurity 。 它工作了大约5分钟,并开始提出401错误。 重新发现并再次返回到podxxxxxy格式。
希望能提供一些线索。
我在Exchange 2010 SP2 RU5v2上遇到了完全相同的问题。 经过微软一位非常优秀的工程师的大量testing,他build议升级到Exchange 2010 SP3 UR2。 他指出我http://support.microsoft.com/kb/2896834/en-us 。 我们证实,我们实际上得到了404错误。
我正在为SP3 UR2升级做准备。 希望那是问题。
有趣的是,当我第一次configuration联盟和OrgRelationships它工作正常。 由于某些本地系统更改(即Symantec SEP的更新)或O365上的最新更新,它停止工作。 不幸的是,我不知道究竟是什么触发器…
担
我有同样的问题。 我的内部部署2010年交换不能看到Office 365交换的忙/闲。 我运行这个命令来设置TargetSharingEpr,现在我可以查看Office 365日历的空闲忙碌情况。 在我运行命令之前,variables是空的。
set-OrganizationRelationship“remote domain”-TargetSharingEpr https://pod51041.outlook.com/EWS/Exchange.asmx/WSsecurity