powershell – 不能在New-MoveRequest中使用UPN凭据吗?

前端之家收集整理的这篇文章主要介绍了powershell – 不能在New-MoveRequest中使用UPN凭据吗?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我们正在进行混合设置(Exchange 2013 on-prem),并且MRSproxy已启用并正常运行.我们想要在用户离开公司时归档用户的邮箱.因此,我们希望将这些邮箱从Office 365迁移回我们的内部部署服务器.我一直在尝试创建一个离开脚本,New-MoveRequest cmdlet继续发出以下错误
The MailBox Replication Service was unable to connect to the remote server using the credentials provided. Please check the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' Failed.
Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error:
(401) Unauthorized.. --> The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an
error: (401) Unauthorized.
    + CategoryInfo          : NotSpecified: (:) [New-MoveRequest],RemotePermanentException
    +9,Microsoft.Exchange.Man
   agement.Migration.MailBoxReplication.MoveRequest.NewMoveRequest
    + PSComputerName        : outlook.office365.com

所以我测试了Test-MigrationServerAvailability -ExchangeRemoteMove -RemoteServer webmail.blah.com -Credentials $UserName<#>使用以下3种类型的PSCredentials:

UserName1 : <domain>\<SamAccountName>

UserName2 : <SamAccountName>

UserName3 : <SamAccountName>@<domain> (UPN)

使用UserName1和UserName2,我得到

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Success
Message            :
ConnectionSettings : <ExchangeConnectionSettings HasAdminPrivilege="True" HasAutodiscovery="False" HasMrsProxy="True" AutodiscoverUrl="" IncomingEmailAddress="" IncomingRPCProxyServer="webmail.blah.ccom"
                     IncomingExchangeServer="webmail.blah.com" IncomingNSPIServer="" IncomingDomain="" IncomingUserName="UserName<#>" EncryptedIncomingPassword="something"
                     IncomingAuthentication="Basic" ServerVersion="" TargetDomainName="" SourceMailBoxLegDn="" PublicFolderDatabaseServerLegacyDN="" IsPublicFolderMailBoxesMigrationSource="False" />
SupportsCutover    : False
ErrorDetail        :
IsValid            : True
Identity           :
ObjectState        : New

但是使用UserName3我得到:

RunspaceId         : 3966b356-0f49-46c3-9373-e914827fc6ed
Result             : Failed
Message            : The connection to the server 'webmail.blah.com' could not be completed.
ConnectionSettings :
SupportsCutover    : False
ErrorDetail        : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server 'webmail.blah.com' could not be completed. --->
                     Microsoft.Exchange.MailBoxReplicationService.RemotePermanentException: The MailBox Replication Service was unable to connect to the remote server using the credentials provided. Please check
                     the credentials and try again. The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' Failed. Error details: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
                     authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized. --->
                     Microsoft.Exchange.MailBoxReplicationService.RemotePermanentException: The call to 'https://webmail.blah.com/EWS/mrsproxy.svc' Failed. Error details: The HTTP request is unauthorized with client
                     authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --->
                     Microsoft.Exchange.MailBoxReplicationService.RemotePermanentException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
                     the server was 'Negotiate,NTLM'. ---> Microsoft.Exchange.MailBoxReplicationService.RemotePermanentException: The remote server returned an error: (401) Unauthorized.
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.MailBoxReplicationService.MailBoxReplicationServiceFault.<>c__DisplayClass97_0.<ReconstructAndThrow>b__0()
                        at Microsoft.Exchange.MailBoxReplicationService.ExecutionContext.Execute(Action operation)
                        at Microsoft.Exchange.MailBoxReplicationService.MailBoxReplicationServiceFault.ReconstructAndThrow(String serverName,VersionInformation serverVersion)
                        at Microsoft.Exchange.MailBoxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7_0.<CallService>b__0()
                        at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall,String context)
                        at Microsoft.Exchange.MailBoxReplicationService.WcfClientWithFaultHandling`2.CallService(Action serviceCall,String context)
                        at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn serverName,Guid mbxGuid,NetworkCredential credentials,LocalizedException& error)
                        --- End of inner exception stack trace ---
                        at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
                        at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailability.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid            : True
Identity           :
ObjectState        : New

查看New-MoveRequest和Test-MigrationServer的TechNet文章,Credentials / RemoteCredential参数应接受UPN用户名.

这是Exchange 2013的限制吗?我可以使用UPN用户名远程PSSession到内部部署Exchange服务器,并导入CMDlet,所以我很遗憾为什么它不适用于从Office 365加载的New-MoveRequest和Test-MigrationServer?

它可能只是CMDLET的实现以及它如何协商连接.您的端点配置了Negotiate,因此客户端和服务器应决定您使用的是kerberos还是NTLM.在您失败的尝试中,它没有正确检测到,并试图回退到基本身份验证 – 您的服务器未配置为支持.

NTLM不支持UPN格式,并且您没有kerberos票证,因此这可能是原因.您通常不会在Windows客户端/服务器上遇到此问题,因为大多数应用程序似乎都会重新格式化用户名reqeust.但是,如果您的samAccountName和UPN预修复不同,则凭据将不匹配.

我确定你的samAccountName和UPN前缀匹配帐户.如果没有,或者它们仍然失败,您应该能够在EWS上启用基本身份验证.这应该允许它回退到客户端并在服务器端被接受.由于这是O365连接,我认为我们可以安全地假设您已经使用HTTPS – 如果您使用Basic Auth作为凭据在计划文本中发送,这当然是至关重要的.

原文链接:https://www.f2er.com/windows/368968.html

猜你在找的Windows相关文章