我有两个域,我正在尝试通过联盟共享日历忙/闲信息. SiteA是Exchange 2010 SP2的内部部署. SiteB是Office 365企业版部署.
两个组织都通过MSFT网关联合.
共享从SiteA到SiteB的工作,这意味着SiteB的用户可以请求访问SiteA的用户并查看他们的日历.
共享无法从SiteB到SiteA.
运行Test-OrganizationRelationship显示以下内容:
[PS] C:\Windows\system32>Test-OrganizationRelationship -UserIdentity me@site.a -Identity siteB -verbose VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Active Directory session settings for 'Test-OrganizationRelationship' are: View Entire Forest: 'False',Default Scope: 'mydomain',Configuration Domain Controller: 'mydc',Preferred Global Catalog: 'mygc',Preferred Domain Controllers: '{ mydc1,mydc2 }' VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Runspace context: Executing user: me@site.a,Executing user organization:,Current organization:,RBAC-enabled: Enabled. VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Beginning processing & VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension agent "Admin Audit Log Agent". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{,}},Recipient Write Scopes: {{,Configuration Read Scope: {{,Configuration Write Scope(s): {{,},Exclusive Recipient Scope(s): {},Exclusive Configuration Scope(s): {} } VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "me" of type "ADUser" under the root "$null". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : PrevIoUs operation run on global catalog server 'mygc'. VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "siteB" of type "OrganizationRelationship" under the root "$null". VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : PrevIoUs operation run on domain controller 'mydc'. VERBOSE: Test that organization relationships are properly configured. VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Resolved current organization: . VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the remote federation information. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc. VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : Generating delegation token for user me@siteA for application http://outlook.com/. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The delegation token was successfully generated. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called to determine the remote organization relationship settings. VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Client will call the Microsoft Exchange Autodiscover service using the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity. VERBOSE: [20:24:10.553 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service Failed to be called at 'https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred: WebException.Response = <cannot read response stream> Exception: System.Net.WebException: The request Failed with HTTP status 404: Not Found. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message,WebResponse
我找不到任何理由让它失败.它在自动发现调用wssecurity时失败了.所有在线帖子都说要为虚拟目录启用wssecurity,但这不是Office 365完全在线部署的选项.坦率地说,O365的联合共享应该“正常工作”
下一篇文章是从SiteB(O365)到SiteA(EX 2010)的组织关系数据
PS C:\Users\me> Get-OrganizationRelationship | fl Creating a new session for implicit remoting of "Get-OrganizationRelationship" command... RunspaceId : b56a8f0b-7e7e-4e8c-bf5c-c33209e59b13 DomainNames : {SiteA} FreeBusyAccessEnabled : True FreeBusyAccessLevel : LimitedDetails FreeBusyAccessScope : MailBoxMoveEnabled : False DeliveryReportEnabled : False MailTipsAccessEnabled : False MailTipsAccessLevel : None MailTipsAccessScope : PhotosEnabled : False TargetApplicationUri : FYDIBOHF25SPDLT.SiteA.us TargetSharingEpr : TargetOwaURL : TargetAutodiscoverEpr : https://autodiscover.SiteA.us/autodiscover/autodiscover.svc/WSSecurity OrganizationContact : Enabled : True ArchiveAccessEnabled : False USEOAuth : False AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : SiteA DistinguishedName : CN=SiteA,CN=Federation,CN=Configuration,CN=appriver3651001356.onmicrosoft.com,CN=ConfigurationUni ts,DC=NAMPR04A001,DC=prod,DC=outlook,DC=com Identity : SiteA Guid : d01ce3d5-6b47-41c6-b597-9f5ed5aca4a8 ObjectCategory : NAMPR04A001.prod.outlook.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship ObjectClass : {top,msExchFedSharingRelationship} WhenChanged : 7/19/2013 3:36:22 AM WhenCreated : 7/19/2013 3:36:13 AM WhenChangedUTC : 7/19/2013 10:36:22 AM WhenCreatedUTC : 7/19/2013 10:36:13 AM OrganizationId : NAMPR04A001.prod.outlook.com/Microsoft Exchange Hosted Organizations/appriver3651001356.onmicrosoft.com - NAMPR04A001.prod.outlook.com/ConfigurationUn its/appriver3651001356.onmicrosoft.com/Configuration OriginatingServer : BL2PR04A001DC06.NAMPR04A001.prod.outlook.com IsValid : True ObjectState : Unchanged
这是从SiteA(EX 2010)到SiteB(O365)
[PS] C:\Windows\system32>Get-OrganizationRelationship | fl RunspaceId : a9029d90-cdf0-494a-85ea-a960bc04f023 DomainNames : {SiteB domains,4 total} FreeBusyAccessEnabled : True FreeBusyAccessLevel : LimitedDetails FreeBusyAccessScope : MailBoxMoveEnabled : False DeliveryReportEnabled : False MailTipsAccessEnabled : False MailTipsAccessLevel : None MailTipsAccessScope : TargetApplicationUri : http://outlook.com/ TargetSharingEpr : TargetOwaURL : TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity OrganizationContact : Enabled : True ArchiveAccessEnabled : False AdminDisplayName : ExchangeVersion : 0.10 (14.0.100.0) Name : SiteB DistinguishedName : CN=SiteB,CN=First Organization,CN=Microsoft Exchange,CN=Services,DC=my,DC=site Identity : SiteB Guid : 458f9921-f2f8-4286-92e2-a3f0b8c444f1 ObjectCategory : Mysite/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship ObjectClass : {top,msExchFedSharingRelationship} WhenChanged : 7/19/2013 10:37:58 PM WhenCreated : 7/19/2013 3:16:18 PM WhenChangedUTC : 7/20/2013 5:37:58 AM WhenCreatedUTC : 7/19/2013 10:16:18 PM OrganizationId : OriginatingServer : MyDC IsValid : True
应该注意的是,当我进入TargetAutodiscoverEPR(https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity)时,系统会提示我输入凭据,这意味着我得到的404错误是bunk.
我注意到的另一件奇怪的事情是我从SiteA到SiteB设置组织关系.运行Get-FederationInformation会为SiteB生成以下内容
PS C:\Users\me> Get-FederationInformation -DomainName SiteB Creating a new session for implicit remoting of "Get-FederationInformation" command... RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 TargetApplicationUri : outlook.com DomainNames : {SiteB domains,4 total} TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity TokenIssuerUris : {urn:federation:MicrosoftOnline} IsValid : True ObjectState : Unchanged
TargetApplicationUri声明“outlook.com”,这就是我在SiteA EMC中设置组织关系时输入的方式.但是,分享不起作用,测试让我得到以下信息
PS C:\Users\me> Test-OrganizationRelationship -UserIdentity me@SiteB -Identity SiteA RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 Identity : Id : ApplicationUrisDiffer Status : Error Description : The TargetApplicationUri of the remote organization doesn't match the local ApplicationUri of the Federation Trust object. The remote URI value is http://outlook.com/. The local URI value is outlook.com/. IsValid : True ObjectState : New RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20 Identity : Id : VerificationOfRemoteOrganizationRelationshipFailed Status : Error Description : There were errors while verifying the remote organization relationship SiteB. IsValid : True ObjectState : New
我不得不手动进入Org Relationship对象(SiteB对SiteB的信任)并将URI从“outlook.com”更改为“http://outlook.com”以便共享以便在该方向上工作.这是设置这一切的另一个怪癖,这让我觉得这是O365方面的MSFT问题……