Проблема с Autodiscover в Exchange Hybrid

• Question

• 

  

  0

  Sign in to vote

  После настройки гибрида Exchange on-prem и Exchange Online вроде бы всё работает как надо, но есть одно но:

  1. Не работает Autodiscover для Exchange on-prem

  2. При выполнении командлета Test-OrganizationRelationship есть ошибки:

  On-premise:

  Test-OrganizationRelationship -UserIdentity user@commondomain.ru -Identity "On-premises to O365 - xxxx-xxxx-xxxx-xxxx-xxxx"
  

  Begin testing for organization relationship CN=On-premises to O365 - 
  xxxx-xxxx-xxxx-xxxx-xxxx,CN=Federation,CN=ITC,CN=Microsoft 
  Exchange,CN=Services,CN=Configuration,DC=it-courses,DC=ru, enabled state
   True.
  
  Exchange D-Auth Federation Authentication STS Client Identities are 
  urn:federation:MicrosoftOnline/FYDIBOHF25SPDLT.commondomain.ru;
  
  STEP 1: Validating user configuration
  RESULT: Success.
  
  STEP 2: Getting federation information from remote organization...
  RESULT: Success.
  
  STEP 3: Validating consistency in returned federation information
  RESULT: Success.
  
  STEP 4: Requesting delegation token from the STS...
  RESULT: Success.
  Retrieved token for target 
  https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
   for offer Name=MSExchange.Autodiscover,Duration=28800(secs)
  
  STEP 5: Getting organization relationship setting from remote partner...
  RESULT: Success.
  
  STEP 6: Validating organization relationships returned from remote partner
  RESULT: Error.
  
  LAST STEP: Writing results...
  
  RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
  Identity    :
  Id          : ApplicationUrisDiffer
  Status      : Warning
  Description : The TargetApplicationUri of the remote organization 
  doesn't match the local ApplicationUri of the Federation Trust object. 
  The remote URI value is http://fydibohf25spdlt.meranetworks.ru/. The 
  local URI value is outlook.com.
  IsValid     : True
  ObjectState : New
  
  RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
  Identity    :
  Id          : PropertiesDiffer
  Status      : Warning
  Description : The values of property MailboxMoveEnabled are different 
  and should match. The local organization relationship On-premises to 
  O365 - xxxx-xxxx-xxxx-xxxx-xxxx has value True, and the remote 
  organization relationship O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx
   has value False.
  IsValid     : True
  ObjectState : New
  
  RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
  Identity    :
  Id          : VerificationOfRemoteOrganizationRelationshipFailed
  Status      : Error
  Description : There were errors while verifying the remote organization 
  relationship O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx.
  IsValid     : True
  ObjectState : New
  COMPLETE.
  

  
  

  
  

  Cloud:

  Test-OrganizationRelationship -UserIdentity user@commondomain.ru -Identity "O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx"
  
  

  Begin testing for organization relationship CN=O365 to On-premises - 
  xxxx-xxxx-xxxx-xxxx-xxxx,CN=Federation,CN=Configuration,CN=clouddomain.onmicrosoft.com,CN=ConfigurationUnits,DC=EURP190A001,DC=PROD,DC=OUTLOOK,DC=COM,
   enabled state True.
  
  Exchange D-Auth Federation Authentication STS Client Identities are 
  uri:WindowsLiveID/outlook.com;urn:federation:MicrosoftOnline/outlook.com;
  
  STEP 1: Validating user configuration
  WARNING: The federated domain 'commondomain.ru' of the user is in the 
  local organizational relationship which normally only contains the 
  domains of external organizations.
  RESULT: Success.
  
  STEP 2: Getting federation information from remote organization...
  RESULT: Success.
  
  STEP 3: Validating consistency in returned federation information
  RESULT: Success.
  
  STEP 4: Requesting delegation token from the STS...
  RESULT: Success.
  Retrieved token for target 
  https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
   for offer Name=MSExchange.Autodiscover,Duration=28800(secs)
  
  STEP 5: Getting organization relationship setting from remote partner...
  RESULT: Unable to retrieve organization relationships from remote organization.
  RESULT: Error.
  
  LAST STEP: Writing results...
  
  RunspaceId  : zzzz-zzzz-zzzz-zzzz-zzzz
  Identity    :
  Id          : AutodiscoverServiceCallFailed
  Status      : Error
  Description : The Autodiscover call failed.
  IsValid     : True
  ObjectState : New
  
  COMPLETE.

  
  

  В интерфейсе Hybrid Configuration Wizard ошибок нет, но в логах встречаются следующие строки:

  2018.11.14 12:58:04.400         10276 [Client=UX, Session=Tenant, Cmdlet=Set-OrganizationRelationship, Thread=27] START Set-OrganizationRelationship -TargetOwaURL 'https://onprem-exch.onpremdomain.ru/owa' -Identity 'O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx'
  2018.11.14 12:58:04.883 WARNING 10086 [Client=UX, Provider=Tenant, Thread=27] PowerShell Warning Record: The command completed successfully but no settings of 'O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx' have been modified.
  2018.11.14 12:58:04.973         10277 [Client=UX, Session=Tenant, Cmdlet=Set-OrganizationRelationship,Thread=27] FINISH Time=573.4ms Results=0
  2018.11.14 12:58:16.289         10276 [Client=UX, Session=OnPremises, Cmdlet=Set-PartnerApplication, Thread=27] START Set-PartnerApplication -Identity 'Exchange Online' -Enabled: $true
  
  2018.11.14 12:58:16.370 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: The command completed successfully but no settings of 'Exchange Online' have been modified.
  2018.11.14 12:58:16.461         10277 [Client=UX, Session=OnPremises, Cmdlet=Set-PartnerApplication, Thread=27] FINISH Time=172.0ms Results=0

  — это, я так понимаю, нормально, поскольку это не первый запуск и изменений никаких не происходило.

  А вот как расценивать следующее:

  2018.11.14 12:58:12.932         10276 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] START
  2018.11.14 12:58:13.081 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: Please check that the Autodiscover endpoint of "https://onprem-exch.onpremdomain.ru/autodiscover/autodiscover.svc" is correct and can be accessed externally. If it's incorrect or can't be accessed externally, use an existing Autodiscover endpoint that can be accessed externally for the configuration of the intra-organization connector.
  2018.11.14 12:58:13.138         10277 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] FINISH Time=206.0ms Results=1
  
  2018.11.14 12:58:20.837         10276 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] START
  2018.11.14 12:58:20.964 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: Please check that the Autodiscover endpoint of "https://onprem-exch.onpremdomain.ru/autodiscover/autodiscover.svc" is correct and can be accessed externally. If it's incorrect or can't be accessed externally, use an existing Autodiscover endpoint that can be accessed externally for the configuration of the intra-organization connector.
  2018.11.14 12:58:21.021         10277 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] FINISH Time=184.0ms Results=1

  Это значит, что на это нужно просто обратить внимание или что доступ получить не удалось? Доступ снаружи к autodiscover-у есть.
  

  Tuesday, December 18, 2018 8:11 AM