locked
Проблема с Autodiscover в Exchange Hybrid RRS feed

  • Question

  • После настройки гибрида Exchange on-prem и Exchange Online вроде бы всё работает как надо, но есть одно но:

    1. Не работает Autodiscover для Exchange on-prem

    2. При выполнении командлета Test-OrganizationRelationship есть ошибки:

    On-premise:

    Test-OrganizationRelationship -UserIdentity user@commondomain.ru -Identity "On-premises to O365 - xxxx-xxxx-xxxx-xxxx-xxxx"

    Begin testing for organization relationship CN=On-premises to O365 - 
    xxxx-xxxx-xxxx-xxxx-xxxx,CN=Federation,CN=ITC,CN=Microsoft 
    Exchange,CN=Services,CN=Configuration,DC=it-courses,DC=ru, enabled state
     True.
    
    Exchange D-Auth Federation Authentication STS Client Identities are 
    urn:federation:MicrosoftOnline/FYDIBOHF25SPDLT.commondomain.ru;
    
    STEP 1: Validating user configuration
    RESULT: Success.
    
    STEP 2: Getting federation information from remote organization...
    RESULT: Success.
    
    STEP 3: Validating consistency in returned federation information
    RESULT: Success.
    
    STEP 4: Requesting delegation token from the STS...
    RESULT: Success.
    Retrieved token for target 
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
     for offer Name=MSExchange.Autodiscover,Duration=28800(secs)
    
    STEP 5: Getting organization relationship setting from remote partner...
    RESULT: Success.
    
    STEP 6: Validating organization relationships returned from remote partner
    RESULT: Error.
    
    LAST STEP: Writing results...
    
    RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
    Identity    :
    Id          : ApplicationUrisDiffer
    Status      : Warning
    Description : The TargetApplicationUri of the remote organization 
    doesn't match the local ApplicationUri of the Federation Trust object. 
    The remote URI value is http://fydibohf25spdlt.meranetworks.ru/. The 
    local URI value is outlook.com.
    IsValid     : True
    ObjectState : New
    
    RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
    Identity    :
    Id          : PropertiesDiffer
    Status      : Warning
    Description : The values of property MailboxMoveEnabled are different 
    and should match. The local organization relationship On-premises to 
    O365 - xxxx-xxxx-xxxx-xxxx-xxxx has value True, and the remote 
    organization relationship O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx
     has value False.
    IsValid     : True
    ObjectState : New
    
    RunspaceId  : yyyy-yyyy-yyyy-yyyy-yyyy
    Identity    :
    Id          : VerificationOfRemoteOrganizationRelationshipFailed
    Status      : Error
    Description : There were errors while verifying the remote organization 
    relationship O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx.
    IsValid     : True
    ObjectState : New
    COMPLETE.
    



    Cloud:

    Test-OrganizationRelationship -UserIdentity user@commondomain.ru -Identity "O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx"

    Begin testing for organization relationship CN=O365 to On-premises - 
    xxxx-xxxx-xxxx-xxxx-xxxx,CN=Federation,CN=Configuration,CN=clouddomain.onmicrosoft.com,CN=ConfigurationUnits,DC=EURP190A001,DC=PROD,DC=OUTLOOK,DC=COM,
     enabled state True.
    
    Exchange D-Auth Federation Authentication STS Client Identities are 
    uri:WindowsLiveID/outlook.com;urn:federation:MicrosoftOnline/outlook.com;
    
    STEP 1: Validating user configuration
    WARNING: The federated domain 'commondomain.ru' of the user is in the 
    local organizational relationship which normally only contains the 
    domains of external organizations.
    RESULT: Success.
    
    STEP 2: Getting federation information from remote organization...
    RESULT: Success.
    
    STEP 3: Validating consistency in returned federation information
    RESULT: Success.
    
    STEP 4: Requesting delegation token from the STS...
    RESULT: Success.
    Retrieved token for target 
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
     for offer Name=MSExchange.Autodiscover,Duration=28800(secs)
    
    STEP 5: Getting organization relationship setting from remote partner...
    RESULT: Unable to retrieve organization relationships from remote organization.
    RESULT: Error.
    
    LAST STEP: Writing results...
    
    RunspaceId  : zzzz-zzzz-zzzz-zzzz-zzzz
    Identity    :
    Id          : AutodiscoverServiceCallFailed
    Status      : Error
    Description : The Autodiscover call failed.
    IsValid     : True
    ObjectState : New
    
    COMPLETE.


    В интерфейсе Hybrid Configuration Wizard ошибок нет, но в логах встречаются следующие строки:

    2018.11.14 12:58:04.400         10276 [Client=UX, Session=Tenant, Cmdlet=Set-OrganizationRelationship, Thread=27] START Set-OrganizationRelationship -TargetOwaURL 'https://onprem-exch.onpremdomain.ru/owa' -Identity 'O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx'
    2018.11.14 12:58:04.883 WARNING 10086 [Client=UX, Provider=Tenant, Thread=27] PowerShell Warning Record: The command completed successfully but no settings of 'O365 to On-premises - xxxx-xxxx-xxxx-xxxx-xxxx' have been modified.
    2018.11.14 12:58:04.973         10277 [Client=UX, Session=Tenant, Cmdlet=Set-OrganizationRelationship,Thread=27] FINISH Time=573.4ms Results=0
    2018.11.14 12:58:16.289         10276 [Client=UX, Session=OnPremises, Cmdlet=Set-PartnerApplication, Thread=27] START Set-PartnerApplication -Identity 'Exchange Online' -Enabled: $true
    
    2018.11.14 12:58:16.370 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: The command completed successfully but no settings of 'Exchange Online' have been modified.
    2018.11.14 12:58:16.461         10277 [Client=UX, Session=OnPremises, Cmdlet=Set-PartnerApplication, Thread=27] FINISH Time=172.0ms Results=0

    — это, я так понимаю, нормально, поскольку это не первый запуск и изменений никаких не происходило.

    А вот как расценивать следующее:

    2018.11.14 12:58:12.932         10276 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] START
    2018.11.14 12:58:13.081 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: Please check that the Autodiscover endpoint of "https://onprem-exch.onpremdomain.ru/autodiscover/autodiscover.svc" is correct and can be accessed externally. If it's incorrect or can't be accessed externally, use an existing Autodiscover endpoint that can be accessed externally for the configuration of the intra-organization connector.
    2018.11.14 12:58:13.138         10277 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] FINISH Time=206.0ms Results=1
    
    2018.11.14 12:58:20.837         10276 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] START
    2018.11.14 12:58:20.964 WARNING 10086 [Client=UX, Provider=OnPremises, Thread=27] PowerShell Warning Record: Please check that the Autodiscover endpoint of "https://onprem-exch.onpremdomain.ru/autodiscover/autodiscover.svc" is correct and can be accessed externally. If it's incorrect or can't be accessed externally, use an existing Autodiscover endpoint that can be accessed externally for the configuration of the intra-organization connector.
    2018.11.14 12:58:21.021         10277 [Client=UX, Session=OnPremises, Cmdlet=Get-IntraOrganizationConfiguration, Thread=27] FINISH Time=184.0ms Results=1
    Это значит, что на это нужно просто обратить внимание или что доступ получить не удалось? Доступ снаружи к autodiscover-у есть.
    Tuesday, December 18, 2018 8:11 AM

All replies

  • I translated your initial post into English, if I misunderstand what you said, please feel free to let me know.

    According to the error message you provided, it indicates that your on-premises Autodiscover endpoint cannot be accessed externally. So if issue only occurs for on-premises mailbox, we suggest you test Outlook Autodiscover in ExRCA and post the result here.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, December 19, 2018 6:40 AM
  • Unfortunately Remote connectivity analyzer doesn't work now (but I used it before) with the error: "Verifying the challenge failed. Please refresh the page and try again."

    Wednesday, December 19, 2018 1:16 PM
  • Unfortunately Remote connectivity analyzer doesn't work now (but I used it before) with the error: "Verifying the challenge failed. Please refresh the page and try again."

    RCA Captcha is working now! 

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, December 24, 2018 7:14 AM