페더레이션을 통해 일정 약속 있음 / 없음 정보를 공유하려는 두 개의 도메인이 있습니다. SiteA는 Exchange 2010 SP2의 온-프레미스 배포입니다. SiteB는 Office 365 Enterprise 배포입니다.
두 조직 모두 MSFT 게이트웨이를 통해 페더레이션됩니다.
SiteA에서 SiteB로 작업을 공유하면 SiteB의 사용자가 SiteA의 사용자에게 액세스 권한을 요청하고 일정을 볼 수 있습니다.
SiteB에서 SiteA로 공유가 작동하지 않습니다.
Test-OrganizationRelationship을 실행하면 다음이 표시됩니다.
[PS] C:\Windows\system32>Test-OrganizationRelationship -UserIdentity me@site.a -Identity siteB -verbose
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Active Directory session settings for
'Test-OrganizationRelationship' are: View Entire Forest: 'False', Default Scope: 'mydomain', Configuration
Domain Controller: 'mydc', Preferred Global Catalog: 'mygc', Preferred
Domain Controllers: '{ mydc1, mydc2 }'
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Runspace context: Executing user:
me@site.a, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Beginning processing &
VERBOSE: [20:24:06.006 GMT] Test-OrganizationRelationship : Instantiating handler with index 0 for cmdlet extension
agent "Admin Audit Log Agent".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Current ScopeSet is: { Recipient Read Scope: {{, }},
Recipient Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive
Recipient Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "me" of type "ADUser" under the root
"$null".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Previous operation run on global catalog server
'mygc'.
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Searching objects "siteB" of type "OrganizationRelationship"
under the root "$null".
VERBOSE: [20:24:06.037 GMT] Test-OrganizationRelationship : Previous operation run on domain controller
'mydc'.
VERBOSE: Test that organization relationships are properly configured.
VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Resolved current organization: .
VERBOSE: [20:24:06.053 GMT] Test-OrganizationRelationship : Calling the Microsoft Exchange Autodiscover service for the
remote federation information.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : The Autodiscover call succeeded for the following URL:
https://pod51041.outlook.com/autodiscover/autodiscover.svc.
VERBOSE: [20:24:09.084 GMT] Test-OrganizationRelationship : Generating delegation token for user me@siteA for
application http://outlook.com/.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The delegation token was successfully generated.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service is being called
to determine the remote organization relationship settings.
VERBOSE: [20:24:09.366 GMT] Test-OrganizationRelationship : The Client will call the Microsoft Exchange Autodiscover
service using the following URL: https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity.
VERBOSE: [20:24:10.553 GMT] Test-OrganizationRelationship : The Microsoft Exchange Autodiscover service failed to be
called at 'https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity' because the following error occurred:
WebException.Response = <cannot read response stream>
Exception:
System.Net.WebException: The request failed with HTTP status 404: Not Found.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse
실패한 이유를 찾을 수 없습니다. wssecurity에 대한 자동 검색 호출에서 실패했습니다. 모든 온라인 게시물은 가상 디렉터리에 wssecurity를 활성화한다고 말하지만 Office 365의 전체 온라인 배포에는 옵션이 아닙니다. 솔직히 O365의 페더레이션 공유는 "정상 작동"해야합니다.
다음은 SiteB (O365)에서 SiteA (EX 2010)로 이동하는 조직 관계 데이터입니다.
PS C:\Users\me> Get-OrganizationRelationship | fl
Creating a new session for implicit remoting of "Get-OrganizationRelationship" command...
RunspaceId : b56a8f0b-7e7e-4e8c-bf5c-c33209e59b13
DomainNames : {SiteA}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel : LimitedDetails
FreeBusyAccessScope :
MailboxMoveEnabled : False
DeliveryReportEnabled : False
MailTipsAccessEnabled : False
MailTipsAccessLevel : None
MailTipsAccessScope :
PhotosEnabled : False
TargetApplicationUri : FYDIBOHF25SPDLT.SiteA.us
TargetSharingEpr :
TargetOwaURL :
TargetAutodiscoverEpr : https://autodiscover.SiteA.us/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact :
Enabled : True
ArchiveAccessEnabled : False
UseOAuth : False
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : SiteA
DistinguishedName : CN=SiteA,CN=Federation,CN=Configuration,CN=appriver3651001356.onmicrosoft.com,CN=ConfigurationUni
ts,DC=NAMPR04A001,DC=prod,DC=outlook,DC=com
Identity : SiteA
Guid : d01ce3d5-6b47-41c6-b597-9f5ed5aca4a8
ObjectCategory : NAMPR04A001.prod.outlook.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass : {top, msExchFedSharingRelationship}
WhenChanged : 7/19/2013 3:36:22 AM
WhenCreated : 7/19/2013 3:36:13 AM
WhenChangedUTC : 7/19/2013 10:36:22 AM
WhenCreatedUTC : 7/19/2013 10:36:13 AM
OrganizationId : NAMPR04A001.prod.outlook.com/Microsoft Exchange Hosted
Organizations/appriver3651001356.onmicrosoft.com - NAMPR04A001.prod.outlook.com/ConfigurationUn
its/appriver3651001356.onmicrosoft.com/Configuration
OriginatingServer : BL2PR04A001DC06.NAMPR04A001.prod.outlook.com
IsValid : True
ObjectState : Unchanged
그리고 이것은 SiteA (EX 2010)에서 SiteB (O365)까지입니다.
[PS] C:\Windows\system32>Get-OrganizationRelationship | fl
RunspaceId : a9029d90-cdf0-494a-85ea-a960bc04f023
DomainNames : {SiteB domains, 4 total}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel : LimitedDetails
FreeBusyAccessScope :
MailboxMoveEnabled : False
DeliveryReportEnabled : False
MailTipsAccessEnabled : False
MailTipsAccessLevel : None
MailTipsAccessScope :
TargetApplicationUri : http://outlook.com/
TargetSharingEpr :
TargetOwaURL :
TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact :
Enabled : True
ArchiveAccessEnabled : False
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : SiteB
DistinguishedName : CN=SiteB,CN=Federation,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=my,DC=site
Identity : SiteB
Guid : 458f9921-f2f8-4286-92e2-a3f0b8c444f1
ObjectCategory : Mysite/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass : {top, msExchFedSharingRelationship}
WhenChanged : 7/19/2013 10:37:58 PM
WhenCreated : 7/19/2013 3:16:18 PM
WhenChangedUTC : 7/20/2013 5:37:58 AM
WhenCreatedUTC : 7/19/2013 10:16:18 PM
OrganizationId :
OriginatingServer : MyDC
IsValid : True
TargetAutodiscoverEPR ( https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity )에 들어가면 자격 증명을 입력하라는 메시지가 표시됩니다. 이는 404 오류가 이단임을 의미합니다.
내가 알았던 또 다른 이상한 점은 SiteA에서 SiteB로 조직 관계를 설정할 때입니다. Get-FederationInformation을 실행하면 SiteB에 대해 다음이 생성됩니다.
PS C:\Users\me> Get-FederationInformation -DomainName SiteB
Creating a new session for implicit remoting of "Get-FederationInformation" command...
RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20
TargetApplicationUri : outlook.com
DomainNames : {SiteB domains, 4 total}
TargetAutodiscoverEpr : https://pod51041.outlook.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris : {urn:federation:MicrosoftOnline}
IsValid : True
ObjectState : Unchanged
TargetApplicationUri는 "outlook.com"이라고 표시하며, 사이트 A EMC에서 조직 관계를 설정할 때 입력 한 방식입니다. 그러나 공유가 작동하지 않아 테스트를 통해 다음과 같은 결과를 얻었습니다.
PS C:\Users\me> Test-OrganizationRelationship -UserIdentity me@SiteB -Identity SiteA
RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20
Identity :
Id : ApplicationUrisDiffer
Status : Error
Description : The TargetApplicationUri of the remote organization doesn't match the local ApplicationUri of the
Federation Trust object. The remote URI value is http://outlook.com/. The local URI value is
outlook.com/.
IsValid : True
ObjectState : New
RunspaceId : d6086380-948f-43db-9d0c-4ba7325b5a20
Identity :
Id : VerificationOfRemoteOrganizationRelationshipFailed
Status : Error
Description : There were errors while verifying the remote organization relationship SiteB.
IsValid : True
ObjectState : New
조직 관계 개체 (SiteA의 SiteB 트러스트)로 수동으로 이동하여 공유를 위해 URI를 "outlook.com"에서 " http://outlook.com "으로 변경해야했습니다. 이것은 이것이 O365 측의 MSFT 문제라는 것을 만드는 모든 것을 설정하는 또 다른 단점입니다 ...