对 OnPremise Exchange 的图形 API 调用仅适用于 Playground [英] Graph API calls to OnPremise Exchange only works in Playground
问题描述
我们的设置是内部部署的 Exchange Server,可通过图形 API 访问.
我们遇到了这个问题,即我们的令牌只是部分"在职的.以及由Graph-Playground"创建的令牌正在全力工作.但我们找不到任何区别.
- 当我使用 Graph-Playground 或使用 Graph-Playground 生成的令牌时 =>所有请求都有效
- 当我创建令牌时(通过我的应用程序注册)=>只有一些请求有效
令牌似乎有效,一些诸如 /me 之类的调用正在运行,但所有与交换相关的调用,例如 /me/contacts 都因此错误而失败
<块引用>请求,它们使用 Postman 生成的令牌:**
错误:
{ "error": { "code": "MailboxNotEnabledForRESTAPI", "message": "REST API 尚不支持此邮箱.";} }
(这是一个非常普遍的错误,大多数情况下没有说明真正的问题)
代币生成:
我创建令牌的方式与 Graph-Playground 创建令牌的方式相同(OAuth - 隐式流程):
顺便说一句,它工作了几天,没有人改变任何东西:)
所以我不知道为什么Graph Playground"可以创建一个工作令牌,而我的令牌只能部分"创建.作品.你能帮我吗?
已经有一个线程,但我不是它的所有者.也没有更多的回应......我无法为外国线程提供赏金,这就是我创建一个新线程的原因.你可以在这里找到它:
MailboxNotEnabledForRESTAPI - Microsoft Graph API 与启用 HMA 的本地服务器
我认识到你的错误,我们在几种情况下看到它(对于 Office 365):
- 用户没有 Exchange 许可证(可能不是这种情况,因为它可以在资源管理器中使用).
- 客户租户设置了额外的安全性.
您可以将应用程序限制到某些邮箱.也许您的本地 Exchange 上也有类似这样的设置或策略,您必须连接到 Exchange Online Powershell 来设置它,所以也许您可以在那里找到一些东西.这只是一个疯狂的猜测.
为了追踪这个问题,我会开始检查本地 Exchange 日志.
您是否尝试过使用 /users/{upn}/calendar 端点?也许只是 /me/ 部分不起作用.
Our setup is an on-premise Exchange Server which is accessible over the graph api. https://docs.microsoft.com/en-us/graph/hybrid-rest-support
We run in the issue, that our token is only "partial" working. And a token created by "Graph-Playground" is fully working. But we can't find any difference.
- When I use Graph-Playground or use the token generated by Graph-Playground => all requests are working
- When I create a token (over my app registration) => only some requests are working
The token seems to be valid some calls like /me are working, but all calls related to exchange like /me/contacts are failing with this error
Request, they work with token generated by Postman:**
Error:
{ "error": { "code": "MailboxNotEnabledForRESTAPI", "message": "REST API is not yet supported for this mailbox." } }
(that's a very generic error, and mostly don't say anything about the real issue)
Token Generation:
I create my token on the same way as Graph-Playground create the token (OAuth - Implicit flow):
Token - Analysis:
As a side note, it was working for a few days, nobody changed anything :)
So I have no idea, why the "Graph Playground" can create a working token, and my token only "partially" works. Can you help me?
There is already a thread, but I'm not the owner of it. Also there are no more responses... I can't provide a bounty for a foreign thread, that's why I create a new thread. You can find it here:
MailboxNotEnabledForRESTAPI - Microsoft Graph API integration with HMA Enabled on-premise server
I recognize your error, we see it in several cases (for Office 365):
- User has no Exchange license (probably not the case, since it works in the explorer).
- Customer tenant has setup additional security.
You can limit applications to certain mailboxes. Maybe there is some kind of setting or policy like this on your local Exchange as well, you have to connect to Exchange Online Powershell to set it, so maybe you can find something there. This is just a wild guess.
To track down this issue I would start checking the local Exchange logs.
Have you tried using the /users/{upn}/calendar endpoint? Maybe it's just that the /me/ part doesn't work.
这篇关于对 OnPremise Exchange 的图形 API 调用仅适用于 Playground的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
