混合环境,404 个带有本地邮箱,200 个用于 Exchange Online [英] Hybrid environments, 404 with on-premise mailboxes, 200 for Exchange online
问题描述
我已经编写了一个能够与 Exchange Online 帐户通信的应用程序,我目前正在尝试测试以了解使其与在 Hybrid 中运行的本地帐户一起工作所需的步骤.
I've written an application which is able to talk to Exchange Online accounts, I'm currently trying to test to see the steps required to get it to work with on-premise accounts running in Hybrid.
我有:
- Windows Server 2012 R2
- Exchange 2016 CU8(使用
/PrepareAD运行) /api/v2.0和/autodiscover/autodiscover.json 的 Internet 可访问路径- 运行 HCW
- AD Connect 正在运行
- Active Directory 已同步到 Azure Active Directory
- 我注册的应用程序的权限看起来不错(读取日历事件/读写日历事件)
不幸的是,我在尝试访问日历事件时收到 404:
Unfortunately, I'm getting a 404 when trying to access calendar events:
<代码>卷曲-v -H '内容 - 类型:应用/JSON' -H授权:承载eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw" https://graph.microsoft.com/v1.0/users/oq@healthcentrified.co.uk/calendar/events"* 尝试 137.116.241.64...* 连接到 graph.microsoft.com (137.116.241.64) 端口 443 (#0)* 在/etc/ssl/certs/ca-certificates.crt 中找到 148 个证书* 在/etc/ssl/certs 中找到 592 个证书* ALPN,提供 http/1.1* 使用 TLS1.2/ECDHE_RSA_AES_256_CBC_SHA384 的 SSL 连接* 服务器证书验证OK* 跳过服务器证书状态验证* 通用名称:graph.microsoft.com(匹配)* 服务器证书有效期OK* 服务器证书激活日期 OK* 证书公钥:RSA* 证书版本:#3* 主题:C=US,ST=WA,L=Redmond,O=Microsoft Corporation,OU=Microsoft Corporation,CN=graph.microsoft.com* 开始日期:2018 年 1 月 3 日星期三 17:32:18 GMT* 到期日期:格林威治标准时间 2020 年 1 月 3 日星期五 17:32:18* 发行人:C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,OU=Microsoft IT,CN=Microsoft IT TLS CA 4* 压缩:NULL* ALPN,服务器不同意协议>获取/v1.0/users/oq@healthcentrified.co.uk/calendar/events HTTP/1.1>主机:graph.microsoft.com>用户代理:curl/7.47.0>接受: */*>内容类型:应用程序/json>授权:承载eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw><HTTP/1.1 404 未找到<缓存控制:私有<传输编码:分块<内容类型:文本/纯文本<请求 ID:f499015e-325b-45e8-9716-0a8a7160b82d<客户端请求 ID:f499015e-325b-45e8-9716-0a8a7160b82d<x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"北欧","Slice":"SliceA","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_0","ADSiteName":"DUB"}}<持续时间:1764.3754<日期:2018 年 2 月 18 日星期日 19:18:28 GMT<* 与主机 graph.microsoft.com 的连接 #0 保持不变
如果我在已迁移到 Exchange Online 的邮箱上执行类似请求,这将有效(我得到 HTTP 200 和 JSON 中的事件列表)
If I do a similar request on a mailbox that has been migrated to Exchange Online, this works (I get an HTTP 200 and a list of events back in JSON)
Office 365 支持不确定在这里做什么(这可能超出了他们的范围).
Office 365 support is unsure of what to do here (it is probably beyond their scope).
文档说它处于预览阶段,但是,应该仍然可以工作
The documentation says that it is in preview, but, should still work
Microsoft Graph 始终作为 Office 365 的一部分提供对 Exchange Online 上云中客户邮箱的访问.Exchange 2016 累积更新 3 (CU3) 于 2016 年 9 月发布,用于 Exchange 本地服务器,增加了对 REST API 集成的支持使用 Office 365.如果您的应用程序使用 v1.0 的邮件、日历或联系人 API,您现在还将在混合部署中找到无缝的身份验证和应用程序体验,无论邮箱是在本地还是在云中,前提是部署满足特定要求.
Microsoft Graph has always provided access to customer mailboxes in the cloud on Exchange Online as part of Office 365. Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Office 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
在幕后,当 Microsoft Graph 识别出 REST API呼叫正在尝试访问混合中的本地邮箱部署,它将 REST 请求代理到本地 REST然后处理请求的端点.这一发现使可以访问 REST API.
Behind the scenes, when Microsoft Graph identifies that a REST API call is attempting to access an on-premises mailbox in a hybrid deployment, it proxies the REST request to an on-premises REST endpoint which then processes the request. This discovery makes accessing the REST API possible.
我会声明,我的 Windows 经验非常有限,这是我第一次尝试使用 Windows 服务器做任何事情,但是,缺乏关于这种情况的文档,因为这可能是许多大型企业组织想要的东西去做.
I will state that I have very limited Windows experience and this is my first foray into using Windows servers for anything, however, the lack of documentation on this scenario, since this is probably something that a lot of large corporate organizations would want to do.
有什么明显的错误吗?
更新
Rasmus 询问我是否有任何请求发送到我的 Web 服务器,虽然我可以在 /rpc 上看到大量流量,但我在 autodiscover.json 和只有对 /API 的请求是
Rasmus asked if I had any requests going to my web server and whilst I can see a lot of traffic on /rpc I get nothing hitting autodiscover.json and the only requests to /API are
2018-02-25 18:58:24 ::1
GET /api/v1.0/users/HealthMailboxda9cb9ff7af047cf9878a9b7be391e14@healthcentrified.co.uk/Messages
$top=1
&request_id=4f17c7a2-f753-46f7-853d-36f7a5281932 444
- ::1 Odata_AM_Probe/Local - 401 0 0 0
和其他人从这个用户代理到这个邮箱
And others to this mailbox from this user-agent
推荐答案
我已经在 https://jwt.ms 并发现它是来自客户端凭据流的应用程序令牌.开箱即用不支持此功能,但今天我发现您可以在本地交换环境中启用这些令牌.
I've checked your token on https://jwt.ms and found out it's an Application token from the Client Credentials Flow. This isn't supported out of the box but today I've found out that you can enable these tokens on your on-premise exchange environment.
在这篇文章中查看我的答案:https://stackoverflow.com/a/56131954/639153
See my answer in this post: https://stackoverflow.com/a/56131954/639153
原始答案这里
这篇关于混合环境,404 个带有本地邮箱,200 个用于 Exchange Online的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
