混合环境,本地邮箱 404,在线 Exchange 200
Hybrid environments, 404 with on-premise mailboxes, 200 for Exchange online
我已经编写了一个能够与 Exchange Online 帐户通信的应用程序,我目前正在尝试测试以了解让它与本地帐户一起工作所需的步骤 运行ning混合体。
我有:
- Windows 服务器 2012 R2
- Exchange 2016 CU8(
/PrepareAD 运行)
/api/v2.0 和 /autodiscover/autodiscover.json- 运行居家护理工作者
- AD 连接 运行宁
- Active Directory 同步到 Azure Active Directory
- 我注册的应用程序的权限看起来不错(读取日历事件/读写日历事件)
不幸的是,我在尝试访问日历活动时收到 404:
curl -v -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw" "https://graph.microsoft.com/v1.0/users/oq@healthcentrified.co.uk/calendar/events"
* Trying 137.116.241.64...
* Connected to graph.microsoft.com (137.116.241.64) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: graph.microsoft.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=WA,L=Redmond,O=Microsoft Corporation,OU=Microsoft Corporation,CN=graph.microsoft.com
* start date: Wed, 03 Jan 2018 17:32:18 GMT
* expire date: Fri, 03 Jan 2020 17:32:18 GMT
* issuer: C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,OU=Microsoft IT,CN=Microsoft IT TLS CA 4
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /v1.0/users/oq@healthcentrified.co.uk/calendar/events HTTP/1.1
> Host: graph.microsoft.com
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw
>
< HTTP/1.1 404 Not Found
< Cache-Control: private
< Transfer-Encoding: chunked
< Content-Type: text/plain
< request-id: f499015e-325b-45e8-9716-0a8a7160b82d
< client-request-id: f499015e-325b-45e8-9716-0a8a7160b82d
< x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceA","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_0","ADSiteName":"DUB"}}
< Duration: 1764.3754
< Date: Sun, 18 Feb 2018 19:18:28 GMT
<
* Connection #0 to host graph.microsoft.com left intact
如果我对已迁移到 Exchange Online 的邮箱执行类似请求,这会起作用(我在 JSON 中得到 HTTP 200 和事件列表)
Office 365 支持人员不确定在这里做什么(这可能超出了他们的范围)。
documentation says that it is in preview,但是,应该仍然有效
Microsoft Graph has always provided access to customer mailboxes in the cloud on Exchange Online as part of Office 365. Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Office 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
Behind the scenes, when Microsoft Graph identifies that a REST API
call is attempting to access an on-premises mailbox in a hybrid
deployment, it proxies the REST request to an on-premises REST
endpoint which then processes the request. This discovery makes
accessing the REST API possible.
我会声明我的 Windows 经验非常有限,这是我第一次尝试使用 Windows 服务器来做任何事情,但是,缺乏关于这种情况的文档,因为这可能是许多大型企业组织都想做的事情。
有什么明显的错误吗?
更新
Rasmus 问我是否有任何请求到我的网络服务器,虽然我可以看到 /rpc 上有很多流量,但我没有收到 autodiscover.json 和唯一的请求 /API是
2018-02-25 18:58:24 ::1
GET /api/v1.0/users/HealthMailboxda9cb9ff7af047cf9878a9b7be391e14@healthcentrified.co.uk/Messages
$top=1
&request_id=4f17c7a2-f753-46f7-853d-36f7a5281932 444
- ::1 Odata_AM_Probe/Local - 401 0 0 0
和其他人从这个用户代理到这个邮箱
我已经在 https://jwt.ms 上检查了您的令牌,发现它是来自客户端凭证流的应用程序令牌。这不受开箱即用的支持,但今天我发现您可以在 on-premise 交换环境中启用这些令牌。
查看我的回答post:
原回答here
我已经编写了一个能够与 Exchange Online 帐户通信的应用程序,我目前正在尝试测试以了解让它与本地帐户一起工作所需的步骤 运行ning混合体。
我有:
- Windows 服务器 2012 R2
- Exchange 2016 CU8(
/PrepareAD运行) /api/v2.0和/autodiscover/autodiscover.json 的 Internet 可访问路径
- 运行居家护理工作者
- AD 连接 运行宁
- Active Directory 同步到 Azure Active Directory
- 我注册的应用程序的权限看起来不错(读取日历事件/读写日历事件)
不幸的是,我在尝试访问日历活动时收到 404:
curl -v -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw" "https://graph.microsoft.com/v1.0/users/oq@healthcentrified.co.uk/calendar/events"
* Trying 137.116.241.64...
* Connected to graph.microsoft.com (137.116.241.64) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: graph.microsoft.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=WA,L=Redmond,O=Microsoft Corporation,OU=Microsoft Corporation,CN=graph.microsoft.com
* start date: Wed, 03 Jan 2018 17:32:18 GMT
* expire date: Fri, 03 Jan 2020 17:32:18 GMT
* issuer: C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,OU=Microsoft IT,CN=Microsoft IT TLS CA 4
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /v1.0/users/oq@healthcentrified.co.uk/calendar/events HTTP/1.1
> Host: graph.microsoft.com
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFCSGg0a21TX2FLVDVYcmp6eFJBdEh6RE1mbEZNYTYwaktGRHRhUXp0ZGVkM2V6Z0ZfUzlLMjdDRmQxSHlfZGdRcnR6WlJBczRDV095R3E1Vl9OZW9MSFNKTGpzblNCSDNCQU9oQnBzU18wVmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIiwia2lkIjoiU1NRZGhJMWNLdmhRRURTSnhFMmdHWXM0MFEwIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wODY1YjBhYi02ZjYwLTQzNjMtYTEwZi05NWU5ZTc5ZjlmODEvIiwiaWF0IjoxNTE4OTc5NzQ0LCJuYmYiOjE1MTg5Nzk3NDQsImV4cCI6MTUxODk4MzY0NCwiYWlvIjoiWTJOZ1lKRE0reDVXbGhWNUlrajUwbDB4THNacEFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJIQy1XZWIiLCJhcHBpZCI6ImVkZjlkY2M0LThjNjAtNDg3ZS1hYmUyLTI4MjcyYTRlZGJlMCIsImFwcGlkYWNyIjoiMiIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzA4NjViMGFiLTZmNjAtNDM2My1hMTBmLTk1ZTllNzlmOWY4MS8iLCJvaWQiOiJkNTUzMTE2My01MTcxLTRmZjctYTNjMS04NWFlNzUzMjkzNTIiLCJyb2xlcyI6WyJNYWlsLlJlYWRXcml0ZSIsIkNvbnRhY3RzLlJlYWRXcml0ZSIsIkRpcmVjdG9yeS5SZWFkLkFsbCIsIk1haWwuUmVhZCIsIkNhbGVuZGFycy5SZWFkV3JpdGUiXSwic3ViIjoiZDU1MzExNjMtNTE3MS00ZmY3LWEzYzEtODVhZTc1MzI5MzUyIiwidGlkIjoiMDg2NWIwYWItNmY2MC00MzYzLWExMGYtOTVlOWU3OWY5ZjgxIiwidXRpIjoiNkxJT3g1bWQ4ay05ajhBUUtiY2hBQSIsInZlciI6IjEuMCJ9.AWt_ANsH8sk15WeH1AgD6SD0Ki8VILMvzkbSMju_YFGKc5cVkrGp7Skzt64uDM8rI6Py5Y-1c3srXwON2oSihkRskfz5vG4nIlbFnuYd3Ij2Vz1ktpNnCeMAnAK2T8ifk2visRSvchRbuBNZZyamwRjActdDF9BS8NygUgmmygK4mPjOIab17PJPz5PisvRbCA2jBLWLvbu9RYrLH-xGuoLd2PLTbsn2WSVi3er4XztZCcK7XfVWe-0wjrV6qBufd5z0hH_KpQLdzPtLOzSUGUAcXGa0mBPceTWULQvQ-LPcAJO57F0ir5k22fWzlkOfUxQb9eGWREUm1cAPWk3CPw
>
< HTTP/1.1 404 Not Found
< Cache-Control: private
< Transfer-Encoding: chunked
< Content-Type: text/plain
< request-id: f499015e-325b-45e8-9716-0a8a7160b82d
< client-request-id: f499015e-325b-45e8-9716-0a8a7160b82d
< x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceA","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_0","ADSiteName":"DUB"}}
< Duration: 1764.3754
< Date: Sun, 18 Feb 2018 19:18:28 GMT
<
* Connection #0 to host graph.microsoft.com left intact
如果我对已迁移到 Exchange Online 的邮箱执行类似请求,这会起作用(我在 JSON 中得到 HTTP 200 和事件列表)
Office 365 支持人员不确定在这里做什么(这可能超出了他们的范围)。
documentation says that it is in preview,但是,应该仍然有效
Microsoft Graph has always provided access to customer mailboxes in the cloud on Exchange Online as part of Office 365. Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Office 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
Behind the scenes, when Microsoft Graph identifies that a REST API call is attempting to access an on-premises mailbox in a hybrid deployment, it proxies the REST request to an on-premises REST endpoint which then processes the request. This discovery makes accessing the REST API possible.
我会声明我的 Windows 经验非常有限,这是我第一次尝试使用 Windows 服务器来做任何事情,但是,缺乏关于这种情况的文档,因为这可能是许多大型企业组织都想做的事情。
有什么明显的错误吗?
更新
Rasmus 问我是否有任何请求到我的网络服务器,虽然我可以看到 /rpc 上有很多流量,但我没有收到 autodiscover.json 和唯一的请求 /API是
2018-02-25 18:58:24 ::1
GET /api/v1.0/users/HealthMailboxda9cb9ff7af047cf9878a9b7be391e14@healthcentrified.co.uk/Messages
$top=1
&request_id=4f17c7a2-f753-46f7-853d-36f7a5281932 444
- ::1 Odata_AM_Probe/Local - 401 0 0 0
和其他人从这个用户代理到这个邮箱
我已经在 https://jwt.ms 上检查了您的令牌,发现它是来自客户端凭证流的应用程序令牌。这不受开箱即用的支持,但今天我发现您可以在 on-premise 交换环境中启用这些令牌。
查看我的回答post:
原回答here