Office365 Exchange Hybrid No.18 混合部署后无法查看日历状态排错

奇葩问题一个接着一个，国内版Exchange做完混合部署后使用高级功能总会给你一些高级报错！

先看症状：

本地看云端的EWS状态失败（本地用户看不到云端用户的日历忙闲信息）

Test-OAuthConnectivity -Service EWS -TargetUri https://partner.outlook.cn/ews/exchange.asmx -Mailbox [email protected]（本地账号） -Verbose | fl

云端看本地EWS状态成功（云端用户能看到本地用户日历忙闲信息）

Test-OAuthConnectivity -Service EWS -TargetUri https://mail.ucssi.cn/ews/metadata/json/1 -Mailbox [email protected](云端账号)  -Verbose | fl

好了这么奇葩的问题，只有跟21V开工单了，开完工单21V也是束手无策~~~~最后还是要去国外论坛上搜这个报错。

从国外的论坛上找了很多资料，大概问题是：通过HCW向导做完混合部署后本地生成的授权证书文件没有回传到Microsoft Azure Active Directory ACS中去。那所以现在要做的就是：搞到这个证书，回传到ACS上去，重新注册Exchange HTTP终结点服务。

将以下语句另存为powershell执行文件。命名为：exportcer.ps1

$thumbprint = (Get-AuthConfig).CurrentCertificateThumbprint

 

if((test-path $env:SYSTEMDRIVE\OAuthConfig) -eq $false)

{

    md $env:SYSTEMDRIVE\OAuthConfig

}

cd $env:SYSTEMDRIVE\OAuthConfig

 

$oAuthCert = (dir Cert:\LocalMachine\My) | where {$_.Thumbprint -match $thumbprint}

$certType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert

$certBytes = $oAuthCert.Export($certType)

$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"

[System.IO.File]::WriteAllBytes($CertFile, $certBytes)

然后再本地Exchange Server执行

最终这个证书被搞出来了

然后在powershell中执行以下语句

Connect-MsolService;

Import-Module msonlineextended;

 

$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"

 

$objFSO = New-Object -ComObject Scripting.FileSystemObject;

$CertFile = $objFSO.GetAbsolutePathName($CertFile);

 

$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate

$cer.Import($CertFile);

$binCert = $cer.GetRawCertData();

$credValue = [System.Convert]::ToBase64String($binCert);

 

$ServiceName = "00000002-0000-0ff1-ce00-000000000000";

 

$p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName

New-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -Type asymmetric -Usage Verify -Value $credValue

接下来将以下语句另存为可执行的powershell文件。命名为：import.ps1

Connect-MsolService;

Import-Module msonlineextended;

$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"

$objFSO = New-Object -ComObject Scripting.FileSystemObject;

$CertFile = $objFSO.GetAbsolutePathName($CertFile);

$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate

$cer.Import($CertFile);

$binCert = $cer.GetRawCertData();

$credValue = [System.Convert]::ToBase64String($binCert);

$ServiceName = "00000002-0000-0ff1-ce00-000000000000";

$p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName

New-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -Type asymmetric -Usage Verify -Value $credValue

将以下语句另存为可执行powershell文件。命名为：RegisterEndpoints.ps1

$externalAuthority="*.ucssi.cn"

 

$ServiceName = "00000002-0000-0ff1-ce00-000000000000";

 

$p = Get-MsolServicePrincipal -ServicePrincipalName $ServiceName;

 

$spn = [string]::Format("{0}/{1}", $ServiceName, $externalAuthority);

$p.ServicePrincipalNames.Add($spn);

 

Set-MsolServicePrincipal -ObjectID $p.ObjectId -ServicePrincipalNames $p.ServicePrincipalNames;

最终在Powershell中执行import.ps1和RegisterEndpoints.ps1文件来实现证书回传

完成以上步骤后即可解决日历状态的问题~后续再继续分享实战中的各种奇奇怪怪的报错和各种需求吧。今日认真写完18篇高水准（自认为）博文，真的脖子酸且肩疼~~~哈哈哈哈