Проблема возникла в лесу с 2 Exchange: 2010 и 2013. Опубликовано через TMG. При локальной настройке Outlook постоянно запрашивал пароль. При настройке вне интрасети - не подключался. Autodiscover исправно давал настройки с внутренними именами rpc proxy. При настройке вручную все работало, но постоянно запрашивал пароль. С сертификатами все хорошо. Опытным путем было установлено, что проблема с тем, что Exchange 2010 не работает с Negotiate авторизацией. А в 2013 настройки внешнего подключения к Anywhere использовали именно Negotiate. Если стоит Negotiate, то это приводит к тому, что при настройке Autodiscover в outlook тип входа в сеть устанавливается на Anonymous. Ниже статья, в которой описано, как переделать. Вкратце: на 2013 Чанге изменили тип внешней авторизации с Negotiate на Basic: Get-OutlookAnywhere -Server exch2013 | Set-OutlookAnywhere -ExternalClientAuthenticationMethod Basic, внутреннюю на NTLM.
Consider the following scenarios:
Consider the following scenarios:
- You have an on-premises deployment, in which Microsoft Exchange Server 2013 is installed in an existing Exchange Server 2010 or Exchange Server 2007 organization.
- You have an on-premises deployment, in which Exchange Server 2016 is installed in an existing Exchange Server 2010 organization.
- You have a hybrid deployment of Exchange Server and Exchange Online in Office 365, in which the hybrid server is running Exchange Server 2013 or later.
- A shared mailbox or a shared calendar of the mailbox in Exchange Server 2010 or Exchange Server 2007
- A public folder in Exchange Server 2010 or Exchange Server 2007
Cannot expand the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance.
Cause
If Outlook Anywhere is configured by using one of the following combinations, the Autodiscover service sends "Anonymous" to the Outlook clients as theLogon network security option:
- "ExternalHostName" is set, and "ExternalClientAuthenticationMethod" is set to Negotiate. (Refer the following screen shot)
- "InternaClientlAuthenticationMethod" is set to Negotiate, and "InternalClientRequireSSL" is set to True. (Refer the following screen shot)
Resolution
- Run the Get-OutlookAnywhere cmdlet to verify the Outlook Anywhere settings on the Exchange server. The following example retrieves all Outlook Anywhere settings on the Exch1 server.
Get-OutlookAnywhere -Server Exch1
- If "ExternalHostName" is set, and "ExternalClientAuthenticationMethod" is Negotiate, change "ExternalClientAuthenticationMethod" to something other than Negotiate. The following example sets "ExternalClientAuthenticationMethod" to NTLM for the Exch1 server.
Get-OutlookAnywhere -Server Exch1| Set-OutlookAnywhere -ExternalClientAuthenticationMethod NTLM
- If "InternaClientlAuthenticationMethod" is set to Negotiate, and "InternalRequireSSL" is True, change "InternalClientAuthenticationMethod" to something other than Negotiate, or change "InternalRequireSSL" to False. The following example sets "InternalClientAuthenticationMethod" toNTLM for the Exch1 server:
Get-OutlookAnywhere -Server exch1 | Set-OutlookAnywhere -InternalClientAuthenticationMethod NTLM
Get-OutlookAnywhere -Server exch1 | Set-OutlookAnywhere -InternalClientsRequireSSL $False
- The new settings should be applied on the Outlook clients the next time that they send a request to the Autodiscover service. Or, you can manually change the settings.
Комментариев нет:
Отправить комментарий