混合部署故障排除Troubleshoot a hybrid deployment

在 Exchange 中使用混合配置向导配置混合部署将极大减少混合部署出现问题的可能性。然而,这里有一些混合配置向导范围之外的典型区域,如果配置不当的话,可能导致混合部署出现问题。本主题将讨论可能出现问题的以下常见区域,并介绍验证或修正问题的基本步骤:Configuring a hybrid deployment in Exchange with the Hybrid Configuration wizard greatly minimizes the potential that the hybrid deployment will experience problems. However, there are some typical areas outside the scope of the Hybrid Configuration wizard that, if misconfigured, may present problems in a hybrid deployment. This topic discusses the following common areas where problems may arise and outlines basic steps to verify or correct issues:

  • 本地 Exchange 服务器On-premises Exchange servers

  • 证书Certificates

  • 混合配置向导的具体错误Specific errors of the Hybrid Configuration wizard

备注

本主题中,在"Exchange 服务器"指以下: >客户端访问服务器的 Exchange 2013 和早期版本 >邮箱服务器Exchange 2016 及更高版本In this topic, "Exchange servers" refers to the following: > Client Access servers Exchange 2013 and earlier > Mailbox servers Exchange 2016 and later

有关其他信息,请参阅 Exchange Server 混合部署For additional information, see Exchange Server Hybrid Deployments.

关于混合部署的更多管理任务,参阅 混合部署过程For additional management tasks related to hybrid deployments, see Hybrid Deployment procedures.

在开始之前,您需要知道什么?What do you need to know before you begin?

  • 估计完成该任务的时间:因混合部署问题的类型而异Estimated time to complete this task: Varies, depending on type of hybrid deployment issues

  • 您必须先获得权限,然后才能执行此过程或多个过程。若要查看所需的权限,请参阅 Exchange and Shell infrastructure permissions主题中的"混合部署"条目。You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Hybrid deployments" entry in the Exchange and Shell infrastructure permissions topic.

  • 本主题中的指导适用于使用混合配置向导配置的混合部署。不支持手动配置的混合部署。The guidance in this topic applies to hybrid deployments configured using the Hybrid Configuration wizard. Hybrid deployments that have been manually configured are not supported.

  • 若要了解可能适用于此主题中过程的键盘快捷键,请参阅 Exchange 管理中心内的键盘快捷键For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

遇到问题了吗?请在 Exchange 论坛中寻求帮助。 请访问以下论坛:Exchange ServerExchange OnlineExchange Online ProtectionHaving problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server,Exchange Online, or Exchange Online Protection.

要执行什么操作?What do you want to do?

内部部署 Exchange 服务器故障排除Troubleshoot issues with on-premises Exchange servers

内部部署 Exchange 服务器的配置通常是混合配置最有可能出现问题的区域。通常,需要检查的区域包括:The configuration of the on-premises Exchange servers is typically the area where most problems may occur in a hybrid deployment. Usually, the areas that need to be examined are the following:

  • 可用性正确发布到 Internet 的内部部署 Exchange 服务器至关重要混合部署中正常工作的功能。对于混合功能正常工作,您必须配置您的内部部署防火墙或其他安全 appliance 以允许从 Internet 到自动发现和 Exchange Web Services (EWS) 终结点的入站的访问内部部署 Exchange 服务器。此外,Exchange 服务器,还必须配置为接受入站的 SMTP 邮件。如果包含在 Office 365 组织中的 Microsoft Exchange Online Protection (EOP) 服务无法访问内部部署 Exchange 服务器,从 Exchange Online 组织到内部部署组织的安全邮件传输不起作用正确。Availability Correctly publishing the on-premises Exchange servers to the Internet is vital to features working correctly in your hybrid deployment. For hybrid features to work correctly, you must configure your on-premises firewall or other security appliances to allow inbound access from the Internet to the Autodiscover and Exchange Web Services (EWS) endpoints on the on-premises Exchange servers. Additionally, the Exchange servers must also be configured to accept inbound SMTP mail. If the Microsoft Exchange Online Protection (EOP) service included in your Office 365 organization can't reach the on-premises Exchange servers, secure mail transport from the Exchange Online organization to the on-premises organization will not function correctly.

  • 证书必须从颁发的安全邮件传输之间的内部部署和 Exchange Online 组织需要用于将与 Exchange Online 进行通信的所有内部部署面向 Internet 的 Exchange 服务器上安装数字证书第三方证书颁发机构 (CA),不能过期,且必须分配了 IIS 和 SMTP 服务。如果不满足这些证书要求,从 Exchange Online 组织的安全邮件传输到内部部署组织将无法正常工作。"疑难解答问题证书"本主题后面中提供了有关证书要求的详细信息。Certificates The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations needs to be installed on all on-premises Internet-facing Exchange servers that will communicate with Exchange Online, must be issued from a third-party certificate authority (CA), must not be expired, and must have the IIS and SMTP services assigned. If these certificate requirements are not met, secure mail transport from the Exchange Online organization to the on-premises organization will not function correctly. More information about certificate requirements is provided in "Troubleshoot issues with Certificates" later in this topic.

如何知道您的 Exchange 服务器配置是否正确?How do you know if your Exchange servers are configured correctly?

要验证您已成功发布内部部署 Exchange 服务器,使用 Microsoft Remote Connectivity Analyzer 验证内部部署 Exchange 服务器的入站 Internet 连接。请执行以下操作:To verify that you have successfully published your on-premises Exchange servers, use the Microsoft Remote Connectivity Analyzer to verify inbound Internet connectivity to your on-premises Exchange servers. Do the following:

  1. 转到远程连接分析器工具。Go to the Remote Connectivity Analyzer tool.

  2. 该步骤用于 EWS 任务的常规测试,以确认它们是否正常运行,同时已配置 EWS 终结点。This step is for a general test of EWS tasks to confirm they are working, and that the EWS endpoint is configured.

    Microsoft Exchange Web 服务连接测试部分中,运行同步、 通知、 可用性和自动答复 (OOF) 测试并确认没有任何错误。如果出现错误,更正测试标识的项目。Run the Synchronization, Notification, Availability, and Automatic Replies (OOF) test in the Microsoft Exchange Web Services Connectivity Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

  3. 该步骤用于自动发现服务的常规测试,以确认它们是否正常运行,同时已配置自动服务终结点。This step is for a general test of the Autodiscover service to confirm that it's working, and that the Autodiscover endpoint is configured.

    Microsoft Office Outlook 连接测试部分中,运行Outlook 自动发现测试并确认没有任何错误。如果出现错误,更正测试标识的项目。Run the Outlook Autodiscover test in the Microsoft Office Outlook Connectivity Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

  4. 该步骤用于 SMTP 连接性的一般测试,并确认 Exchange 服务器可以接收入站 Internet 邮件。This step is for a general test of SMTP connectivity, and confirms that the Exchange servers can receive inbound Internet mail.

    Internet 电子邮件测试部分中,运行入站 SMTP 电子邮件测试并确认没有任何错误。如果出现错误,更正测试标识的项目。Run the Inbound SMTP E-Mail test in the Internet E-Mail Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

证书问题故障排除Troubleshoot issues with certificates

在内部部署 Exchange 服务器上安装的证书配置可能导致混合部署发生问题。在大多数情况下,以下证书相关问题将影响混合功能:The configuration of the certificates installed on the on-premises Exchange servers may be the source of problems occurring in a hybrid deployment. In most cases, the following certificate-related issues affect hybrid functionality:

  • 证书类型数字证书用于安全混合传输和在混合配置向导必须从第三方 CA。 自签名证书颁发定义不能用于混合传输身份验证。如果无意中选择或分配自签名的证书,Exchange Online 组织与内部部署组织之间的安全邮件传输将无法正常工作。Certificate type The digital certificate used for secure hybrid transport and defined in the Hybrid Configuration wizard must be issued from a third-party CA. Self-signed certificates can't be used for hybrid transport authentication. If a self-signed certificate is inadvertently selected or assigned, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 已分配服务Internet 信息服务 (IIS) 和简单邮件传输协议 (SMTP) 服务必须分配给用于混合传输的数字证书。如果这些服务不分配,Exchange Online 组织与内部部署组织之间的安全邮件传输将无法正常工作。Assigned services The Internet Information Service (IIS) and the Simple Mail Transport Protocol (SMTP) services must be assigned to the digital certificate used for hybrid transport. If these services aren't assigned, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 安装必须在所有内部部署 Exchange 服务器上安装数字证书用于内部部署组织与 Exchange Online 组织之间的安全邮件传输。如果您正在部署混合本地边缘传输服务器,那么还必须边缘传输服务器上安装数字证书。如果在本地服务器上未安装的证书,Exchange Online 组织与内部部署组织之间的安全邮件传输将无法正常工作。Installation The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations must be installed on all on-premises Exchange servers. If you're deploying hybrid with on-premises Edge Transport servers, the digital certificate must also be installed on your Edge Transport servers. If the certificate isn't installed on the on-premises servers, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 过期用于内部部署组织与 Exchange Online 组织之间的安全邮件传输的数字证书必须没有过期。如果证书已过期,Exchange Online 组织与内部部署组织之间的安全邮件传输将无法正常工作。Expiration The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations must not be expired. If the certificate is expired, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

如何知道您的证书是否正确配置?How do you know if your certificates are configured correctly?

要验证用于内部部署 Exchange 服务器的混合邮件传输证书正确配置,请执行以下操作:To verify that the certificate for hybrid mail transport is correctly configured on your on-premises Exchange servers, do the following:

  1. 在本地 Exchangex 服务器,打开Exchange 命令行管理程序On an on-premises Exchangex server, open the Exchange Management Shell.

  2. 在Exchange 命令行管理程序中,运行以下命令。In the Exchange Management Shell, run the following command.

    Get-ExchangeCertificate| format-list
    
  3. 查找您在用于安全邮件传输的混合配置向导中定义证书的信息。Locate the information for the certificate you defined in the Hybrid Configuration wizard that will be used for secure mail transport.

  4. 验证已分配以下参数值给证书:Verify the following parameter values are assigned to the certificate:

    • IsSelfSigned 参数此参数值应为_False_。IsSelfSigned parameter This parameter value should be False.

    • RootCAType 参数此参数值应为_第三方_。RootCAType parameter This parameter value should be Third Party.

    • Services 参数此参数值应为_IIS、 SMTP_。Services parameter This parameter value should be IIS, SMTP.

    • NotAfter 参数此参数值为的证书到期日期。此处列出的日期应没有过期。NotAfter parameter This parameter value is the certificate expiration date. The date listed here should not be expired.

混合配置向导的具体错误疑难解答Troubleshooting specific errors of the Hybrid Configuration wizard

如果您在运行混合配置向导时收到错误,通常可以通过执行若干简单的检查或操作来解决问题。关于解决在运行混合配置向导时可能遇到的具体消息或问题,请参阅以下建议。If you receive an error while running the Hybrid Configuration wizard, you can frequently resolve the issue by performing a few simple checks or actions. See the following suggestions for resolving specific messages or issues that you may encounter while running the Hybrid Configuration wizard.

  • 消息:"在服务器上找不到默认接收连接器<服务器名称>" 如果以下属性中列出的任何 Exchange 服务器上的接收连接器不在 TCP 端口 25 上侦听的 IPv4 和 IPv6 协议,将显示以下消息:(Get-HybridConfiguration).ReceivingTransportServers.Message: "Default Receive Connector cannot be found on server <Server Name>" This message appears if the Receive connector on any Exchange server listed in the following attribute isn't listening on TCP port 25 for both the IPv4 and IPv6 protocols: (Get-HybridConfiguration).ReceivingTransportServers.

若要在运行 (Get-HybridConfiguration).ReceivingTransportServers. 时验证所列 Exchange 服务器上的接收连接器是否绑定正确,可以在Exchange 命令行管理程序中运行以下命令。To verify that the Receive connectors on the Exchange servers listed when you run the (Get-HybridConfiguration).ReceivingTransportServers. have the correct bindings, run the following command in the Exchange Management Shell.

Get-ReceiveConnector -Server <Server Name> | FT Identity, Bindings
You should see the following entry listed for your Exchange servers:  `{[::]:25, 0.0.0.0:25}`

If this binding isn't listed, you need to add it to your Receive connector using the  _Bindings_ parameter of the **Set-ReceiveConnector** cmdlet. For details, see [Set-ReceiveConnector](http://technet.microsoft.com/library/eb7f8960-e772-4312-9d3f-47dd27d9545c.aspx).