解决 Intune Exchange Connector 的常见错误Resolve common Errors for the Intune Exchange Connector

本文可以帮助 Intune 管理员解决有关 Intune Exchange Connector 操作的特定错误和消息。This article can help the Intune administrator resolve specific errors and messages about the operation of the Intune Exchange Connector.

配置失败,返回的错误代码 0x0000001Configuration failed and returned error code 0x0000001

问题Issue:
尝试配置 Microsoft Intune Exchange Connector 时,会收到以下错误消息:When you try to configure the Microsoft Intune Exchange Connector, you receive the following error message:

   The Microsoft Intune Exchange Connector cannot connect to the Microsoft Exchange server.  
   The following Microsoft Exchange Server address could not be reached <Exchange server Name FQDN>  
   Verify that the FQDN of the exchange server address and credentials that you entered is correct and the server is running. The Microsoft Intune Exchange Connector does not support Exchange server arrays.  
   Error code: 0x0000001  

如果未正确配置 Internet 代理设置,可能会出现此问题。This problem can occur if the Internet proxy settings are misconfigured.

解决方法Resolution:
配置代理设置:Configure proxy settings:

  1. 请与本地网络管理员联系,确保已正确配置代理设置。Contact the local network administrator to make sure that the proxy settings are configured correctly.

  2. 使用 Netsh winhttp 命令配置代理服务器并添加所需的排除列表 。Use the Netsh winhttp command to configure the proxy server and add the required exclusion list. 例如:For example:

    Netsh winhttp set proxy proxy-server="http=proxy.corp.domain.com" bypass-list"34*.*;134.132.*.*;10.*.*;localhost;*.corp.domain.com;*.staging.domain.com"
    

配置失败,返回的错误代码 0x000000bConfiguration failed and returned error code 0x000000b

问题Issue:
尝试配置 Microsoft Intune Exchange Connector 时,会收到以下错误消息:When you try to configure the Microsoft Intune Exchange Connector, you receive the following error message:

   The Microsoft Intune Exchange Connector experienced an error:  
   CertEnroll::CX509PrivateKey::Create: The system cannot find the file specified. 0x80070002 (WIN32: 2  
   ERROR_FILE_NOT_FOUND  
   Error code: 0x000000b  

如果用于登录 Intune 的帐户不是 Intune 全局管理员帐户,则会出现此问题。This problem can occur if the account that you used to sign in to Intune isn't an Intune Global Administrator account.

解决方法Resolution:
使用全局管理员帐户登录 Intune,或将你的帐户添加到全局管理员组。Sign in to Intune with an account that is a Global Administrator, or add your account to the Global Admin group. 有关详细信息,请参阅 Microsoft Intune 的基于角色的管理控制 (RBAC)For more information, see Role-based administration control (RBAC) with Microsoft Intune.

配置失败,返回的错误代码 0x0000006Configuration failed and returned error code 0x0000006

问题Issue:
尝试配置 Microsoft Intune Exchange Connector 时,会收到以下错误消息:When you try to configure the Microsoft Intune Exchange Connector, you receive the following error message:

   The Microsoft Intune Exchange Connector cannot connect to Microsoft Intune  
   Verify that you are connected to the Internet, check the Microsoft Intune Service Status, and try to connect again.  
   Error code: 0x00000006  

如果使用代理服务器连接到 Internet 并阻止到 Intune 服务的流量,则会出现此错误。This error can occur if a proxy server is used to connect to the Internet and is blocking traffic to the Intune Service. 要确定是否正在使用代理,请转到“控制面板” > “Internet 选项”,选择“连接”选项卡,然后单击“局域网设置” 。To determine whether a proxy is in use, go to Control Panel > Internet Options, select the Connection tab, and then click LAN Settings.

解决方法Resolution:

  • 选项 1 - 删除代理设置,以便计算机无需通过代理即可连接到 Internet。Option 1 - Remove the proxy settings to allow the computer to connect to the Internet without going through the proxy.

  • 选项 2 - 如 Intune Exchange Connector 要求中所述,将代理服务器配置为允许与 Intune 服务通信。Option 2 - Configure your proxy server to allow communication to the Intune service, as documented in Intune Exchange Connector requirements.

事件 7000 或 7041:Microsoft Intune Exchange Connector 服务无法启动Event 7000 or 7041: Microsoft Intune Exchange Connector Service won't start

问题Issue:
IOS 设备无法在 Intune 中注册,并生成以下某种错误消息:An iOS device fails to enroll in Intune and generates one of the following error messages:

   Log Name:      System
   Source:            Service Control Manager
   Date:               <time>
   Task Category: None
   Level:               Error
   Keywords:        Classic
   User:                N/A
   Computer:      <computer>
   Description:
   The Microsoft Intune Exchange Connector Service service failed to start because of the following error:  
   The service did not start because of a logon failure.
   Log Name:      System
   Source:            Service Control Manager
   Date:               <time>
   Event ID:          7041
   Task Category: None
   Level:               Error   
   Keywords:        Classic
   User:                N/A
   Computer:       <computer>
   Description:
   The WIEC service was unable to log on as .\WIEC_USER with the currently configured password because of the following error:
   Logon failure: the user has not been granted the requested logon type at this computer.
   Service: WIEC
   Domain and account: .\WIEC_USER
   This service account does not have the required user right "Log on as a service."  

如果 WIEC_User 帐户在本地策略中没有“作为服务登录”用户权限,则会出现此问题 。This problem can occur if the WIEC_User account doesn't have the Log on as service user right in the local policy.

解决方法Resolution:
在运行 Intune Exchange Connector 的计算机上,将“作为服务登录”用户权限分配给 WIEC_User 服务帐户 。On the computer that runs the Intune Exchange Connector, assign the Log on as a service user right to the WIEC_User service account. 如果计算机是群集中的节点,请确保将“作为服务登录”用户权限分配给群集中所有节点上的群集服务帐户 。If the computer is a node in a cluster, make sure to assign the Log on as a service user right to the cluster service account on all nodes in the cluster.

要将“作为服务登录”用户权限分配到计算机上的 WIEC_User 服务帐户,请遵循以下步骤 :To assign the Log on as a service user right to the WIEC_User service account on the computer, follow these steps:

  1. 以管理员或管理员组成员的身份登录到计算机。Log on to the computer as an administrator or as a member of the Administrators group.
  2. 运行 secpol.msc 以打开“本地安全策略” 。Run secpol.msc to open the Local Security Policy.
  3. 转到“安全设置” > “本地策略”,然后选择“用户权限分配” 。Go to Security settings > Local policies, and then select User Rights Assignment.
  4. 在右侧窗格中,双击“作为服务登录” 。In the right pane, double-click Log on as a service.
  5. 选择“添加用户或组”,将 WIEC_USER 添加到策略,然后选择两次“确定” 。Select Add User or Group, add WIEC_USER to the policy, and then select OK two times.

如果“作为服务登录”用户权限曾分配给 WIEC_User,但后来被删除,请与域管理员联系以确定组策略设置是否覆盖了它 。If the Log on as a service user right was assigned to WIEC_User but was later removed, contact the domain administrator to determine whether a Group Policy setting is overwriting it.

后续步骤Next steps

以下文章可帮助解决特定错误:The following article can help resolve specific errors:

寻求支持或 Intune 社区的帮助。Seek assistance from support or the Intune community.