疑難排解混合式部署Troubleshoot a hybrid deployment

Exchange 的混合式設定中設定混合部署精靈大幅最小化可能會混合式部署會遇到問題。但有某些混合組態精靈,如果設定正確,可能會在混合部署中呈現問題的範圍內的一般區域。本主題將討論下列可能會發生問題的一般區域並概述驗證或修正問題的基本步驟:Configuring a hybrid deployment in Exchange with the Hybrid Configuration wizard greatly minimizes the potential that the hybrid deployment will experience problems. However, there are some typical areas outside the scope of the Hybrid Configuration wizard that, if misconfigured, may present problems in a hybrid deployment. This topic discusses the following common areas where problems may arise and outlines basic steps to verify or correct issues:

  • 在內部部署 Exchange 伺服器On-premises Exchange servers

  • 憑證Certificates

  • 混合式組態精靈的特定錯誤Specific errors of the Hybrid Configuration wizard

注意

本主題"Exchange 伺服器 」 指的是下列: > Client Access server Exchange 2013 與舊版 > Mailbox server Exchange 2016 及更新版本In this topic, "Exchange servers" refers to the following: > Client Access servers Exchange 2013 and earlier > Mailbox servers Exchange 2016 and later

如需其他資訊,請參閱 Exchange Server Hybrid DeploymentsFor additional information, see Exchange Server Hybrid Deployments.

混合式部署相關的其他管理工作,請參閱混合式部署程序For additional management tasks related to hybrid deployments, see Hybrid Deployment procedures.

開始之前有哪些須知?What do you need to know before you begin?

  • 完成此工作的預估時間:取決於混合式部署的問題類型而有所不同Estimated time to complete this task: Varies, depending on type of hybrid deployment issues

  • 您必須獲得權限才能執行此程序或程序。若您需要哪些權限,請參閱Exchange and Shell infrastructure permissions主題中的 「 混合部署 」 項目。You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Hybrid deployments" entry in the Exchange and Shell infrastructure permissions topic.

  • 本主題中的指引可套用到使用混合式組態精靈設定的混合式部署。不支援以手動方式設定的混合式部署。The guidance in this topic applies to hybrid deployments configured using the Hybrid Configuration wizard. Hybrid deployments that have been manually configured are not supported.

  • 如需適用於此主題中程序的快速鍵相關資訊,請參閱 Exchange 系統管理中心的鍵盤快速鍵For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

有問題嗎?尋求 Exchange 論壇中的協助。請造訪在Exchange ServerExchange OnlineExchange Online Protection論壇。Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server,Exchange Online, or Exchange Online Protection.

您要執行的工作What do you want to do?

疑難排解在內部部署 Exchange 伺服器的問題Troubleshoot issues with on-premises Exchange servers

內部部署 Exchange 伺服器的組態通常是可能會發生最多問題的混合部署中的區域。通常,需要檢查區域如下所示:The configuration of the on-premises Exchange servers is typically the area where most problems may occur in a hybrid deployment. Usually, the areas that need to be examined are the following:

  • 可用性正確發佈至網際網路的內部部署 Exchange 伺服器是環運作正常混合部署中的功能。混合式功能才能正常運作,您必須設定您的內部防火牆或其他安全性 appliance 為允許從網際網路到自動探索及 Exchange Web 服務 (EWS) 端點的撥入的存取內部部署 Exchange 伺服器。此外,Exchange 伺服器也必須設定為接受傳入的 SMTP 郵件。從 Exchange Online 組織的安全郵件傳輸至內部部署組織若包含在 Office 365 組織中的 Microsoft Exchange Online Protection (EOP) 服務無法連線內部部署 Exchange 伺服器,將無法運作正確。Availability Correctly publishing the on-premises Exchange servers to the Internet is vital to features working correctly in your hybrid deployment. For hybrid features to work correctly, you must configure your on-premises firewall or other security appliances to allow inbound access from the Internet to the Autodiscover and Exchange Web Services (EWS) endpoints on the on-premises Exchange servers. Additionally, the Exchange servers must also be configured to accept inbound SMTP mail. If the Microsoft Exchange Online Protection (EOP) service included in your Office 365 organization can't reach the on-premises Exchange servers, secure mail transport from the Exchange Online organization to the on-premises organization will not function correctly.

  • 憑證必須從發行數位憑證的內部部署和 Exchange Online 組織需求之間的安全郵件傳輸用來將通訊與 Exchange Online 的所有內部部署網際網路對向 Exchange 伺服器上安裝協力廠商憑證授權單位 (CA) 必須未過期,而且必須具備的 IIS 和 SMTP 服務指派。如果不符合這些憑證需求,從 Exchange Online 組織的安全郵件傳輸至內部部署組織將無法正常運作。在 「 疑難排解問題憑證"本主題稍後的提供憑證需求的詳細資訊。Certificates The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations needs to be installed on all on-premises Internet-facing Exchange servers that will communicate with Exchange Online, must be issued from a third-party certificate authority (CA), must not be expired, and must have the IIS and SMTP services assigned. If these certificate requirements are not met, secure mail transport from the Exchange Online organization to the on-premises organization will not function correctly. More information about certificate requirements is provided in "Troubleshoot issues with Certificates" later in this topic.

如何知道您的 Exchange 伺服器已正確設定?How do you know if your Exchange servers are configured correctly?

若要確認您已成功發佈您的內部部署 Exchange 伺服器,請使用 Microsoft Remote Connectivity Analyzer 來驗證您的內部部署 Exchange 伺服器的內送的網際網路連線。執行下列動作:To verify that you have successfully published your on-premises Exchange servers, use the Microsoft Remote Connectivity Analyzer to verify inbound Internet connectivity to your on-premises Exchange servers. Do the following:

  1. 前往Remote Connectivity Analyzer工具。Go to the Remote Connectivity Analyzer tool.

  2. 這個步驟適用於 EWS 工作的一般測試,可確認工作正在運作,且已設定 EWS 端點。 This step is for a general test of EWS tasks to confirm they are working, and that the EWS endpoint is configured.

    在 [ Microsoft Exchange Web 服務連線測試] 區段中執行同步處理、 通知、 可用性及自動回覆 (OOF) 測試並確認沒有任何錯誤。如果發生錯誤,更正測試所識別的項目。Run the Synchronization, Notification, Availability, and Automatic Replies (OOF) test in the Microsoft Exchange Web Services Connectivity Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

  3. 若要確認其運作,且已自動探索端點的自動探索服務的一般測試是此步驟。This step is for a general test of the Autodiscover service to confirm that it's working, and that the Autodiscover endpoint is configured.

    在 [ Microsoft Office Outlook 連線測試] 區段中執行Outlook 自動探索] 測試並確認沒有任何錯誤。如果發生錯誤,更正測試所識別的項目。Run the Outlook Autodiscover test in the Microsoft Office Outlook Connectivity Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

  4. 此步驟的 SMTP 連線的一般測試並確認 Exchange 伺服器可以接收內送的網際網路郵件。This step is for a general test of SMTP connectivity, and confirms that the Exchange servers can receive inbound Internet mail.

    在 [網際網路電子郵件測試] 區段中執行輸入 SMTP 電子郵件測試並確認沒有任何錯誤。如果發生錯誤,更正測試所識別的項目。Run the Inbound SMTP E-Mail test in the Internet E-Mail Tests section, and verify that there aren't any errors. If errors occur, correct the items that the test identified.

疑難排解憑證的問題Troubleshoot issues with certificates

內部部署 Exchange 伺服器上已安裝的憑證的組態可能會發生在混合部署中的問題的來源。在大多數情況下,下列憑證相關問題影響混合式功能:The configuration of the certificates installed on the on-premises Exchange servers may be the source of problems occurring in a hybrid deployment. In most cases, the following certificate-related issues affect hybrid functionality:

  • 憑證類型用於安全的混合式傳輸和混合組態精靈必須發行的協力廠商 CA。 自我簽署憑證中所定義的數位憑證不能用於混合式傳輸驗證。如果不小心選取或指派自我簽署的憑證,Exchange Online 和內部部署組織之間的安全郵件傳輸將無法正常運作。Certificate type The digital certificate used for secure hybrid transport and defined in the Hybrid Configuration wizard must be issued from a third-party CA. Self-signed certificates can't be used for hybrid transport authentication. If a self-signed certificate is inadvertently selected or assigned, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 已指派服務網際網路資訊服務 (IIS) 和 [簡易郵件傳輸通訊協定 (SMTP) 服務必須指派給用於混合式傳輸的數位憑證。如果未指派這些服務、 Exchange Online 和內部部署組織之間的安全郵件傳輸將無法正常運作。Assigned services The Internet Information Service (IIS) and the Simple Mail Transport Protocol (SMTP) services must be assigned to the digital certificate used for hybrid transport. If these services aren't assigned, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 安裝必須在所有的內部部署 Exchange 伺服器上安裝數位憑證用於內部部署和 Exchange Online 組織之間的安全郵件傳輸。如果您正在部署混合使用內部部署 Edge Transport server,也必須安裝數位憑證 Edge Transport server 上。如果憑證不在內部部署伺服器上安裝,Exchange Online 和內部部署組織之間的安全郵件傳輸將無法正常運作。Installation The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations must be installed on all on-premises Exchange servers. If you're deploying hybrid with on-premises Edge Transport servers, the digital certificate must also be installed on your Edge Transport servers. If the certificate isn't installed on the on-premises servers, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

  • 到期日數位憑證用於內部部署和 Exchange Online 組織之間的安全郵件傳輸必須尚未過期。如果憑證已過期,Exchange Online 和內部部署組織之間的安全郵件傳輸將無法正常運作。Expiration The digital certificate used for secure mail transport between the on-premises and Exchange Online organizations must not be expired. If the certificate is expired, secure mail transport between the Exchange Online and the on-premises organizations will not function correctly.

如何知道您的憑證是否已正確設定?How do you know if your certificates are configured correctly?

若要確認的混合式郵件傳輸的憑證已正確設定內部部署 Exchange 伺服器上,執行下列動作:To verify that the certificate for hybrid mail transport is correctly configured on your on-premises Exchange servers, do the following:

  1. 在內部部署 Exchangex 伺服器上開啟 Exchange 管理命令介面。On an on-premises Exchangex server, open the Exchange Management Shell.

  2. 在 [Exchange 管理命令介面中,執行下列命令。In the Exchange Management Shell, run the following command.

    Get-ExchangeCertificate| format-list
    
  3. 找出您在混合式組態精靈中所定義之用於安全郵件傳輸的憑證資訊。Locate the information for the certificate you defined in the Hybrid Configuration wizard that will be used for secure mail transport.

  4. 請確認下列參數值會指派給憑證:Verify the following parameter values are assigned to the certificate:

    • IsSelfSigned 參數此參數值應該是_False_。IsSelfSigned parameter This parameter value should be False.

    • RootCAType 參數此參數值應該是_協力廠商_。RootCAType parameter This parameter value should be Third Party.

    • Services 參數此參數值應該是_IIS、 SMTP_。Services parameter This parameter value should be IIS, SMTP.

    • NotAfter 參數此參數值是憑證的到期日期。此處所列的日期應尚未過期。NotAfter parameter This parameter value is the certificate expiration date. The date listed here should not be expired.

疑難排解混合式組態精靈的特定錯誤Troubleshooting specific errors of the Hybrid Configuration wizard

如果您在執行混合式組態精靈時收到錯誤,您可以執行幾個簡單的檢查或動作,通常就能解決問題。請參閱下列建議,可解決您在執行混合式組態精靈時可能會遇到的特定訊息或問題。If you receive an error while running the Hybrid Configuration wizard, you can frequently resolve the issue by performing a few simple checks or actions. See the following suggestions for resolving specific messages or issues that you may encounter while running the Hybrid Configuration wizard.

  • 訊息: 「 伺服器上找不到預設的接收連接器<伺服器名稱>" 如果下列屬性中所列的任何 Exchange 伺服器上的接收連接器不 IPv4 和 IPv6 通訊協定聆聽 TCP 連接埠 25 上,出現這個訊息:(Get-HybridConfiguration).ReceivingTransportServers.Message: "Default Receive Connector cannot be found on server <Server Name>" This message appears if the Receive connector on any Exchange server listed in the following attribute isn't listening on TCP port 25 for both the IPv4 and IPv6 protocols: (Get-HybridConfiguration).ReceivingTransportServers.

若要確認 Exchange 伺服器上的接收連接器列出當您執行(Get-HybridConfiguration).ReceivingTransportServers.正確的繫結,在 Exchange 管理命令介面中執行下列命令。To verify that the Receive connectors on the Exchange servers listed when you run the (Get-HybridConfiguration).ReceivingTransportServers. have the correct bindings, run the following command in the Exchange Management Shell.

Get-ReceiveConnector -Server <Server Name> | FT Identity, Bindings
You should see the following entry listed for your Exchange servers:  `{[::]:25, 0.0.0.0:25}`

If this binding isn't listed, you need to add it to your Receive connector using the  _Bindings_ parameter of the **Set-ReceiveConnector** cmdlet. For details, see [Set-ReceiveConnector](http://technet.microsoft.com/library/eb7f8960-e772-4312-9d3f-47dd27d9545c.aspx).