搭配 AD FS 與 Web 應用程式 Proxy 部署工作資料夾:步驟 4 設定 Web 應用程式 ProxyDeploy Work Folders with AD FS and Web Application Proxy: Step 4, Set-up Web Application Proxy

適用於:Windows Server (半年度管道)、Windows Server 2016Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

本主題說明使用 Active Directory 同盟服務 (AD FS) 和 Web 應用程式 Proxy 部署工作資料夾的第四個步驟。This topic describes the fourth step in deploying Work Folders with Active Directory Federation Services (AD FS) and Web Application Proxy. 您可以在這些主題中找到這個程序的其他步驟︰You can find the other steps in this process in these topics:

注意

本節中涵蓋的指示僅適用於 Server 2016 環境。The instructions covered in this section are for a Server 2016 environment. 如果您使用 Windows Server 2012 R2,請依照 Windows Server 2012 R2 指示If you're using Windows Server 2012 R2, follow the Windows Server 2012 R2 instructions.

若要設定 Web 應用程式 Proxy 以搭配工作資料夾使用,請使用以下程序。To set up Web Application Proxy for use with Work Folders, use the following procedures.

安裝 AD FS 和工作資料夾憑證Install the AD FS and Work Folder certificates

您必須在將安裝 Web 應用程式 Proxy 角色的電腦上,把先前建立的 AD FS 和工作資料夾憑證 (步驟 1 設定 AD FS 和步驟 3 設定工作資料夾) 安裝到本機電腦憑證存放區。You must install the AD FS and Work Folders certificates that you created earlier (in step 1, Set up AD FS, and step 3, Set up Work Folders) into the local computer certificate store on the machine where the Web Application Proxy role will be installed.

因為您將安裝的是無法在「受信任的根憑證授權單位」憑證存放區中追溯發行者的自我簽署憑證,您還必須將憑證複製到該存放區。Because you're installing self-signed certificates that can't be traced back to a publisher in the Trusted Root Certification Authorities certificate store, you must also copy the certificates to that store.

若要安裝憑證,請依照下列步驟執行:To install the certificates, follow these steps:

  1. 按一下 [開始],然後按一下 [執行]Click Start, and then click Run.

  2. 輸入 MMCType MMC.

  3. 按一下 [檔案] 功能表上的 [新增/移除嵌入式管理單元]On the File menu, click Add/Remove Snap-in.

  4. [可用的嵌入式管理單元] 清單中,選取 [憑證],然後按一下 [新增]In the Available snap-ins list, select Certificates, and then click Add. [憑證嵌入式管理單元精靈] 就會啟動。The Certificates Snap-in Wizard starts.

  5. 選取 [電腦帳戶],然後按 [下一步]Select Computer account, and then click Next.

  6. 選取 [本機電腦 (執行這個主控台的電腦)],然後按一下 [完成]Select Local computer: (the computer this console is running on), and then click Finish.

  7. 按一下 [確定]Click OK.

  8. 展開資料夾 Console Root\Certificates(Local Computer)\Personal\CertificatesExpand the folder Console Root\Certificates(Local Computer)\Personal\Certificates.

  9. 以滑鼠右鍵按一下 [憑證],按一下 [所有工作],然後按一下 [匯入]Right-click Certificates, click All Tasks, and then click Import.

  10. 瀏覽至含有 AD FS 憑證的資料夾,然後依照精靈中的指示匯入檔案,並將它放在憑證存放區。Browse to the folder that contains the AD FS certificate, and follow the instructions in the wizard to import the file and place it in the certificate store.

  11. 重複執行步驟 9 和 10,這次瀏覽到工作資料夾憑證並將其匯入。Repeat steps 9 and 10, this time browsing to the Work Folders certificate and importing it.

  12. 展開資料夾 Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities\CertificatesExpand the folder Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities\Certificates.

  13. 以滑鼠右鍵按一下 [憑證],按一下 [所有工作],然後按一下 [匯入]Right-click Certificates, click All Tasks, and then click Import.

  14. 瀏覽至含有 AD FS 憑證的資料夾,然後依照精靈中的指示匯入檔案,並將它放在「受信任的根憑證授權單位」存放區。Browse to the folder that contains the AD FS certificate, and follow the instructions in the wizard to import the file and place it in the Trusted Root Certification Authorities store.

  15. 重複執行步驟 13 和 14,這次瀏覽到工作資料夾憑證並將其匯入。Repeat steps 13 and 14, this time browsing to the Work Folders certificate and importing it.

安裝 Web 應用程式 ProxyInstall Web Application Proxy

若要安裝 Web 應用程式 Proxy,請依照下列步驟執行︰To install Web Application Proxy, follow these steps:

  1. 在您打算安裝的 Web 應用程式 Proxy 的伺服器上,開啟 [伺服器管理員] 並啟動 [新增角色及功能] 精靈。On the server where you plan to install the Web Application Proxy, open Server Manager and start the Add Roles and Features Wizard.

  2. 按一下精靈第一頁和第二頁上的 [下一步]Click Next on the first and second pages of the wizard.

  3. [選取伺服器]頁面上,選取您的伺服器,然後按 [下一步]On the Server Selection page, select your server, and then click Next.

  4. [伺服器角色] 頁面上,選取 [遠端存取] 角色,然後按 [下一步]On the Server Role page, select the Remote Access role, and then click Next.

  5. 在 [功能] 頁面和 [遠端存取] 頁面上,按 [下一步]On the Features page and Remote Access page, click Next.

  6. [角色服務] 頁面上,選取 [Web 應用程式 Proxy],按一下 [新增功能],然後按 [下一步]On the Role Services page, select Web Application Proxy, click Add Features, and then click Next.

  7. [確認安裝選項] 頁面上,按一下 [安裝]On the Confirm installation selections page, click Install.

設定 Web 應用程式 ProxyConfigure Web Application Proxy

若要設定 Web 應用程式 Proxy,請依照下列步驟執行︰To configure Web Application Proxy, follow these steps:

  1. 按一下 [伺服器管理員] 頂端的警告旗標,然後按一下連結以開啟 [Web 應用程式的 Proxy 設定精靈]。Click the warning flag at the top of Server Manager, and then click the link to open the Web Application Proxy Configuration Wizard.

  2. 在 [歡迎使用] 頁面上,按 [下一步]On the Welcome page, press Next.

  3. [同盟伺服器] 頁面上,輸入同盟服務名稱。On the Federation Server page, enter the Federation Service name. 在測驗範例中,這是 blueadfs.contoso.comIn the test example, this is blueadfs.contoso.com.

  4. 輸入同盟伺服器上的本機系統管理員帳戶的認證。Enter the credentials of a local administrator account on the federation servers. 不要輸入網域認證 (例如,contoso\administrator),而輸入本機認證 (例如系統管理員)。Do not enter in domain credentials (for example, contoso\administrator), but local credentials (for example, administrator).

  5. [AD FS Proxy 憑證] 頁面上,選取之前匯入的 AD FS 憑證。On the AD FS Proxy Certificate page, select the AD FS certificate that you imported earlier. 在測試案例中,這是 blueadfs.contoso.com。按一下 [下一步]In the test case, this is blueadfs.contoso.com. Click Next.

  6. 確認頁面會顯示將執行的 Windows PowerShell 命令以設定服務。The confirmation page shows the Windows PowerShell command that will execute to configure the service. 按一下 [設定]Click Configure.

發佈工作資料夾 web 應用程式Publish the Work Folders web application

下一個步驟是發佈將可讓用戶端使用工作資料夾的 Web 應用程式。The next step is to publish a web application that will make Work Folders available to clients. 若要發佈工作資料夾 Web 應用程式,請依照下列步驟執行︰To publish the Work Folders web application, follow these steps:

  1. 開啟 [伺服器管理員],並在 [工具] 功能表中,按一下 [遠端存取管理] 以開啟 [遠端存取管理] 主控台。Open Server Manager, and on the Tools menu, click Remote Access Management to open the Remote Access Management Console.

  2. [設定]下,按一下 [Web 應用程式 Proxy]Under Configuration, click Web Application Proxy.

  3. [工作] 下,按一下 [發佈]Under Tasks, click Publish. [發行新應用程式精靈] 隨即開啟。The Publish New Application Wizard opens.

  4. 在 [歡迎使用] 頁面上,按 [下一步]On the Welcome page, click Next.

  5. [預先驗證] 頁面上,選取 [Active Directory 同盟服務 (AD FS)],然後按 [下一步]On the Preauthentication page, select Active Directory Federation Services (AD FS), and click Next.

  6. [支援戶端] 頁面上,選取 [OAuth2],然後按 [下一步]On the Support Clients page, select OAuth2, and click Next.

  7. [信賴憑證者] 頁面上,選取 [工作資料夾],然後按 [下一步]On the Relying Party page, select Work Folders, and then click Next. 本清單是從 AD FS 發佈到 Web 應用程式 Proxy。This list is published to the Web Application Proxy from AD FS.

  8. [發行設定] 頁面上,輸入下列,然後按 [下一步]On the Publishing Settings page, enter the following and then click Next:

    • 您想要用於 Web 應用程式的名稱The name you want to use for the web application

    • 工作資料夾的外部 URLThe external URL for Work Folders

    • 工作資料夾憑證的名稱The name of the Work Folders certificate

    • 工作資料夾的後端 URLThe back-end URL for Work Folders

    根據預設,精靈可讓後端 URL 與外部 URL 一樣。By default, the wizard makes the back-end URL the same as the external URL.

    如需測驗範例,請使用這些值︰For the test example, use these values:

    名稱︰WorkFoldersName: WorkFolders

    外部 URL:https://workfolders.contoso.comExternal URL: https://workfolders.contoso.com

    外部憑證︰您先前安裝的工作資料夾憑證External certificate: The Work Folders certificate that you installed earlier

    後端伺服器 URL:https://workfolders.contoso.comBackend server URL: https://workfolders.contoso.com

  9. 確認頁面會顯示將執行的 [Windows PowerShell] 命令以發佈應用程式。The confirmation page shows the Windows PowerShell command that will execute to publish the application. 按一下 [發佈]Click Publish.

  10. [結果] 頁面上,您應該會看見已應用程式成功發佈。On the Results page, you should see the application was published successfully.

    注意

    如果您有多個工作資料夾伺服器,就必須針對每個工作資料夾伺服器發佈工作資料夾 Web 應用程式 (重複步驟 1-10)。If you have multiple Work Folders servers, you need to publish a Work Folders web application for each Work Folders server (repeat steps 1-10).

下一步:搭配 AD FS 與 Web 應用程式 Proxy 部署工作資料夾︰步驟 5 設定用戶端Next step: Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients

另請參閱See Also

工作資料夾概觀Work Folders Overview