0
ユーザーフォレスト内のユーザーとリソースフォレスト内のExchangeにアクセスしようとしていて、リソースフォレスト内にあるメールボックスを偽装しています。複数フォレスト環境で偽装するとErrorNonExistentMailboxがスローされる
このため、連絡先as described hereを作成し、ApplicationImpersonationセキュリティグループas described hereに追加しました。まず
、偽装はエラー
アカウントが要求されたユーザーを偽装する権限を持っていないので、動作しているようです。
は、アカウントがApplicationImpersonationグループに追加されるとすぐに消えています。
ただし、偽装するユーザーは、アクセスする必要があるフォルダにはまだアクセスできません。スローされたエラーは
です。SMTPアドレスにはメールボックスが関連付けられていません。
このエラーメッセージは間違っているようですが、AutoDiscoverがその非常に高いサーバーを非常にそのメールボックスに関連付けられたExchangeサーバーとして返しただけでなく、しかし、このエラーメッセージの理由は何ですか?添付されたEWSトレースを検索します。
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Starting SCP lookup for domainName='maildomain.com', root path=''
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Searching for SCP entries in LDAP://CN=Configuration,DC=resourceforest,DC=local
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Scanning for SCP pointers Domain=maildomain.com
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
No SCP pointers found for 'Domain=maildomain.com' in configPath='CN=Configuration,DC=resourceforest,DC=local'
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Scanning for SCP urls for the current computer Site=Default-First-Site-Name
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Adding (prio 1) 'https://autodiscover.maildomain.com/Autodiscover/Autodiscover.xml' for the 'Site=Default-First-Site-Name' from 'LDAP://CN=EXCHSRV,CN=Autodiscover,CN=Protocols,CN=EXCHSRV,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=EXCH,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=resourceforest,DC=local' to the top of the list (exact match)
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Determining which endpoints are enabled for host autodiscover.maildomain.com
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Request error: The remote server has returned an error: (401) Not authorized.
</Trace>
AutodiscoverConfiguration: <Trace Tag="AutodiscoverConfiguration" Tid="19" Time="2017-12-06 11:47:15Z">
Host returned enabled endpoint flags: Legacy, Soap, WsSecurity, OAuth
</Trace>
AutodiscoverRequestHttpHeaders: <Trace Tag="AutodiscoverRequestHttpHeaders" Tid="19" Time="2017-12-06 11:47:15Z">
POST /autodiscover/autodiscover.svc HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/15.00.0913.015
</Trace>
AutodiscoverRequest: <Trace Tag="AutodiscoverRequest" Tid="19" Time="2017-12-06 11:47:15Z" Version="15.00.0913.015">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<a:RequestedServerVersion>Exchange2010_SP2</a:RequestedServerVersion>
<wsa:Action>http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetUserSettings</wsa:Action>
<wsa:To>https://autodiscover.maildomain.com/autodiscover/autodiscover.svc</wsa:To>
</soap:Header>
<soap:Body>
<a:GetUserSettingsRequestMessage xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<a:Request>
<a:Users>
<a:User>
<a:Mailbox>[email protected]</a:Mailbox>
</a:User>
</a:Users>
<a:RequestedSettings>
<a:Setting>InternalEwsUrl</a:Setting>
<a:Setting>ExternalEwsUrl</a:Setting>
</a:RequestedSettings>
</a:Request>
</a:GetUserSettingsRequestMessage>
</soap:Body>
</soap:Envelope>
</Trace>
AutodiscoverResponseHttpHeaders: <Trace Tag="AutodiscoverResponseHttpHeaders" Tid="19" Time="2017-12-06 11:47:15Z">
HTTP/1.1 200 OK
Transfer-Encoding: chunked
request-id: 2595c423-85bb-4e19-95c0-69fff1b770cf
X-CalculatedBETarget: exchsrv.resourceforest.local
X-DiagInfo: EXCHSRV
X-BEServer: EXCHSRV
Persistent-Auth: true
X-FEServer: EXCHSRV
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Wed, 06 Dec 2017 11:44:00 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1233478190-3624727864-577162443-1630=u56Lnp2ejJqBnJ7LyJ3LncnSzJvGnNLLzsma0p6eysbSnpnIns6czp3Mx5vOgYHNz87H0s/O0s/Kq87OxcvLxc/O; expires=Fri, 05-Jan-2018 11:44:01 GMT; path=/autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
</Trace>
AutodiscoverResponse: <Trace Tag="AutodiscoverResponse" Tid="19" Time="2017-12-06 11:47:15Z" Version="15.00.0913.015">
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetUserSettingsResponse</a:Action>
<h:ServerVersionInfo xmlns:h="http://schemas.microsoft.com/exchange/2010/Autodiscover" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<h:MajorVersion>15</h:MajorVersion>
<h:MinorVersion>0</h:MinorVersion>
<h:MajorBuildNumber>1347</h:MajorBuildNumber>
<h:MinorBuildNumber>0</h:MinorBuildNumber>
<h:Version>Exchange2013_SP1</h:Version>
</h:ServerVersionInfo>
</s:Header>
<s:Body>
<GetUserSettingsResponseMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<Response xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ErrorCode>NoError</ErrorCode>
<ErrorMessage />
<UserResponses>
<UserResponse>
<ErrorCode>NoError</ErrorCode>
<ErrorMessage>No error.</ErrorMessage>
<RedirectTarget i:nil="true" />
<UserSettingErrors />
<UserSettings>
<UserSetting i:type="StringSetting">
<Name>InternalEwsUrl</Name>
<Value>https://exchsrv.maildomain.com/EWS/Exchange.asmx</Value>
</UserSetting>
<UserSetting i:type="StringSetting">
<Name>ExternalEwsUrl</Name>
<Value>https://exchsrv.maildomain.com/EWS/Exchange.asmx</Value>
</UserSetting>
</UserSettings>
</UserResponse>
</UserResponses>
</Response>
</GetUserSettingsResponseMessage>
</s:Body>
</s:Envelope>
</Trace>
EwsRequestHttpHeaders: <Trace Tag="EwsRequestHttpHeaders" Tid="19" Time="2017-12-06 11:47:15Z">
POST /EWS/Exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/15.00.0913.015
Accept-Encoding: gzip,deflate
</Trace>
EwsRequest: <Trace Tag="EwsRequest" Tid="19" Time="2017-12-06 11:47:15Z" Version="15.00.0913.015">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2010_SP2" />
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:SmtpAddress>[email protected]</t:SmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
<soap:Body>
<m:GetFolder>
<m:FolderShape>
<t:BaseShape>AllProperties</t:BaseShape>
</m:FolderShape>
<m:FolderIds>
<t:DistinguishedFolderId Id="calendar">
<t:Mailbox>
<t:EmailAddress>[email protected]</t:EmailAddress>
</t:Mailbox>
</t:DistinguishedFolderId>
</m:FolderIds>
</m:GetFolder>
</soap:Body>
</soap:Envelope>
</Trace>
EwsResponseHttpHeaders: <Trace Tag="EwsResponseHttpHeaders" Tid="19" Time="2017-12-06 11:47:15Z">
HTTP/1.1 500 Internal Server Error
Transfer-Encoding: chunked
request-id: 1027a792-caae-4b8b-99b9-33f35233e2e6
X-CalculatedBETarget: exchsrv.resourceforest.local
X-DiagInfo: EXCHSRV
X-BEServer: EXCHSRV
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Set-Cookie: exchangecookie=d43cb59780624405a5f6874f3c5186f9; expires=Thu, 06-Dec-2018 11:44:01 GMT; path=/; HttpOnly,X-BackEndCookie=S-1-5-21-1233478190-3624727864-577162443-1630=u56Lnp2ejJqBnJ7LyJ3LncnSzJvGnNLLzsma0p6eysbSnpnIns6czp3Mx5vOgYHNz87H0s/O0s/Kq87OxcvLxc/O; expires=Fri, 05-Jan-2018 11:44:01 GMT; path=/EWS; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
Persistent-Auth: true
X-Powered-By: ASP.NET
X-FEServer: EXCHSRV
Date: Wed, 06 Dec 2017 11:44:00 GMT
</Trace>
EwsResponse: <Trace Tag="EwsResponse" Tid="19" Time="2017-12-06 11:47:15Z" Version="15.00.0913.015">
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://schemas.microsoft.com/exchange/services/2006/types">a:ErrorNonExistentMailbox</faultcode>
<faultstring xml:lang="de-DE">The SMTP address has no mailbox associated with it.</faultstring>
<detail>
<e:ResponseCode xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">ErrorNonExistentMailbox</e:ResponseCode>
<e:Message xmlns:e="http://schemas.microsoft.com/exchange/services/2006/errors">The SMTP address has no mailbox associated with it.</e:Message>
<t:MessageXml xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<t:Value Name="SmtpAddress">[email protected]</t:Value>
</t:MessageXml>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
</Trace>