為左唔使起多部CAS,但又可以試CBA, 只係用加多一張NIC,多一粒IP。 絕對係快靚正。
但係,係deployment嘅過程,係絕對俾Exchange/IIS玩死。
呢下Website嘅步驟絕對無錯(推薦第一個)
遇到問題如下
1。同一張NIC用二粒IP,係setup時會衍生Host 錯IP問題,所以唔建議
2。當中避免用IIS去Set,特別係Step 11開clientCertificateMappingAuthentication,同埋最尾enable “Require Client Certificate”
雖然係IIS都會改到,但係偉大嘅M$話Exchange 野應該返Exchange Admin Center(EAC)做,同SharePoint 一樣……
唔相信….我自己得到嘅代價,就係唔同嘅IIS Error。。
可能係403.7 ,接403.16……..
再唔係,出Error 500。。恭喜~GameOver。。。 遇過好幾次,要delete site,由頭再嚟…..
3。EWS IIS Error 413, 唔Fix, Notification亦會停唔work
需要改以下
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\autodiscover\web.config
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ews\web.config
2. Replace the value “uploadReadAheadSize” of 0 to 1048576 (bytes) in both files
4。最後,亦係最奇怪。 話Server Local Machine Trust Root Authority 太多Cert,最後係用條 filter script 搵返啲 Intermediate Cert,再搬反走佢。。。。
而Client Device用嘅Cert,可以係有AD Enrolment Policy 由GPO落。 Domain Member PC 係Login 時自動安落PC….
又或者由MDM,從SCEP Profile 落Cert都可以。
最重要係Cert既Subject 係User Email Address, Cert 入面SAN 有User DN, UPN就會認得到
Filter Script…
Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt”
Reference
Step 11. Enabled cba on the ActiveSync website from elevated command prompt.
a. APPCMD.EXE set config “EAS_CBA/Microsoft-Server-ActiveSync” -section:system.webServer/security/authentication/clientCertificateMappingAuthentication /enabled:”True” /commit:apphost
Additional EAS vDir creation
In Exchange Mgmt shell:
Command: New-ActiveSyncVirtualDirectory -WebSiteName “EAS_CBA” -ExternalUrl https://mailcba.domain.com/Microsoft-Server-ActiveSync -Server servername -InternalURL https://mailcba.domain.com/Microsoft-Server-ActiveSync
Setup Procedure Reference
http://www.o-xchange.com/p/configuring-exchange-active-sync-for.html
http://i-evgeny.blogspot.hk/2015/09/exchange-2013-413-request-entity-too.html