基於係一部Exchange CAS之內同意可以用唔同嘅Authentication Method (Password, Kerberos, Certificate) 。 而發現Exchange EWS係會兩個instance 同時response(Password Auth / Certificate Auth) , 邊成Outlook Client 當要用Web Service做notification嘅時候,IIS出現 Error 500 0 64。
“POST /EWS/Exchange.asmx – 443 – 10.0.1.35 Microsoft+Office/16.0+(Windows+NT+10.0;+Microsoft+Outlook+16.0.7927;+Pro) – 500 0 64 15”
但係點解呢?
係無人講EWS Multi Instance嘅情況之下,搵左四日都無咩頭粹。 方向改變諗如何令Outlook 只搵Default 個EWS,而MobileDevice 既Mail Profile 因為由MDM (MobileIron) 控制,所以EWS 係指定用Cert Auth。再引伸落去諗就係AutoDiscover 去做Restriction。 亦發現用 ‘https://testconnectivity.microsoft.com’ 去試會出現 Failure。原因係用咗CBA 嘅 EWS vDIR….. Test Failed….
最後好彩地搵到Hints,就係AutoDiscover WebSite 嘅URL。 當初係用CNAME 指去 CAS 嘅 internal name。呢個就係Root Cause。
搵出嘅係,當DNS 搵AutoDiscover而係用 CNAME point去CAS internal name。 當用CAS internal name 去 用EWS。係會兩個site用晒。
相信係有幾多個EWS 都會用晒,因為所有Exchange Virtual Directory確實係under同一部機。
所以係呢種設定下AutoDiscover嘅DNS record轉成Host (A) Point 死 Default WebSite EWS 嘅IP…
但原本問題仍然未解決……
To be Continue….
Refernce site:
https://forums.iis.net/t/1230097.aspx?http+500+0+64+IIS+with+Client+Certificate+Required
Quote:
500 = Internal Server Error
64 = The specified network name is no longer available.
Quote:
Important These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. For example, consider the following scenario:
- The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following:
https://ServerName.contoso.com/ews/exchange.asmx
- The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as “mail.contoso.com.”
In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.