我们在 Exchange 2016 中遇到 OWA 和 ActiveSync 的间歇性 503 错误。这些错误似乎只影响前端服务器上未激活的数据库中的帐户,因此将用户代理到其邮箱似乎存在问题。这些问题是在应用 Hyper-V 检查点后开始的,我将在下面对此进行详细说明。我不明白为什么会发生这种情况,因为当我进行检查点时一切都正常。
配置
我们有两台运行 CU18 的 Exchange 2016 服务器。这些服务器位于 DAG 中,并且都安装了所有角色。我们的所有数据库都在两台服务器上复制,并且每台服务器上有一半数据库处于活动状态。我们没有设置任何 DNS 负载平衡,因此每台服务器都有自己的永久 IP,并且我们将 mail.domain.com 的 DNS 指向第三个 IP,如果需要对一台服务器进行维护等,我们会在服务器之间手动移动该 IP,否则它会保留在一台服务器上。我们的 DNS 是拆分的,即我们的内部和外部 DNS 分别指向内部和外部 IP。两台服务器都使用相同的 SSL SAN 证书,该证书由受信任的公共 CA 签名,并且该证书有效并已分配给服务。
发生了什么
就 Exchange 而言,一切都运行正常。我注意到我们的 AV/Antispam 等管理代理无法连接到其中一个 Exchange 服务器上的 AV 服务器。重新安装代理无法解决问题,因此 AV 技术支持询问他们是否可以在一台服务器上重新安装整个安全包(我们将其称为服务器 exch1)。然后,我通过运行并将前面C:\Program Files\Microsoft\Exchange\V15\Scripts\StartDagMaintenance.ps1提到的第三个 IP 移动到 exch2,将 exch1 置于维护模式。在确认所有数据库副本都已在 exch2 上激活后,我对 exch1 进行了 Hyper-V 检查点。然后删除并重新安装安全包,这解决了代理的问题。但是,我们随后意识到共享隔离区实际上存储在 exch1 上,这意味着我们丢失了其中的所有内容。由于我们是一所学校,因此我们隔离了大多数其他文件类型允许的许多文件类型,并定期发布项目。出于这个原因,我们选择应用/恢复检查点以保存隔离区。AV 技术支持设法让代理再次连接,我运行脚本StopDagServerMaintenance.ps1并将第三个 IP 移回 exch1。
问题
将 exch1 恢复为维护模式后,我通过 OWA 登录某些帐户时开始收到 503 错误。有问题的帐户是驻留在 exch2 上处于活动状态的数据库中的任何帐户,因此通过 exch1 进行代理。我的 iPhone 上的邮件应用程序(配置为 Exchange 帐户)也无法连接。此时,来自 exch1 ( C:\Windows\system32\LogFiles\HTTPERR) 的 HTTPERR 日志显示重复的错误MSExchangeRpcProxyAppPool:
2021-03-03 17:42:19 {3RD_EXCH_IP} 20228 {3RD_EXCH_IP} 444 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:42:20 {3RD_EXCH_IP} 19752 {3RD_EXCH_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 BadRequest MSExchangeRpcProxyAppPool
2021-03-03 17:42:24 {Visitor_IP} 44932 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:42:28 {Visitor_IP} 44206 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:42:30 {EXCH2_IP} 33910 {EXCH1_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 BadRequest MSExchangeRpcProxyAppPool
2021-03-03 17:42:39 {Visitor_IP} 56932 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:42:40 {3RD_EXCH_IP} 20508 {3RD_EXCH_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2021-03-03 17:42:40 {IPV6_ADDR} 18889 {IPV6_ADDR} 444 HTTP/1.1 GET /owa/ev.owa2?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=90952fb3-d596-4c2e-b4ae-4a19ecba2204&brwnm=chrome&X-OWA-CANARY=r6JrtadBzESnFj23L7T5ZdDs3zxr3tgIFNaGCIXOAFiqEzPIoSRDIZmhFbuZnhVVsyQp5sqSYgQ.&n=rf - - 2 Connection_Dropped MSExchangeOWAAppPool
2021-03-03 17:42:40 {EXCH2_IP} 33906 {EXCH1_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2021-03-03 17:42:40 {EXCH1_IP} 18912 {EXCH1_IP} 444 HTTP/1.1 GET /owa/ev.owa2?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=cf1049ad-ecca-4ec5-ac46-015e3e0eb32d&brwnm=chrome&X-OWA-CANARY=Gh9oOYHZPkuN4Ou2TTIPPyAoS1tr3tgIzL0cjYwNeE1YpjnAzHdoa7CGiidtl2YWLWqvdgHVFY0.&n=r3 - - 2 Connection_Dropped MSExchangeOWAAppPool
2021-03-03 17:42:44 {Visitor_IP} 8192 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:42:44 {Visitor_IP} 35328 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:09 {Visitor_IP} 53884 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:09 {Visitor_IP} 53882 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:09 {Visitor_IP} 53883 {3RD_EXCH_IP} 80 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:09 {3RD_EXCH_IP} 20810 {3RD_EXCH_IP} 444 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:13 {Visitor_IP} 59200 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:13 {3RD_EXCH_IP} 18096 {3RD_EXCH_IP} 444 - - - - - - Timer_ConnectionIdle -
2021-03-03 17:43:13 {Visitor_IP} 61922 {3RD_EXCH_IP} 443 - - - - - - Timer_MinBytesPerSecond -
2021-03-03 17:43:15 {3RD_EXCH_IP} 19752 {3RD_EXCH_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2021-03-03 17:43:15 {EXCH2_IP} 33910 {EXCH1_IP} 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?{EXCH1_FQDN}:6001 - 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2021-03-03 17:43:19 {Visitor_IP} 60452 {3RD_EXCH_IP} 443 - - - - - - Timer_ConnectionIdle -
问题似乎在一段时间后自行解决,但现在似乎是间歇性的。例如,现在我的手机可以正常工作,而我家里电脑上的 Outlook 却无法正常工作,但之前是这样的。OWA 早些时候也开始再次出现 503 错误,但随后随机停止了(至少对我来说是这样)。MSExchangeRpcProxyAppPool今天早上,尽管我可以使用 OWA 和手机,但仍然可以看到一些错误。
Test-OutlookWebServices显示自动发现失败,但我已使用 Outlook 和 testconnectivity.microsoft.com 进行了内部和外部测试,运行正常。不过 OAB 上的延迟不对。
Test-OutlookWebServices -Identity [email protected] -MailboxCredential (Get-Credential) -ClientAccessServer EXCH2
Source ServiceEndpoint Scenario Result Latency(MS)
------ --------------- -------- ------ -------
{EXCH1_FQDN} {EXCH2_FQDN} Autodiscover: Outlook Provider Failure 242
{EXCH1_FQDN} {EXCH2_FQDN} Exchange Web Services Success 124
{EXCH1_FQDN} {EXCH2_FQDN} Availability Service Success 116
{EXCH1_FQDN} {EXCH2_FQDN} Offline Address Book Success 17921
Test-OutlookWebServices -Identity [email protected] -MailboxCredential (Get-Credential) -ClientAccessServer EXCH1
Source ServiceEndpoint Scenario Result Latency(MS)
------ --------------- -------- ------ -------
{EXCH1_FQDN} {EXCH1_FQDN} Autodiscover: Outlook Provider Failure 128
{EXCH1_FQDN} {EXCH1_FQDN} Exchange Web Services Success 58
{EXCH1_FQDN} {EXCH1_FQDN} Availability Service Success 110
{EXCH1_FQDN} {EXCH1_FQDN} Offline Address Book Success 18053
Test-ActiveSyncConnectivity由于证书问题而失败,但我们分配的证书显示为有效。我如何检查此处使用的是哪个证书?
Test-ActiveSyncConnectivity -ClientAccessServer EXCH2 -MailboxCredential (Get-Credential)
CasServer LocalSite Scenario Result Latency(MS) Error
--------- --------- -------- ------ ----------- -----
exch2 SiteName Options Failure [System.Net.WebException
]: The underlying
connection was closed:
Could not establish
trust relationship for
the SSL/TLS secure
channel. Inner error [Sy
stem.Security.Authentica
tion.AuthenticationExcep
tion]: The remote
certificate is invalid
according to the
validation procedure.
我们的证书。这里有一些旧证书,但它们尚未分配给任何服务。
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {65******-****-****-****-************, {EXCH1}, {EXCH1_IP}, {3RD_EXCH_IP}, 169.254.1.63}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=MS-Organization-P2P-Access [2020]
NotAfter : 05/03/2021 15:36:39
NotBefore : 04/03/2021 15:31:39
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 21******************************
Services : None
Status : Invalid
Subject : CN=65******-****-****-****-************, DC=46******-****-****-****-************
Thumbprint : 7B*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {{EXCH1}}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Exchange_{Company} Comm Group Root CA, OU=Exchange_{Company} Comm Group, O=ESET
NotAfter : 03/03/2051 15:34:04
NotBefore : 03/03/2021 15:34:04
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 02
Services : None
Status : RevocationCheckFailure
Subject : CN={EXCH1}, OU=Exchange_{Company} Comm Group, O=ESET
Thumbprint : EC*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {65******-****-****-****-************, {EXCH1}, {EXCH1_IP}, {3RD_EXCH_IP}, 169.254.1.19, {EXCH1_FQDN}}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=MS-Organization-P2P-Access [2019]
NotAfter : 05/06/2020 21:59:17
NotBefore : 04/06/2020 21:54:17
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 42******************************
Services : None
Status : Invalid
Subject : CN=65******-****-****-****-************, DC=46******-****-****-****-************
Thumbprint : 9A*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.domain.com, www.mail.domain.com, domain.com, autodiscover.domain.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter : 22/10/2021 12:25:35
NotBefore : 22/10/2019 12:25:35
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 1A******************************
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=mail.domain.com, OU=Domain Control Validated
Thumbprint : 72*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {65******-****-****-****-************, {EXCH1}, {EXCH1_IP}, {3RD_EXCH_IP}, 169.254.1.5, {EXCH1_FQDN}}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=MS-Organization-P2P-Access [2018]
NotAfter : 06/07/2019 00:53:49
NotBefore : 05/07/2019 00:48:49
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 50******************************
Services : None
Status : Invalid
Subject : CN=65******-****-****-****-************, DC=46******-****-****-****-************
Thumbprint : 37*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {65******-****-****-****-************, {EXCH1}, {EXCH1_IP}, {3RD_EXCH_IP}, 169.254.1.252, {EXCH1_FQDN}}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=MS-Organization-P2P-Access [2017]
NotAfter : 05/08/2018 00:05:25
NotBefore : 04/08/2018 00:00:25
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 3F******************************
Services : None
Status : Invalid
Subject : CN=65******-****-****-****-************, DC=46******-****-****-****-************
Thumbprint : 66*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {65******-****-****-****-************, {EXCH1}, {EXCH1_IP}, {3RD_EXCH_IP}, 169.254.1.80, {EXCH1_FQDN}}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=MS-Organization-P2P-Access [2016]
NotAfter : 03/09/2017 20:59:10
NotBefore : 02/09/2017 20:54:10
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 43******************************
Services : None
Status : Invalid
Subject : CN=65******-****-****-****-************, DC=46******-****-****-****-************
Thumbprint : 5B*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 08/06/2022 09:39:03
NotBefore : 04/07/2017 09:39:03
PublicKeySize : 2048
RootCAType : None
SerialNumber : 4E******************************
Services : SMTP
Status : Valid
Subject : CN=Microsoft Exchange Server Auth Certificate
Thumbprint : 2B*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule,
System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {{EXCH1}, {EXCH1_FQDN}}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN={EXCH1}
NotAfter : 04/07/2022 09:37:32
NotBefore : 04/07/2017 09:37:32
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 18******************************
Services : IIS, SMTP
Status : Valid
Subject : CN={EXCH1}
Thumbprint : 65*************************************
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SHA2-{EXCH1}}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SHA2-{EXCH1}
NotAfter : 28/06/2027 14:27:42
NotBefore : 30/06/2017 14:27:42
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 18******************************
Services : None
Status : Valid
Subject : CN=WMSvc-SHA2-{EXCH1}
Thumbprint : 68*************************************
从 exch1 到 exch2 的 RPCPing:
rpcping /t ncacn_http /s {EXCH2_FQDN} /o RpcProxy=mail.domain.com /P username,domain,* /H Basic /u NTLM /a connect /F 3
Enter password for RPC/HTTP proxy:
Exception 1722 (0x000006BA)
Number of records is: 3
ProcessID is 9396
System Time is: 3/4/2021 16:11:18:616
Generating component is 14
Status is 0x6C0, 1728
Detection location is 1398
Flags is 0
NumberOfParameters is 2
Long val: 0x4
Long val: 0x6c0
ProcessID is 9396
System Time is: 3/4/2021 16:11:18:603
Generating component is 13
Status is 0x6C0, 1728
Detection location is 1428
Flags is 0
NumberOfParameters is 1
Long val: 0x190
ProcessID is 9396
System Time is: 3/4/2021 16:11:18:603
Generating component is 13
Status is 0x190, 400
Detection location is 1417
Flags is 0
NumberOfParameters is 1
Unicode string: Invalid RPC Port: 593
testconnectivity.microsoft.com 结果显示,账户位于 exch1 上的数据库中:
Testing Outlook connectivity.
The Outlook connectivity test failed.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
Autodiscover was tested successfully.
Test Steps
Autodiscover settings for Outlook connectivity are being validated.
The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
Testing MAPI over HTTP connectivity to server mail.domain.com
MAPI over HTTP connectivity was verified successfully.
Test Steps
Testing RPC over HTTP connectivity to server mail.domain.com
RPC over HTTP connectivity failed.
Test Steps
Attempting to resolve the host name mail.domain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Testing HTTP Authentication Methods for URL https://mail.domain.com/rpc/[email protected]:6002.
The HTTP authentication methods are correct.
Additional Details
Attempting to ping RPC proxy mail.domain.com.
RPC Proxy was pinged successfully.
Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
The endpoint was pinged successfully.
Additional Details
Testing the MAPI Address Book endpoint on the Exchange server.
The address book endpoint was tested successfully.
Test Steps
Testing the MAPI Referral service on the Exchange Server.
An error occurred while the Referral service was being tested.
Test Steps
Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
The endpoint was pinged successfully.
Additional Details
Attempting to perform referral for user on server [email protected].
An error occurred while trying to get the address book server.
Additional Details
An RPC error was thrown by the RPC Runtime process. Error -532462766 -532462766
RPC Status: -532462766 -532462766
testconnectivity.microsoft.com 结果显示,账户位于 exch2 上的数据库中:
Testing Outlook connectivity.
The Outlook connectivity test failed.
Test Steps
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
Autodiscover was tested successfully.
Test Steps
Autodiscover settings for Outlook connectivity are being validated.
The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
Testing MAPI over HTTP connectivity to server mail.domain.com
MAPI over HTTP connectivity failed.
Test Steps
Attempting to resolve the host name mail.domain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.domain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Testing HTTP Authentication Methods for URL https://mail.domain.com/mapi/emsmdb/[email protected].
The HTTP authentication methods are correct.
Additional Details
Testing the MAPI Address Book endpoint on the Exchange server.
An error occurred while testing the address book endpoint.
Test Steps
Testing the address book "Check Name" operation for user [email protected] against server mail.domain.com.
An error occurred while attempting to resolve the name.
Additional Details
A protocol layer error occured. HttpStatusCode: 503
Failure LID: 47372
Failure Information:
###### REQUEST [2021-03-04T17:39:53.4083406Z] [ResolvedIPs: {EXCH_EXTERNAL_IP}] ######
POST /mapi/nspi/[email protected] HTTP/1.1
Content-Type: application/octet-stream
User-Agent: MapiHttpClient
X-RequestId: 199148da-e4e8-45cc-9109-8462a54e9449:1
X-ClientInfo: afeca7b0-830f-491d-874b-90e03f295d7c:1
client-request-id: 0917a5aa-f28e-4e11-95c0-460d6cc0b0bf
X-ClientApplication: MapiHttpClient/15.20.3825.0
X-RequestType: Bind
Authorization: Negotiate [truncated]
Host: mail.domain.com
Content-Length: 45
--- REQUEST BODY [+0.041] ---
..[BODY SIZE: 45]
--- REQUEST SENT [+0.041] ---
###### RESPONSE [+0.138] ######
HTTP/1.1 503 Failed authentication on backend server: Unauthorized
request-id: 6b446af9-fe00-403c-b390-038b740f3000
X-CalculatedBETarget: {EXCH2_FQDN}
X-FailureContext: BackEnd;401;NDAx;U3lzdGVtLk5ldC5XZWJFeGNlcHRpb246IFRoZSByZW1vdGUgc2VydmVyIHJldHVybmVkIGFuIGVycm9yOiAoNDAxKSBVbmF1dGhvcml6ZWQuDQogICBhdCBTeXN0ZW0uTmV0Lkh0dHBXZWJSZXF1ZXN0LkVuZEdldFJlc3BvbnNlKElBc3luY1Jlc3VsdCBhc3luY1Jlc3VsdCkNCiAgIGF0IE1pY3Jvc29mdC5FeGNoYW5nZS5IdHRwUHJveHkuUHJveHlSZXF1ZXN0SGFuZGxlci48PmNfX0Rpc3BsYXlDbGFzczE5OV8wLjxPblJlc3BvbnNlUmVhZHk+Yl9fMCgp;;;
Persistent-Auth: true
X-FEServer: {EXCH1}
Content-Length: 0
Cache-Control: private
Date: Thu, 04 Mar 2021 17:39:52 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
--- RESPONSE BODY [+0.139] ---
--- RESPONSE DONE [+0.139] ---
###### EXCEPTION THROWN [+0.139] ######
HTTP Response Headers:
request-id: 6b446af9-fe00-403c-b390-038b740f3000
X-CalculatedBETarget: {EXCH2_FQDN}
X-FailureContext: BackEnd;401;NDAx;U3lzdGVtLk5ldC5XZWJFeGNlcHRpb246IFRoZSByZW1vdGUgc2VydmVyIHJldHVybmVkIGFuIGVycm9yOiAoNDAxKSBVbmF1dGhvcml6ZWQuDQogICBhdCBTeXN0ZW0uTmV0Lkh0dHBXZWJSZXF1ZXN0LkVuZEdldFJlc3BvbnNlKElBc3luY1Jlc3VsdCBhc3luY1Jlc3VsdCkNCiAgIGF0IE1pY3Jvc29mdC5FeGNoYW5nZS5IdHRwUHJveHkuUHJveHlSZXF1ZXN0SGFuZGxlci48PmNfX0Rpc3BsYXlDbGFzczE5OV8wLjxPblJlc3BvbnNlUmVhZHk+Yl9fMCgp;;;
Persistent-Auth: true
X-FEServer: {EXCH1}
Content-Length: 0
Cache-Control: private
Date: Thu, 04 Mar 2021 17:39:52 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
HTTP Status Code: 503 ServiceUnavailable
任何帮助将不胜感激。
答案1
我做了一些研究,这个问题可能与证书有关。
从IIS检查确认IIS服务使用了哪个证书(确保绑定证书正确):
然后以管理员权限在 CMD 中运行 IISReset。
检查该问题是否仍然存在。
另外,这里有一个类似的帖子供您参考:Exchange 2013 ECP/OWA/Outlook 全部失败 - 503 服务不可用