Problem with Exchange 2010 and WinRM

Posted on 2009-12-18
Last Modified: 2012-05-08

I have a problem with Exchange 2010 on Windows server 2008 R2 (domain member).

Oponing the console or shell throws the following error:

[server185] Connecting to remote server failed with the following error message : The WinRM client cannot
process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer (server185:80) returned an 'access denied' error. Change the configuration to allow Kerberos authentication me
chanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify th
e local computer name as the remote destination. Also verify that the client computer and the destination computer are
joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authenticati
on and provide user name and password. Possible authentication mechanisms reported by server:     Negotiate For more in
formation, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
    + FullyQualifiedErrorId : PSSessionOpenFailed

I have tried lot of solutions I have found on Google, but non of them worked.
Any ideas?
Question by:ironx
    LVL 33

    Expert Comment

    which version of Exchange 2010 you are using are you using RTM version, also do you use the latest winrm versions?

    Author Comment


    No, it's the full Enterprise version downloaded from MSDN.
    Everything is the latest and up-to-date.
    LVL 33

    Expert Comment

    do you use outlook live?
    LVL 12

    Expert Comment

    Open IIS manager and let me know the Authentication Settings in Powershell Virtual Directory.. try Only with Windows Integrated Authentication on Powershell VDIR

    Author Comment

    I have now a different problem with the server, so I have to reinstall Windows... but not right now.
    I'll be back in a few weeks.

    Thanks anyway.

    Author Comment

    I have re-installed the server...

    Windows Server 2008 Enterprise (all updates)
    All pre-requirements of Exchange 2010...

    Tried running setup /PrepareAD and /preparelegacyexchangepermissions /prepareschema / preparedomain one-by-one. Both ways the same error:


    G:\>setup /preparedomain

    Welcome to Microsoft Exchange Server 2010 Unattended Setup

    By continuing the installation process, you agree to the license terms of
    Microsoft Exchange Server 2010. If you don't accept these license terms,
    please cancel the installation. To review these license terms, please go to

    Press any key to cancel setup................
    No key presses were detected.  Setup will continue.
    Preparing Exchange Setup

        Copying Setup Files              ......................... COMPLETED

    No server roles will be installed

    Performing Microsoft Exchange Server Prerequisite Check

        Organization Checks              ......................... COMPLETED

    Configuring Microsoft Exchange Server

        Prepare Domain Progress          ......................... FAILED
         The following error was generated when "$error.Clear(); if ($RolePrepareAll
    Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol
    eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -
    Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma
    inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "Length of the ac
    cess control list exceed the allowed maximum.".

    The Exchange Server setup operation did not complete. Visit http://support.micro and enter the Error ID to find more information.

    Exchange Server setup encountered an error.


    Tried cleaning out AD, with ADSIedit (extended-rights and services) but no luck.

    Any ideas?

    Author Comment

    I'm wondering if there's a way of cleaning out Exchange totally from AD?
    LVL 12

    Expert Comment

    Open ADSIEDIT and under configuration container > Services>Microsoft Exchange> ORG Name> Servers

    Delete the server name and reinstall

    Accepted Solution


    I've already tryed that, and worked a few times ;)
    However I've found the solution... and the major problem causing the error above.
    Beside the Exchange Organization I've deleted everything connected to Exchange with ADSIedit, including Exchange Security Groups. And that was the problem, because everytime I've tried to ADprepare the installation the groups were created and added to the Domain Member computer running Exchange.
    So the new and old groups filled up the ACL. causing:
    "Length of the access control list exceed the allowed maximum.".

    After clearing the ACL, Exchange was willing to install.

    Now WinRM works too.

    Thank you everyone for the help.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now