Problem with Exchange 2010 and WinRM


I have a problem with Exchange 2010 on Windows server 2008 R2 (domain member).

Oponing the console or shell throws the following error:

[server185] Connecting to remote server failed with the following error message : The WinRM client cannot
process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer (server185:80) returned an 'access denied' error. Change the configuration to allow Kerberos authentication me
chanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify th
e local computer name as the remote destination. Also verify that the client computer and the destination computer are
joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authenticati
on and provide user name and password. Possible authentication mechanisms reported by server:     Negotiate For more in
formation, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
    + FullyQualifiedErrorId : PSSessionOpenFailed

I have tried lot of solutions I have found on Google, but non of them worked.
Any ideas?
Who is Participating?
ironxConnect With a Mentor Author Commented:

I've already tryed that, and worked a few times ;)
However I've found the solution... and the major problem causing the error above.
Beside the Exchange Organization I've deleted everything connected to Exchange with ADSIedit, including Exchange Security Groups. And that was the problem, because everytime I've tried to ADprepare the installation the groups were created and added to the Domain Member computer running Exchange.
So the new and old groups filled up the ACL. causing:
"Length of the access control list exceed the allowed maximum.".

After clearing the ACL, Exchange was willing to install.

Now WinRM works too.

Thank you everyone for the help.
BusbarSolutions ArchitectCommented:
which version of Exchange 2010 you are using are you using RTM version, also do you use the latest winrm versions?
ironxAuthor Commented:

No, it's the full Enterprise version downloaded from MSDN.
Everything is the latest and up-to-date.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

BusbarSolutions ArchitectCommented:
do you use outlook live?
Open IIS manager and let me know the Authentication Settings in Powershell Virtual Directory.. try Only with Windows Integrated Authentication on Powershell VDIR
ironxAuthor Commented:
I have now a different problem with the server, so I have to reinstall Windows... but not right now.
I'll be back in a few weeks.

Thanks anyway.
ironxAuthor Commented:
I have re-installed the server...

Windows Server 2008 Enterprise (all updates)
All pre-requirements of Exchange 2010...

Tried running setup /PrepareAD and /preparelegacyexchangepermissions /prepareschema / preparedomain one-by-one. Both ways the same error:


G:\>setup /preparedomain

Welcome to Microsoft Exchange Server 2010 Unattended Setup

By continuing the installation process, you agree to the license terms of
Microsoft Exchange Server 2010. If you don't accept these license terms,
please cancel the installation. To review these license terms, please go to

Press any key to cancel setup................
No key presses were detected.  Setup will continue.
Preparing Exchange Setup

    Copying Setup Files              ......................... COMPLETED

No server roles will be installed

Performing Microsoft Exchange Server Prerequisite Check

    Organization Checks              ......................... COMPLETED

Configuring Microsoft Exchange Server

    Prepare Domain Progress          ......................... FAILED
     The following error was generated when "$error.Clear(); if ($RolePrepareAll
Domains) { initialize-DomainPermissions -AllDomains:$true -CreateTenantRoot:$Rol
eIsDatacenter; } elseif ($RoleDomain -ne $null) { initialize-DomainPermissions -
Domain $RoleDomain -CreateTenantRoot:$RoleIsDatacenter; } else { initialize-Doma
inPermissions -CreateTenantRoot:$RoleIsDatacenter; }" was run: "Length of the ac
cess control list exceed the allowed maximum.".

The Exchange Server setup operation did not complete. Visit http://support.micro and enter the Error ID to find more information.

Exchange Server setup encountered an error.


Tried cleaning out AD, with ADSIedit (extended-rights and services) but no luck.

Any ideas?
ironxAuthor Commented:
I'm wondering if there's a way of cleaning out Exchange totally from AD?
Open ADSIEDIT and under configuration container > Services>Microsoft Exchange> ORG Name> Servers

Delete the server name and reinstall
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.