Exchange 2010: EMC problem because of Powershell issues on IIS?


I've wanted to open the Exchange Management Console like always but I got an error message now (picture 1).

picture 1
And when trying to access the modules section in the Powershell virtual directory on IIS I get an error message too (picture 2).

picture 2
My users can still send and receive e-mails but I can't create new users, for example. I need to resolve this!?

I've also found the following in the Event Viewer: "The setting ExternalProxy in the Web.Config file was not valid. The previous value was null and has been changed to ."

And also this: "The Application Host Helper Service has detected that administration.config file doesn't contain valid configuration. Config history backup feature has been disabled. It will be re-enabled automatically once the configuration file is fixed."

Any help is greatly appreciated! :)

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shabarinath RamadasanInfrastructure ArchitectCommented:
XeronimoAuthor Commented:

Thank you but I'm logged onto the Exchange server via RDP as the domain admin. This always had worked before.

So I get the above errors even as an admin ...

I would first try removing and re-creating the PS vdir by using the Remove-PowerShellVirtualDirectory and then New-PowerShellVirtualDirectory .  Unfortunately, if things are too bad, it won't actually let you do that.

There are also several articles for this sort of thing.  Here is a good place to start:
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

XeronimoAuthor Commented:

Thanks, I'll try that.

I've checked out that page before (and their updated version:

They mention a tool (EMTshooter) but the download link does not work anymore??

Ah, well.  In the last few forum topics where I suggested using this, it was no help, anyway.  I think MS have messed up by making the entire Exchange management function dependent upon a rather finnicky IIS configuration.  See if you can recreate the PS VDir for now.
XeronimoAuthor Commented:

I've tried that command but got an error message ...

 picture 3
XeronimoAuthor Commented:
There's obviously something wrong with the IIS part of things I would say! I've gotten more than 5000 events from the task category 'WebHost' in the last half hour!

Mostly this one:

WebHost failed to process a request.
 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/42931033
 Exception: System.ServiceModel.ServiceActivationException: The service '/EWS/Exchange.asmx' cannot be activated due to an exception during compilation.  The exception message is: This collection already contains an address with scheme http.  There can be at most one address per scheme in this collection.
Parameter name: item. ---> System.ArgumentException: This collection already contains an address with scheme http.  There can be at most one address per scheme in this collection.
Parameter name: item
   at System.ServiceModel.UriSchemeKeyedCollection.InsertItem(Int32 index, Uri item)
   at System.Collections.Generic.SynchronizedCollection`1.Add(T item)
   at System.ServiceModel.UriSchemeKeyedCollection..ctor(Uri[] addresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
   at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   --- End of inner exception stack trace ---
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
 Process Name: w3wp
 Process ID: 4480
XeronimoAuthor Commented:
OWA still seems to work too though!
It would probably be a good time to use Remove-EWSVirtualDirectory, too, but as you discovered, PowerShell (which has failed load the Exchange extensions) won't let you do anything like that.

It might help to look at the problem illustrated in your picture22.png above.  I have pasted below the relevant section of my web.config (starting at line 7), so that you can compare it with yours.  You will find several web.config files on the server.  Make sure you look at the one mentioned in the error dialog box.

          <Plugin Name="PowerShellplugin" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text">
              <Resource ResourceUri="" SupportsOptions="true">
                <Capability Type="Shell" />
              <Param Name="PSVersion" Value="2.0" />
              <Param Name="ApplicationBase" Value="%ExchangeInstallPath%Bin" />
              <Param Name="AssemblyName" Value="Microsoft.Exchange.Configuration.ObjectModel.dll" />
              <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.Exchange.Configuration.Authorization.ExchangeAuthorizationPlugin" />
              <Param Name="PSMaximumReceivedObjectSizeMB" Value="75" />
              <Param Name="PSMaximumReceivedDataSizePerCommandMB" Value="500" />
        <AuthorizationPlugin Name="Microsoft.Exchange.AuthorizationPlugin" Filename="%ExchangeInstallPath%Bin\Microsoft.Exchange.AuthorizationPlugin.dll" SDKVersion="1" SupportsQuota="true" />
      <OperationsConfiguration MaxOperationTimeoutSeconds="900" MaxShellIdleTimeoutMinutes="15"/>
XeronimoAuthor Commented:

The error in picture22.png has been solved in the mean time, I think by removing and reinstalling the

So that's not a problem anymore! Oh, wait, I'm just remembering ... the error message itself in the console has slightly changed too:

 picture 2
Can you find that 403 in your IIS log file?
MS are apparently working on the EMTShooter download problem.  But they sent me a copy, so if you email me, I'll forward it to you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
XeronimoAuthor Commented:

Hi, how do I sent you a private mail then here?

I have a web site that is linked from my profile - the address is there.  It's not good to put your email address in forums, because there are so many bots out there looking for them, but I hope this will be enough :-
email (a t) leederbyshire (d o t) com
XeronimoAuthor Commented:

Thanks, I'm sorry! I could have looked at your website! I've sent you an e-mail right now.
No problem - I just sent you a copy.  Let me know if you don't get it.
XeronimoAuthor Commented:

Ok, so I've now run the tool and it tells me that the problem could be that SSL is required by the PowerShell vdir and I should disable that. Trying to figure out how to disable it now ...
XeronimoAuthor Commented:
I've just noticed something else ...

The time saved in the log file is one hour earlier than it should be! Yet the server itself displays the correct time ... could that be part of the problem!?
XeronimoAuthor Commented:
I've also found this in the log file:

2011-03-16 09:26:53 ::1 POST /PowerShell PSVersion=2.0 80 - ::1 Microsoft+WinRM+Client 403 4 5 0

Isn't ::1 IPv6? Shouldn't the connection be made using IPv4?
Yes.  A few posts ago, I was hoping that you could find the 403 entry in your IIS log file.  There are 20 different types of 403 response (all meaning that something was forbidden), but the recorded subcode (I think it would be 403 4) would indicate if SSL required was the problem.  Anyway, it's easy enough to check in IIS.  If SSL is required on the powershell vdir, turn it off.

The recorded times in the log file are in GMT by default.
XeronimoAuthor Commented:
Woohoo! It is working again!!!

It seems like, at least in the end, the main culprit was the PowerShell virtual directory since it required an SSL connection. I've disabled SSL on the vdir and now I can connect again.

The EMTshooter definitely helped in this case though since it suggested an SSL problem!

Thanks again, Lee :)
Excellent - I'm glad it's fixed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.