Solved

exchange 2010 kerberos authentication failed

Posted on 2011-09-23
17
1,868 Views
Last Modified: 2012-05-12
I receiving this error after I have rebooted my server
0
Comment
Question by:beridius
  • 10
  • 7
17 Comments
 
LVL 2

Author Comment

by:beridius
ID: 36585625
powershell using kerberos  authentication failed with the following error:

The client could not connect to the destination specified on the request  
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36585682
Hi,

can you  check this.

The Microsoft Exchange Server Best Practices Analyzer examines the system
to verify that the PowerShell Virtual Directory is configured correctly and will not cause problems when you try to run the Exchange Management Tools in Exchange Server 2010.

To do this, the Analyzer tool verifies the following conditions:

The kerbauth.dll file can be located at the path indicated in the applicationHost.config file.
The PowerShell Virtual Directory is bound to 'Default Web Site' and to port 80.
The “Require SSL” option is not configured for the PowerShell Virtual Directory in IIS.
The path of the PowerShell Virtual Directory is the default path.
Kerbauth is listed as a Native Module, and the DLL location points to C:\Program Files\Microsoft\Exchange Server\v14\Bin\kerbauth.dll.
If these conditions are not configured correctly, issues may occur when you try to use the Exchange Management Tools.

PowerShell uses Kerberos to authenticate a remote computer connection. Internet Information Services (IIS) implements the Kerberos authentication method by using a native module. The Kerberos authentication module must be loaded on the PowerShell virtual directory level. If the Kerberos authentication module is configured as a Managed module instead of as a native module, or if the Kerberos authentication module has been loaded on the default Web site level, you may receive the following error message when you try to use the Exchange Management Tools:

The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.
To resolve this issue, follow these steps.

Configure Kerberos Authentication
Start Internet Information Services (IIS) Manager.

In the Connections pane, expand Default Web Site, and then click PowerShell.

In the /PowerShell Home pane, double-click Modules.

Confirm that Kerbauth is a native module.

Confirm that the path of the Kerbauth.dll file is
C:\Program Files\Microsoft\Exchange Server\v14\Bin\kerbauth.dll.

Verify that the Kerbauth module is registered but not enabled on the default Web site.
 To do this, follow these steps:

Click the default Web site in the Connections pane, and then double-click Modules in the
results pane.
In the Actions pane, click Configure Native Modules.
If Kerbauth is not listed in the Configure Native Modules dialog box, click Register.
In the Register Native Module dialog box, type the name and path of the Kerbauth module,
and then click OK.
If Kerbauth is enabled, click to clear the Kerbauth check box.
Click OK.
If the ExchangeInstallPath variable is missing from the Environment variables in System
Properties, you may receive the following error message when you try to use Exchange Management
Tools:

Connecting to remote server failed with the following error message: The WinRM client received an HTTP server error status (500),
but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError $true'.
To resolve this issue, follow these steps.

Add the ExchangeInstallPath variable to the Environment variables in System Properties, and check the path of the PowerShell Virtual Directory in IIS
Open System Properties, and then click Environment variables.

In the System variables area, verify that the ExchangeInstallPath variable exists and that the value for the variable is
C:\Program Files\Microsoft\Exchange Server\V14\. Add the variable if it does not exist.

Start IIS.

Expand Default Web Site, and then click PowerShell.

In the Actions pane, click Basic Settings.

In the Edit Application dialog box, verify that the path in the Physical path box is as follows: C:\Program Files\Microsoft\Exchange Server\v14\ClientAccess\Powershell.

Click OK.

Exchange Management Tools connects over port 80. If the Require SSL option is set for the PowerShell Virtual Directory, Exchange Management Tools
tries to connect on port 443 instead of on port 80. If this occurs, IIS returns the following error message:

The WinRM client received an HTTP status code of 403 from the remote WS-Management service.
To resolve this issue, follow these steps.

The procedure title
Start Internet Information Services (IIS) Manager.

In the Connections pane, expand Default Web Site, and then click PowerShell.

In the Results pane, double-click SSL Settings.

On the SSL Settings property page, click to clear the Require SSL check box.

In the Actions pane, click Apply.

let us know.
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36585701
Hi,

Read following artilces, that will be easy:-

Troubleshooting Exchange 2010 Management Tools startup issues
http://msexchangeteam.com/archive/2010/02/04/453946.aspx 

http://support.microsoft.com/kb/2028305

PowerShell Virtual Directory issues cause problems with Exchange Management tools
http://technet.microsoft.com/en-us/library/ff607221(EXCHG.80).aspx 
0
 
LVL 2

Author Comment

by:beridius
ID: 36585879
0
 
LVL 2

Author Comment

by:beridius
ID: 36585881
check Kerbauth.dll  all fine
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36585949
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36585979


still your problem is not resolved then please provide me the event log.
0
 
LVL 2

Author Comment

by:beridius
ID: 36586015
this is one of them


An unexpected error occurred while starting the Microsoft Exchange Address Book service. Error details: System.DllNotFoundException: Unable to load DLL 'dsaccessperf.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
   at Microsoft.Exchange.Data.Directory.NativeMethods.DsaccessPerfSetProcessName(String processName, String applicationName, Boolean hasMultiInstance)
   at Microsoft.Exchange.Data.Directory.Globals.InitializePerfCounterInstance(String applicationName, Boolean hasMultiInstance)
   at Microsoft.Exchange.AddressBook.Service.AddressBookService.<DeferredServiceStartInitialization>b__6()
   at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

Open in new window

0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 2

Author Comment

by:beridius
ID: 36586017
this is another one
Watson report about to be sent for process id: 3636, with parameters: E12, c-RTL-AMD64, 14.01.0218.015, M.E.AddressBook.Service, M.E.Data.Directory, M.E.D.D.NativeMethods.DsaccessPerfSetProcessName, System.DllNotFoundException, 6292, 14.01.0218.011.
ErrorReportingEnabled: False

Open in new window

0
 
LVL 2

Author Comment

by:beridius
ID: 36586022
thats all the errors
0
 
LVL 2

Author Comment

by:beridius
ID: 36586029
the only thing that was change on the server is kaspersky was installed. but is not the email version, so it should not play with the exchange
0
 
LVL 10

Accepted Solution

by:
gaurav05 earned 500 total points
ID: 36586049
Hi,

did you install sp1 for exchange server 2010?

if not then check this it will resolved your problem.


http://blogs.technet.com/b/exchange/archive/2010/09/01/3410888.aspx

0
 
LVL 2

Author Comment

by:beridius
ID: 36586133
now downloading it I will let you know if it works
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36586173
Hi,

Before you install SP1 download Microsoft Exchange Best Practices Analyzer v2.8

you will get clear picture for the problem.

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22485#Requirements

steps Before you upgrading exchange 2010

1) Update windows server 2008 R2 with SP1
2) update exchange server 2010 with SP1
0
 
LVL 2

Author Comment

by:beridius
ID: 36586189
best practice give me Active Directory domain 'DOMAIN' has an unrecognized Exchange signature. Current DomainPrep version: 13040.
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36586211
Hi,

According to a couple of blogs in Technet possible issue fix in SP1

check below Technet forum Thread

TechNet Forum Thread: 2010 ExBPA
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/0d76559d-946b-4915-a54a-ee3914081f2e

TechNet Forum Thread: Get-MailboxDatabase writing error
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/cb231da0-2b06-41ce-9f4a-f11d408cf07f/

-Gaurav
0
 
LVL 2

Author Comment

by:beridius
ID: 36586378
running sp1 has fixed it thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now