Exchange 2010 WinRM/Kerberos Error + Autodiscover


After previous team members STIG'd the Exchange environment here odd things started occuring that we can't seem to nail down the root cause of...

1. Management Tool Console (only functions on 1 server all other attempts have this error):
"The attempt to connect to http://SERVER.DOMAIN/PowerShell using "Kerberos" autehtncation failed: Connecting to the remote server failed with the following error message: The WinRM Client cannot complete the operation within the time specified.  Check is the machine name is valid and is reachabvle over the network and firewall exception for Windows Remote Management Service is enabled."
        I've created a specific Firewall rule to troubleshoot this, tied it to the service winrm and allowed all connections both in coming and out going for both the main server and the server attempting to connect to it.

2. Autodiscover will NOT stay functioning... seems like as soon as I get it to work it breaks a few days later.  There was no "Require SSL" set on the Autodiscover VD and once I set that and restarted IIS I was able to test OK, three days later it stops working for some reason and there have been no changes with Internal URL, DNS, etc and no event logs.  Just pops up a server unavailable error and then crashes outlook on second attempt to launch out of office.  The original testing of Autodiscover seemed like it wasn't able to resolve any URLs on the client side, once I put on SSL require for that Virtual Directory it would immediately and for a few days then it stopped working again .

I've looked at a lot of webpages out there and haven't found any that resolve my issue.  Google doesn't even pull up any I haven't seen yet.  

I will be doing the following tool but am awaiting approval and also am doubtful that it will help since MS's whitepaper on the exchange management connection issues don't apply at all to the error above.

I have downloaded and used and while it is a great tool it hasn't helped me.  

Any help would be greatly appreciated!

Exchange 2010 SP1 (SP2 install failed during last maintenance window, awaiting a new scheduled chance)
Windows Server 2008 R2 Ent SP1
Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
I would suggest that you do the following:

a. Reset the virtual directories. This is done through the management console on SP2, I think it is a new feature to SP2, so as you aren't on that you will have to do it the slow way.

b. Get the SSL certificate rekeyed. So create a new request through the wizard in Exchange and install the response.

The WINRM error is very common and is often an IIS issue, which can be SSL certificate related.

Exchange 2010 SP2 might fix a lot of the issues as that effectively reinstalls the product.

Stop the antivirus and reboot and check.
convergencetechAuthor Commented:
I have checked my WINRM config as well, here's a portion of what it says:
MaxEnvelopeSize = 150
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
 Basic TRUE
Digest = TRUE
Negotitate = True
Certificate = True
CredSSP = False
Default Ports:
HTTP = 5985
HTTPS = 5986
<a few lines not applicable to this I think and since I am typing it out I'm going to skip unless needed>
EnumerationTimeoutms = 60000
 Basic = Fase
Negotitate = True
Certificate = False
CredSSP = False
cbtHardeningLevel = Relaxed
AllowRemoteShellAccess = true

I did notice that the CertificateThumprint was blank and don't have another environment to look at to compare if they are all that way.

BTW- I only have 1 live environment Nowhere to test things...
convergencetechAuthor Commented:
I have actually gone as far as uninstalling the AV on both the Exchange server and the client to test Autodiscover and it had no affect.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.