Solved

Exchange 2013 Powershell Remoting Access Denied

Posted on 2013-12-27
11
2,054 Views
Last Modified: 2014-01-22
Hello ,


I have an Exchange 2013 CU2 Installation in a multirole enviroment. I have a problem with the powershell remoting. When i try the test-powershellconnectivity and use the Domain admin account i take " Access Denied" .

Any ideas about this ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
  • 7
  • 3
11 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39742558
To open a Exchange PowerShell session with PowerShell:

Make sure the executionpolicy on the server/workstation is set as “RemoteSigned“. If it’s not, execute: “set-executionpolicy remotesigned” in an PowerShell session with elevated rights (Run As Administrator).
“$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://%ExchangeServer%/PowerShell/ -Authentication Kerberos”. At %ExchangeServer% you have to fill in the name of the Exchange Server
If you need to connect with other credentials you can add “-Credential (Get-Credential)” at the end of the line. You will be asked to fill in you credentials.
Import-PSSession $session
0
 

Author Comment

by:Anestis Psomas
ID: 39742598
Thanks for your help but i want to use the test-powershellconnectivity because i want to test the Powershell Virtual Directory. It seems that its not working because of the access denied problem.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39742735
Hi, read to quickly,

What does c:\> winrm get winrm/config/client. output on TrustedHosts?

If the TrustedHosts is like "TrustedHosts = *", you need to change it to blank using the command

c:\> winrm set winrm/config/client @{TrustedHosts=""}
0
 

Author Comment

by:Anestis Psomas
ID: 39742867
Hello ,


Because i have 2 cas and 2 mbx servers , can you tell me please where i must run this ?

Thanks
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39742876
"client" always refers to the PC you are executing the cmdlet on. If you start in a remote session, it is that remote session, of course.
That change forces Kerberos authentication, which will only work in the same domain (forest / trust), so you are increasing (restoring) security, but might not be able to use remote sessions anymore from outside the domain.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Anestis Psomas
ID: 39742947
Here is the output i get ,

C:\Users\apsomas>winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts
0
 

Author Comment

by:Anestis Psomas
ID: 39743936
Any ideas please?


Thanks
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39743992
There is no output after trustedhosts?
0
 

Author Comment

by:Anestis Psomas
ID: 39744146
No its empty.
0
 

Accepted Solution

by:
Anestis Psomas earned 0 total points
ID: 39788205
Problem Solved after upgrading to CU3 .
0
 

Author Closing Comment

by:Anestis Psomas
ID: 39799432
Problem Solved after upgrading to CU3 . This is the solution because of a bug in powershell with multiple exchange servers.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
This video discusses moving either the default database or any database to a new volume.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now