Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2013 Powershell Remoting Access Denied

Posted on 2013-12-27
11
Medium Priority
?
2,364 Views
Last Modified: 2014-01-22
Hello ,


I have an Exchange 2013 CU2 Installation in a multirole enviroment. I have a problem with the powershell remoting. When i try the test-powershellconnectivity and use the Domain admin account i take " Access Denied" .

Any ideas about this ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
  • 7
  • 3
11 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39742558
To open a Exchange PowerShell session with PowerShell:

Make sure the executionpolicy on the server/workstation is set as “RemoteSigned“. If it’s not, execute: “set-executionpolicy remotesigned” in an PowerShell session with elevated rights (Run As Administrator).
“$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://%ExchangeServer%/PowerShell/ -Authentication Kerberos”. At %ExchangeServer% you have to fill in the name of the Exchange Server
If you need to connect with other credentials you can add “-Credential (Get-Credential)” at the end of the line. You will be asked to fill in you credentials.
Import-PSSession $session
0
 

Author Comment

by:Anestis Psomas
ID: 39742598
Thanks for your help but i want to use the test-powershellconnectivity because i want to test the Powershell Virtual Directory. It seems that its not working because of the access denied problem.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39742735
Hi, read to quickly,

What does c:\> winrm get winrm/config/client. output on TrustedHosts?

If the TrustedHosts is like "TrustedHosts = *", you need to change it to blank using the command

c:\> winrm set winrm/config/client @{TrustedHosts=""}
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:Anestis Psomas
ID: 39742867
Hello ,


Because i have 2 cas and 2 mbx servers , can you tell me please where i must run this ?

Thanks
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 39742876
"client" always refers to the PC you are executing the cmdlet on. If you start in a remote session, it is that remote session, of course.
That change forces Kerberos authentication, which will only work in the same domain (forest / trust), so you are increasing (restoring) security, but might not be able to use remote sessions anymore from outside the domain.
0
 

Author Comment

by:Anestis Psomas
ID: 39742947
Here is the output i get ,

C:\Users\apsomas>winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts
0
 

Author Comment

by:Anestis Psomas
ID: 39743936
Any ideas please?


Thanks
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39743992
There is no output after trustedhosts?
0
 

Author Comment

by:Anestis Psomas
ID: 39744146
No its empty.
0
 

Accepted Solution

by:
Anestis Psomas earned 0 total points
ID: 39788205
Problem Solved after upgrading to CU3 .
0
 

Author Closing Comment

by:Anestis Psomas
ID: 39799432
Problem Solved after upgrading to CU3 . This is the solution because of a bug in powershell with multiple exchange servers.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question