Solved

Exchange 2013 Powershell Remoting Access Denied

Posted on 2013-12-27
11
2,097 Views
Last Modified: 2014-01-22
Hello ,


I have an Exchange 2013 CU2 Installation in a multirole enviroment. I have a problem with the powershell remoting. When i try the test-powershellconnectivity and use the Domain admin account i take " Access Denied" .

Any ideas about this ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
  • 7
  • 3
11 Comments
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39742558
To open a Exchange PowerShell session with PowerShell:

Make sure the executionpolicy on the server/workstation is set as “RemoteSigned“. If it’s not, execute: “set-executionpolicy remotesigned” in an PowerShell session with elevated rights (Run As Administrator).
“$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://%ExchangeServer%/PowerShell/ -Authentication Kerberos”. At %ExchangeServer% you have to fill in the name of the Exchange Server
If you need to connect with other credentials you can add “-Credential (Get-Credential)” at the end of the line. You will be asked to fill in you credentials.
Import-PSSession $session
0
 

Author Comment

by:Anestis Psomas
ID: 39742598
Thanks for your help but i want to use the test-powershellconnectivity because i want to test the Powershell Virtual Directory. It seems that its not working because of the access denied problem.
0
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39742735
Hi, read to quickly,

What does c:\> winrm get winrm/config/client. output on TrustedHosts?

If the TrustedHosts is like "TrustedHosts = *", you need to change it to blank using the command

c:\> winrm set winrm/config/client @{TrustedHosts=""}
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Anestis Psomas
ID: 39742867
Hello ,


Because i have 2 cas and 2 mbx servers , can you tell me please where i must run this ?

Thanks
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39742876
"client" always refers to the PC you are executing the cmdlet on. If you start in a remote session, it is that remote session, of course.
That change forces Kerberos authentication, which will only work in the same domain (forest / trust), so you are increasing (restoring) security, but might not be able to use remote sessions anymore from outside the domain.
0
 

Author Comment

by:Anestis Psomas
ID: 39742947
Here is the output i get ,

C:\Users\apsomas>winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts
0
 

Author Comment

by:Anestis Psomas
ID: 39743936
Any ideas please?


Thanks
0
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39743992
There is no output after trustedhosts?
0
 

Author Comment

by:Anestis Psomas
ID: 39744146
No its empty.
0
 

Accepted Solution

by:
Anestis Psomas earned 0 total points
ID: 39788205
Problem Solved after upgrading to CU3 .
0
 

Author Closing Comment

by:Anestis Psomas
ID: 39799432
Problem Solved after upgrading to CU3 . This is the solution because of a bug in powershell with multiple exchange servers.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question