Solved

Exchange 2013 Powershell Remoting Access Denied

Posted on 2013-12-27
11
2,085 Views
Last Modified: 2014-01-22
Hello ,


I have an Exchange 2013 CU2 Installation in a multirole enviroment. I have a problem with the powershell remoting. When i try the test-powershellconnectivity and use the Domain admin account i take " Access Denied" .

Any ideas about this ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
  • 7
  • 3
11 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39742558
To open a Exchange PowerShell session with PowerShell:

Make sure the executionpolicy on the server/workstation is set as “RemoteSigned“. If it’s not, execute: “set-executionpolicy remotesigned” in an PowerShell session with elevated rights (Run As Administrator).
“$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://%ExchangeServer%/PowerShell/ -Authentication Kerberos”. At %ExchangeServer% you have to fill in the name of the Exchange Server
If you need to connect with other credentials you can add “-Credential (Get-Credential)” at the end of the line. You will be asked to fill in you credentials.
Import-PSSession $session
0
 

Author Comment

by:Anestis Psomas
ID: 39742598
Thanks for your help but i want to use the test-powershellconnectivity because i want to test the Powershell Virtual Directory. It seems that its not working because of the access denied problem.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39742735
Hi, read to quickly,

What does c:\> winrm get winrm/config/client. output on TrustedHosts?

If the TrustedHosts is like "TrustedHosts = *", you need to change it to blank using the command

c:\> winrm set winrm/config/client @{TrustedHosts=""}
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Anestis Psomas
ID: 39742867
Hello ,


Because i have 2 cas and 2 mbx servers , can you tell me please where i must run this ?

Thanks
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39742876
"client" always refers to the PC you are executing the cmdlet on. If you start in a remote session, it is that remote session, of course.
That change forces Kerberos authentication, which will only work in the same domain (forest / trust), so you are increasing (restoring) security, but might not be able to use remote sessions anymore from outside the domain.
0
 

Author Comment

by:Anestis Psomas
ID: 39742947
Here is the output i get ,

C:\Users\apsomas>winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts
0
 

Author Comment

by:Anestis Psomas
ID: 39743936
Any ideas please?


Thanks
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39743992
There is no output after trustedhosts?
0
 

Author Comment

by:Anestis Psomas
ID: 39744146
No its empty.
0
 

Accepted Solution

by:
Anestis Psomas earned 0 total points
ID: 39788205
Problem Solved after upgrading to CU3 .
0
 

Author Closing Comment

by:Anestis Psomas
ID: 39799432
Problem Solved after upgrading to CU3 . This is the solution because of a bug in powershell with multiple exchange servers.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question