Solved

Exchange 2013 Powershell Remoting Access Denied

Posted on 2013-12-27
11
2,151 Views
Last Modified: 2014-01-22
Hello ,


I have an Exchange 2013 CU2 Installation in a multirole enviroment. I have a problem with the powershell remoting. When i try the test-powershellconnectivity and use the Domain admin account i take " Access Denied" .

Any ideas about this ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39742558
To open a Exchange PowerShell session with PowerShell:

Make sure the executionpolicy on the server/workstation is set as “RemoteSigned“. If it’s not, execute: “set-executionpolicy remotesigned” in an PowerShell session with elevated rights (Run As Administrator).
“$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://%ExchangeServer%/PowerShell/ -Authentication Kerberos”. At %ExchangeServer% you have to fill in the name of the Exchange Server
If you need to connect with other credentials you can add “-Credential (Get-Credential)” at the end of the line. You will be asked to fill in you credentials.
Import-PSSession $session
0
 

Author Comment

by:Anestis Psomas
ID: 39742598
Thanks for your help but i want to use the test-powershellconnectivity because i want to test the Powershell Virtual Directory. It seems that its not working because of the access denied problem.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39742735
Hi, read to quickly,

What does c:\> winrm get winrm/config/client. output on TrustedHosts?

If the TrustedHosts is like "TrustedHosts = *", you need to change it to blank using the command

c:\> winrm set winrm/config/client @{TrustedHosts=""}
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Anestis Psomas
ID: 39742867
Hello ,


Because i have 2 cas and 2 mbx servers , can you tell me please where i must run this ?

Thanks
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39742876
"client" always refers to the PC you are executing the cmdlet on. If you start in a remote session, it is that remote session, of course.
That change forces Kerberos authentication, which will only work in the same domain (forest / trust), so you are increasing (restoring) security, but might not be able to use remote sessions anymore from outside the domain.
0
 

Author Comment

by:Anestis Psomas
ID: 39742947
Here is the output i get ,

C:\Users\apsomas>winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts
0
 

Author Comment

by:Anestis Psomas
ID: 39743936
Any ideas please?


Thanks
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39743992
There is no output after trustedhosts?
0
 

Author Comment

by:Anestis Psomas
ID: 39744146
No its empty.
0
 

Accepted Solution

by:
Anestis Psomas earned 0 total points
ID: 39788205
Problem Solved after upgrading to CU3 .
0
 

Author Closing Comment

by:Anestis Psomas
ID: 39799432
Problem Solved after upgrading to CU3 . This is the solution because of a bug in powershell with multiple exchange servers.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question