evetsleep
asked on
Exchange PowerShell remoting unable to reconnect in certain offices.
So I am kind of at a loss on this one and thought I'd reach out. I have a couple IT administrators in an international location who can't connect to Exchange to do remoting from their workstations, but they CAN from RDP sessions to machines that are in our headquarters. When using the simplified below code to connect to Exchange:
It connects fine and allows them to execute a few Exchange commands and then the PSSession breaks and when it goes to reconnect they get this error:
New-PSSession : [<serverName] Connecting to remote server <serverName> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooti ng Help topic.
At line:1 char:6
+ $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http:// ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
+ CategoryInfo : OpenError: (System.Manageme....Remote Runspace) [New-PSSession], PSRemotingTransportExcepti on
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpen Failed
What's interesting is that the initial session with the Exchange servers (version 2010 and 2013 report this..so PSv2 and v3) works just fine and it's only after the PSSession is broken is when this becomes an issue, so it's not a case where the user has rights.
The issues doesn't appear to be account specific since I can RDP into a computer in this office and experience the same problem even though from my normal workstation either across a VPN or even through a server in the central office it works just fine.
So I'm stuck on this one. This issue is effecting all of the IT folks in this international office who need to run Exchange cmdlets via remoting so it seems to be tied to the office (which makes me think it's a networking thing, but it only happens with Exchange remoting and only when the session is broken and the re-connection code is called).
Any ideas?
$server = '<serverName>'
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://$server/PowerShell/" -Authentication Kerberos
Import-PSSession $s
It connects fine and allows them to execute a few Exchange commands and then the PSSession breaks and when it goes to reconnect they get this error:
New-PSSession : [<serverName] Connecting to remote server <serverName> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooti
At line:1 char:6
+ $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http:// ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....Remote
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpen
What's interesting is that the initial session with the Exchange servers (version 2010 and 2013 report this..so PSv2 and v3) works just fine and it's only after the PSSession is broken is when this becomes an issue, so it's not a case where the user has rights.
The issues doesn't appear to be account specific since I can RDP into a computer in this office and experience the same problem even though from my normal workstation either across a VPN or even through a server in the central office it works just fine.
So I'm stuck on this one. This issue is effecting all of the IT folks in this international office who need to run Exchange cmdlets via remoting so it seems to be tied to the office (which makes me think it's a networking thing, but it only happens with Exchange remoting and only when the session is broken and the re-connection code is called).
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The 401 is probably coming from the optimizer.
-JJ
-JJ
ASKER
Jamie you were right. I had the network folks put in an exclusion for the test host I was using where I could reproduce this 100% of the time after they told me there was a WAN optimizer in place. After they did that the problem went away. Now I just need to work with them to find out what kind of large scale solution we can put into place so that Kerberos authorization can work over HTTP with PowerShell. Thanks!
ASKER