Solved

SBS2011 Can't connect to EMC/EMS

Posted on 2014-11-15
27
298 Views
Last Modified: 2014-11-21
Hi all,

I've been arguing with a server that I am assisting someone in fixing for a few hours now - and am nearly done fixing most of the issues - but the primary root of the problems still remains.  I can't launch the EMC or EMS, and EMShooter tells me the same thing over and over, with no recourse to resolve.  I've been over all the threads for SBS 2011 and Exchange 2010 on the topic, reviewed it all, and it just doesn't go anywhere.  There is one thing about the solution steps that is bothering me, and I am not sure it is relevant:

"The Exchange Management Troubleshooter indentified a problem that can be caused by several issues:

1. If the WSMan module entry is missing from the global modules section of the
C:\Windows\System32\Inetsrv\config\ApplicationHost.config file, as follows:

<globalModules>
           <add name="WSMan" image="C:\Windows\system32\wsmsvc.dll" />

This will result in the WSMan module displaying as a Managed module on the PowerShell virtual directory.

To correct this, make sure that the WSMan module has been registered (but not enabled) at the Server level, and has been enabled on the PowerShell virtual directory.  Confirm that the WSMan entry exists in the Global Section of the ApplicationHost.config file as shown above.

2. Remote PowerShell uses Kerberos to authenticate the user connecting.  IIS implements this Kerberos authentication method via a native module. In IIS Manager, if you go to the PowerShell Virtual Directory and then look at the Modules, you should see Kerbauth listed as a Native Module, with the dll location pointing to \Program Files\Microsoft\Exchange Server\v14\Bin\kerbauth.dll. If the Kerbauth module shows up as a Managed module instead of Native, or if the Kerbauth module has been loaded on the Default Web Site level (instead of, or in addition to, the PowerShell virtual directory), you can experience this issue. To correct this, make sure that the Kerbauth module is not enabled on the Default Web Site, but is only enabled on the PowerShell virtual directory.  The entry type of "Local" indicates that the Kerbauth module was enabled directly on this level, and not inherited from a parent.

3. The Path of the Powershell virtual directory has been modified.  The PowerShell virtual directory must point to the

"\Exchange Server\v14\ClientAccess\PowerShell"
"
The bold I have outlined above doesn't make sense.  I've reviewed everything else here and verified that all is fine, but still I can't get into EMS EMC.

Let me know if you have some clarification, or other ideas.  Thanks!
0
Comment
Question by:browningit
  • 16
  • 11
27 Comments
 
LVL 2

Author Comment

by:browningit
Comment Utility
I realized I should tell some of the story - I walked into this situation to resolve issues with OWA, ActiveSync not working.  The other party was trying to resolve those issues on the SBS 2011 server, and removed IIS completely and re-installed it.  That caused a large amount of issues for him - and he got in touch with me.  I have restored all the missing pieces for IIS, resolved all error messages in applications logs, and upgrade from SP1 on Exchange to SP3 successfully.  I'm at the point now where I need EMS/EMC to continue moving forward.  If you need any other relevant, please just ask!
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
So all the errors above still exist correct?

With regard to PowerShell have you tried recreating the PowerShell Virtual Directory?

Check out this thread on how to do that.
https://social.technet.microsoft.com/Forums/exchange/en-US/361e66a4-8de3-4143-acb5-7702ce813eee/how-to-reinstall-powershell-virtual-directory-in-iis-75-exchange-2010-sp1?forum=exchange2010
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
I ran this through awhile ago, to no avail.  I would be happy to try it again now, since a lot has changed since the time I ran it.  However, this particular article doesn't have the remove command that I did run last time.  Do you have that handy?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
You can just go into IIS and right-click delete the PowerShell Virtual Directory. Then use that command to recreate it.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
I get an error running that this time:

"New-PowerShellVirtualDirectory : An error occurred while creating the IIS virtual directory 'IIS://name here
/W3SVC/1/ROOT/PowerShell' on 'name here'.
At line:1 char:31
+ New-PowerShellVirtualDirectory <<<<  -Name "PowerShell" -InternalURL "http://name here/powershell"
    + CategoryInfo          : InvalidOperation: (name here\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVir
   tualDirectory], InvalidOperationException
    + FullyQualifiedErrorId : 699FE3C6,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
   ctory"
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Did you change the URL from "name here"?

Did you add the snapins before running? To quote that article.
"Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010"
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
Haha, yea, and I am trying it with the 'import modules' run this time.  I edited the error for privacy.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
Same error when I run it this time.

New-PowerShellVirtualDirectory : An error occurred while creating the IIS virtual directory 'IIS://.local
/W3SVC/1/ROOT/PowerShell' on ''.
At line:1 char:31
+ New-PowerShellVirtualDirectory <<<<  -Name "PowerShell" -InternalURL "http://.local/powershell"
    + CategoryInfo          : InvalidOperation: (\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVir
   tualDirectory], InvalidOperationException
    + FullyQualifiedErrorId : 699FE3C6,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
   ctory
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Hmm... let's try this article.
http://www.petenetlive.com/KB/Article/0000700.htm
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
That's the commands I used last time!  Thanks for finding it again. Processing.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Looks like Pete Long mentions using a specific PowerShell as well from the Admin menu.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
No, I can't run the command for remove - since I already removed it in IIS and it provides and error stating it can't find it.  THen when I try to run Pete's command there for adding it, I get the same error listed above, line 1 Char 31 etc.

Last time I ran these commands, they worked fine.  At this moment I am now another step backward :)
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
You may need to remove it from ADSI Edit.

Check this article. Specifically the section titled "Virtual Directory ‘PowerShell’ Already Exists" for instructions on how to remove with ADSI Edit. Then try the PowerShell to add it back.
http://supertekboy.com/2014/05/06/5-errors-upgrading-to-exchange-2010-sp3-and-how-to-fix-them/
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 2

Author Comment

by:browningit
Comment Utility
Followed the ADSIEdit path - there was nothing to remove.  I decided to remove the -Proxy from IIS and ADSIEdit - rebooted server, hopped back into PowerShell - same error trying to run those commands now.  This is now 3 steps back.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
The weird part is that it is failing on the "-Name" switch. That is character position 31. So it recognizes the Cmdlet.

Sometimes I have seen problems with cut and pasting from the web. Characters look correct but get hosed up. Try typing out the entire command. No double space between the cmdlet and the hyphen right? Maybe drop the quotes from around PowerShell name. Doesn't need it because your name contains no spaces.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
I never paste commands in, I always type them.  No double spaces here.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Just ran into this article.

https://social.msdn.microsoft.com/Forums/exchange/en-US/a5ba42b7-c89f-480b-b7ae-39da1d8004cf/error-with-ecp-and-newpowershellvirtualdirectory

They ran New-PowerShellVirtualDirectory -Name "PowerShell (Default Web Site)"
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
That worked, now I have to worry about the Proxy one.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
I also opened up EMS to get a new error:


         Welcome to the Exchange Management Shell!


[.local] Connecting to remote server failed with the following error message : The WinRM client received
an HTTP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troublesho
oting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Check this article. Looks like you need to disable SSL.
https://support.microsoft.com/kb/2276957?wa=wsignin1.0
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
Disabled SSL, then tried to set the authentication to anonymous, and removed the basic option resetting IIS each time I changed something.  Still not able to connect to EMS/EMC.

I'm working on reviewing this part of one of the links posted:

"Okay, had to use IIS6 metabase explorer and renamed "powershell (default web site)" to powershell and now EMC + EMS seem to work.

I really hope this helps someone. "

Thing is, I don't have the metabase explorer installed (at least I don't think) let alone know how to use it.  Copying it to the server now.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Hmm. Would have thought disabling SSL and doing an IISRESET would have done it.

I saw that comment as well. Don't think I have ever had to do that before.
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
For any poor soul who went this far down the rabbit hole - if you get to the point where you are renaming the Virtual directory with IIS Metabase Explorer, you'll end up back where you started (see:  "The WinRM client cannot process the request.  It cannot determine the content type of the HTTP response from the destination computer."), but this is where you find it:

Connect to your local server
Expand LM
Expand W3SVC
Expand 1
Expand ROOT
Find appropriate entries, rename them and the keys within to relevant folder name (my situation: remove "default web site" content.

So - now I am back to where I started.  I can't connect to EMS/EMC, after doing all of the above and dozens of other fixes, with no new leads to go on.  Current error:   "The WinRM client cannot process the request.  It cannot determine the content type of the HTTP response from the destination computer."
0
 
LVL 2

Author Comment

by:browningit
Comment Utility
I just found this article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_12169-Exchange-2010-EMC-error-The-WinRM-client-cannot-process-the-request-It-cannot-determine-the-content-type-of-the-HTTP-response-from-the-destination-computer.html

I read it, and found this information relevant:

" Browsed https://localhost/PowerShell using IE and got error "  After that - the article doesn't show the same error I do.  I instead have:

"HTTP Error 500.0 - Internal Server Error
Module "kerbauth" could not be found"

Interesting, no idea how to proceed on that, and continuing to research.
0
 
LVL 2

Accepted Solution

by:
browningit earned 0 total points
Comment Utility
Success!  I fixed it!  Editing this comment in a moment to show last steps followed.

I found this post, as I continued down my rabbit hole here.  Literally 10 hours into this project of fixing someone who removed IIS from an SBS 2011 server, and reinstalled it

Link:

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_27473256.html

The above person noted some interesting things here:

"Well I think the root cause of it all was someone or something tried to install a 32 bit application on IIS which caused all of these errors.  I disabled the ability of IIS to run 32 bit applications via editing this configuration parameter in applicationHost.config (under <system.applicationHost><applicationPools>):"

But that ties into the links in this article, that he mentions:

http://www.mosmar.com.au/chris-blog/2011/3/15/taking-care-of-bitness-or-how-to-run-a-32-bit-app-with-owa-2.html

And I had applied these fixes in the above article as well to see if they would work for me (since this is a new server and I was flying blind).

I remove the content that this link stated:

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_27473256.html

<applicationPoolDefaults enable32BitAppOnWin64="true">

                                         


to:
<applicationPoolDefaults>

                                         
Saved the file, ran IISReset, then refreshed the https://localhost/PowerShell, and noted that I got "Access Denied" (the expected result!

I checked EMS, and it took ages (normal I suppose) but it loaded.  Now that I am done all this typing, I'm about to launch EMC and see where I get!

Cheers, and thanks for the assistance Gareth.
0
 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 500 total points
Comment Utility
Glad you got it resolved!
0
 
LVL 2

Author Closing Comment

by:browningit
Comment Utility
Relevant chain of events to proceed with based on errors discovered during
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now