SBS2011 Can't connect to EMC/EMS

Hi all,

I've been arguing with a server that I am assisting someone in fixing for a few hours now - and am nearly done fixing most of the issues - but the primary root of the problems still remains.  I can't launch the EMC or EMS, and EMShooter tells me the same thing over and over, with no recourse to resolve.  I've been over all the threads for SBS 2011 and Exchange 2010 on the topic, reviewed it all, and it just doesn't go anywhere.  There is one thing about the solution steps that is bothering me, and I am not sure it is relevant:

"The Exchange Management Troubleshooter indentified a problem that can be caused by several issues:

1. If the WSMan module entry is missing from the global modules section of the
C:\Windows\System32\Inetsrv\config\ApplicationHost.config file, as follows:

<globalModules>
           <add name="WSMan" image="C:\Windows\system32\wsmsvc.dll" />

This will result in the WSMan module displaying as a Managed module on the PowerShell virtual directory.

To correct this, make sure that the WSMan module has been registered (but not enabled) at the Server level, and has been enabled on the PowerShell virtual directory.  Confirm that the WSMan entry exists in the Global Section of the ApplicationHost.config file as shown above.

2. Remote PowerShell uses Kerberos to authenticate the user connecting.  IIS implements this Kerberos authentication method via a native module. In IIS Manager, if you go to the PowerShell Virtual Directory and then look at the Modules, you should see Kerbauth listed as a Native Module, with the dll location pointing to \Program Files\Microsoft\Exchange Server\v14\Bin\kerbauth.dll. If the Kerbauth module shows up as a Managed module instead of Native, or if the Kerbauth module has been loaded on the Default Web Site level (instead of, or in addition to, the PowerShell virtual directory), you can experience this issue. To correct this, make sure that the Kerbauth module is not enabled on the Default Web Site, but is only enabled on the PowerShell virtual directory.  The entry type of "Local" indicates that the Kerbauth module was enabled directly on this level, and not inherited from a parent.

3. The Path of the Powershell virtual directory has been modified.  The PowerShell virtual directory must point to the

"\Exchange Server\v14\ClientAccess\PowerShell"
"
The bold I have outlined above doesn't make sense.  I've reviewed everything else here and verified that all is fine, but still I can't get into EMS EMC.

Let me know if you have some clarification, or other ideas.  Thanks!
LVL 2
browningitSysadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

browningitSysadminAuthor Commented:
I realized I should tell some of the story - I walked into this situation to resolve issues with OWA, ActiveSync not working.  The other party was trying to resolve those issues on the SBS 2011 server, and removed IIS completely and re-installed it.  That caused a large amount of issues for him - and he got in touch with me.  I have restored all the missing pieces for IIS, resolved all error messages in applications logs, and upgrade from SP1 on Exchange to SP3 successfully.  I'm at the point now where I need EMS/EMC to continue moving forward.  If you need any other relevant, please just ask!
0
Gareth GudgerCommented:
So all the errors above still exist correct?

With regard to PowerShell have you tried recreating the PowerShell Virtual Directory?

Check out this thread on how to do that.
https://social.technet.microsoft.com/Forums/exchange/en-US/361e66a4-8de3-4143-acb5-7702ce813eee/how-to-reinstall-powershell-virtual-directory-in-iis-75-exchange-2010-sp1?forum=exchange2010
0
browningitSysadminAuthor Commented:
I ran this through awhile ago, to no avail.  I would be happy to try it again now, since a lot has changed since the time I ran it.  However, this particular article doesn't have the remove command that I did run last time.  Do you have that handy?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Gareth GudgerCommented:
You can just go into IIS and right-click delete the PowerShell Virtual Directory. Then use that command to recreate it.
0
browningitSysadminAuthor Commented:
I get an error running that this time:

"New-PowerShellVirtualDirectory : An error occurred while creating the IIS virtual directory 'IIS://name here
/W3SVC/1/ROOT/PowerShell' on 'name here'.
At line:1 char:31
+ New-PowerShellVirtualDirectory <<<<  -Name "PowerShell" -InternalURL "http://name here/powershell"
    + CategoryInfo          : InvalidOperation: (name here\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVir
   tualDirectory], InvalidOperationException
    + FullyQualifiedErrorId : 699FE3C6,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
   ctory"
0
Gareth GudgerCommented:
Did you change the URL from "name here"?

Did you add the snapins before running? To quote that article.
"Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010"
0
browningitSysadminAuthor Commented:
Haha, yea, and I am trying it with the 'import modules' run this time.  I edited the error for privacy.
0
browningitSysadminAuthor Commented:
Same error when I run it this time.

New-PowerShellVirtualDirectory : An error occurred while creating the IIS virtual directory 'IIS://.local
/W3SVC/1/ROOT/PowerShell' on ''.
At line:1 char:31
+ New-PowerShellVirtualDirectory <<<<  -Name "PowerShell" -InternalURL "http://.local/powershell"
    + CategoryInfo          : InvalidOperation: (\PowerShell (Default Web Site):ADObjectId) [New-PowerShellVir
   tualDirectory], InvalidOperationException
    + FullyQualifiedErrorId : 699FE3C6,Microsoft.Exchange.Management.SystemConfigurationTasks.NewPowerShellVirtualDire
   ctory
0
Gareth GudgerCommented:
Hmm... let's try this article.
http://www.petenetlive.com/KB/Article/0000700.htm
0
browningitSysadminAuthor Commented:
That's the commands I used last time!  Thanks for finding it again. Processing.
0
Gareth GudgerCommented:
Looks like Pete Long mentions using a specific PowerShell as well from the Admin menu.
0
browningitSysadminAuthor Commented:
No, I can't run the command for remove - since I already removed it in IIS and it provides and error stating it can't find it.  THen when I try to run Pete's command there for adding it, I get the same error listed above, line 1 Char 31 etc.

Last time I ran these commands, they worked fine.  At this moment I am now another step backward :)
0
Gareth GudgerCommented:
You may need to remove it from ADSI Edit.

Check this article. Specifically the section titled "Virtual Directory ‘PowerShell’ Already Exists" for instructions on how to remove with ADSI Edit. Then try the PowerShell to add it back.
http://supertekboy.com/2014/05/06/5-errors-upgrading-to-exchange-2010-sp3-and-how-to-fix-them/
0
browningitSysadminAuthor Commented:
Followed the ADSIEdit path - there was nothing to remove.  I decided to remove the -Proxy from IIS and ADSIEdit - rebooted server, hopped back into PowerShell - same error trying to run those commands now.  This is now 3 steps back.
0
Gareth GudgerCommented:
The weird part is that it is failing on the "-Name" switch. That is character position 31. So it recognizes the Cmdlet.

Sometimes I have seen problems with cut and pasting from the web. Characters look correct but get hosed up. Try typing out the entire command. No double space between the cmdlet and the hyphen right? Maybe drop the quotes from around PowerShell name. Doesn't need it because your name contains no spaces.
0
browningitSysadminAuthor Commented:
I never paste commands in, I always type them.  No double spaces here.
0
Gareth GudgerCommented:
Just ran into this article.

https://social.msdn.microsoft.com/Forums/exchange/en-US/a5ba42b7-c89f-480b-b7ae-39da1d8004cf/error-with-ecp-and-newpowershellvirtualdirectory

They ran New-PowerShellVirtualDirectory -Name "PowerShell (Default Web Site)"
0
browningitSysadminAuthor Commented:
That worked, now I have to worry about the Proxy one.
0
browningitSysadminAuthor Commented:
I also opened up EMS to get a new error:


         Welcome to the Exchange Management Shell!


[.local] Connecting to remote server failed with the following error message : The WinRM client received
an HTTP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troublesho
oting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
0
Gareth GudgerCommented:
Check this article. Looks like you need to disable SSL.
https://support.microsoft.com/kb/2276957?wa=wsignin1.0
0
browningitSysadminAuthor Commented:
Disabled SSL, then tried to set the authentication to anonymous, and removed the basic option resetting IIS each time I changed something.  Still not able to connect to EMS/EMC.

I'm working on reviewing this part of one of the links posted:

"Okay, had to use IIS6 metabase explorer and renamed "powershell (default web site)" to powershell and now EMC + EMS seem to work.

I really hope this helps someone. "

Thing is, I don't have the metabase explorer installed (at least I don't think) let alone know how to use it.  Copying it to the server now.
0
Gareth GudgerCommented:
Hmm. Would have thought disabling SSL and doing an IISRESET would have done it.

I saw that comment as well. Don't think I have ever had to do that before.
0
browningitSysadminAuthor Commented:
For any poor soul who went this far down the rabbit hole - if you get to the point where you are renaming the Virtual directory with IIS Metabase Explorer, you'll end up back where you started (see:  "The WinRM client cannot process the request.  It cannot determine the content type of the HTTP response from the destination computer."), but this is where you find it:

Connect to your local server
Expand LM
Expand W3SVC
Expand 1
Expand ROOT
Find appropriate entries, rename them and the keys within to relevant folder name (my situation: remove "default web site" content.

So - now I am back to where I started.  I can't connect to EMS/EMC, after doing all of the above and dozens of other fixes, with no new leads to go on.  Current error:   "The WinRM client cannot process the request.  It cannot determine the content type of the HTTP response from the destination computer."
0
browningitSysadminAuthor Commented:
I just found this article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_12169-Exchange-2010-EMC-error-The-WinRM-client-cannot-process-the-request-It-cannot-determine-the-content-type-of-the-HTTP-response-from-the-destination-computer.html

I read it, and found this information relevant:

" Browsed https://localhost/PowerShell using IE and got error "  After that - the article doesn't show the same error I do.  I instead have:

"HTTP Error 500.0 - Internal Server Error
Module "kerbauth" could not be found"

Interesting, no idea how to proceed on that, and continuing to research.
0
browningitSysadminAuthor Commented:
Success!  I fixed it!  Editing this comment in a moment to show last steps followed.

I found this post, as I continued down my rabbit hole here.  Literally 10 hours into this project of fixing someone who removed IIS from an SBS 2011 server, and reinstalled it

Link:

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_27473256.html

The above person noted some interesting things here:

"Well I think the root cause of it all was someone or something tried to install a 32 bit application on IIS which caused all of these errors.  I disabled the ability of IIS to run 32 bit applications via editing this configuration parameter in applicationHost.config (under <system.applicationHost><applicationPools>):"

But that ties into the links in this article, that he mentions:

http://www.mosmar.com.au/chris-blog/2011/3/15/taking-care-of-bitness-or-how-to-run-a-32-bit-app-with-owa-2.html

And I had applied these fixes in the above article as well to see if they would work for me (since this is a new server and I was flying blind).

I remove the content that this link stated:

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_27473256.html

<applicationPoolDefaults enable32BitAppOnWin64="true">

                                         


to:
<applicationPoolDefaults>

                                         
Saved the file, ran IISReset, then refreshed the https://localhost/PowerShell, and noted that I got "Access Denied" (the expected result!

I checked EMS, and it took ages (normal I suppose) but it loaded.  Now that I am done all this typing, I'm about to launch EMC and see where I get!

Cheers, and thanks for the assistance Gareth.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gareth GudgerCommented:
Glad you got it resolved!
0
browningitSysadminAuthor Commented:
Relevant chain of events to proceed with based on errors discovered during
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.