Unable to open Managment Console & Managment Shell, Exchange 2010

Hello All,

I'm still fairly new to the Sysadmin gig, and have come across an issue on my MS Exchange 2010, running on Server 2008 R2 VM.

Currently, I'm Unable to access the Management Console & Management Shell. There does not appear to be any service disruption to users using mail, however, I can't get in to manage them.

I'v done some research on the errors, however, don't seem to be able to locate the exact wording of my errors with any helpful recommendations.

Here is the error when I open Exchange Management Shell:

VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
 (mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
 (mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
 (mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.:


Here is the error when I open Exchange Management Console:


Initialization failed

The following error occured while searching for the on-premises Exchange server:

[mail.domain.ca] Connecting to remote server failed with the following error message: The WinRM client cannot process the request. The WinRM client tried to use kerberos authentication mechanism to be used or specified one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisims reported by server: For more informaiton, see the about_Remote_troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true-SuppressError $true -CurrentVersion 'Version 14.2 (Build 247.5)".


Any help or recommendations would be great!

Thanks,
rshewfeltAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rshewfeltAuthor Commented:
Hey KB,

Thanks for the Reply. I skimmed through those earlier, and started with the EMTshooter and received the following:


Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
 this script can potentially harm your computer. Do you want to run
C:\EMTshooter\EMTshooter.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r
The user account that is attempting to connect is not Remote PowerShell
enabled. To check if a user is enabled for Remote PowerShell, you need to open
the Exchange Management Shell with an account that has been enabled,
and run the following query:

(Get-User <username>).RemotePowershellEnabled

This will return a True or False. If the output shows False,
the user is not enabled for Remote PowerShell. To enable the user,
run the following command:

Set-User <username> -RemotePowerShellEnabled True

[EMTS] C:\Windows\System32\WindowsPowerShell\v1.0>



However, this is where its tossing me for a loop. I cant access EMS to confirm my user is enabled. This particular user had worked without issue for me for the last 9 months. However, the other day stopped working without changes being made.

Any other way to check the user without EMS?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

K BCommented:
regular powershell on your domain controller
import-module activedirectory
0
rshewfeltAuthor Commented:
I think I may be missing a step?

PS C:\Users\richard> import-module activedirectory
PS C:\Users\richard> (Get-User <richard>).RemotePowershellEnabled
The '<' operator is reserved for future use.
At line:1 char:12
+ (Get-User < <<<< richard>).RemotePowershellEnabled
    + CategoryInfo          : ParserError: (<:OperatorToken) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RedirectionNotSupported

PS C:\Users\richard> (Get-User richard).RemotePowershellEnabled
The term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the sp
elling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:10
+ (Get-User <<<<  richard).RemotePowershellEnabled
    + CategoryInfo          : ObjectNotFound: (Get-User:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
K BCommented:
Apologies I misread.
Use the second option (user name)

 https://technet.microsoft.com/en-us/library/dd297932.aspx
0
K BCommented:
"User account" not "user name"
Sorry I'm on my phone and its super late.
0
rshewfeltAuthor Commented:
No worries!

Ran from the DC, and get the following:

PS C:\Users\richard> $UserCredential = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\richard> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mai
l.domain.ca/PowerShell/ -Authentication Kerberos -Credential $UserCredential
[mail.universalproperties.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The authentication mechanism requested by the client is not supported by the server or unencr
ypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configura
tion or specify one of the authentication mechanisms supported by the server.  To use Kerberos, specify the computer na
me as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
 To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name
and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Trouble
shooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
   eption
    + FullyQualifiedErrorId : PSSessionOpenFailed
0
eitan84Commented:
hi to Fix it you need to Fix the time on this server and all the DC that you have
restart the master dc and after that the exchnage

don't forget to check DNS that correct
0
rshewfeltAuthor Commented:
Hey Eitan,

The original issue started with a time discrepancy between the DC / Exchange. However I disabled ESXi from giving time to Exchange, and forced it to pull from the DC.

This issue I was able to get resolved with Microsoft however.

The issue was a missing drive letter in physical path for powershell within IIS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rshewfeltAuthor Commented:
Consulted Microsoft Support.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.