rshewfelt
asked on
Unable to open Managment Console & Managment Shell, Exchange 2010
Hello All,
I'm still fairly new to the Sysadmin gig, and have come across an issue on my MS Exchange 2010, running on Server 2008 R2 VM.
Currently, I'm Unable to access the Management Console & Management Shell. There does not appear to be any service disruption to users using mail, however, I can't get in to manage them.
I'v done some research on the errors, however, don't seem to be able to locate the exact wording of my errors with any helpful recommendations.
Here is the error when I open Exchange Management Shell:
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.:
Here is the error when I open Exchange Management Console:
Initialization failed
The following error occured while searching for the on-premises Exchange server:
[mail.domain.ca] Connecting to remote server failed with the following error message: The WinRM client cannot process the request. The WinRM client tried to use kerberos authentication mechanism to be used or specified one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisims reported by server: For more informaiton, see the about_Remote_troubleshooti
Any help or recommendations would be great!
Thanks,
I'm still fairly new to the Sysadmin gig, and have come across an issue on my MS Exchange 2010, running on Server 2008 R2 VM.
Currently, I'm Unable to access the Management Console & Management Shell. There does not appear to be any service disruption to users using mail, however, I can't get in to manage them.
I'v done some research on the errors, however, don't seem to be able to locate the exact wording of my errors with any helpful recommendations.
Here is the error when I open Exchange Management Shell:
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
VERBOSE: Connecting to mail.domain.ca
[mail.domain.ca] Connecting to remote server failed with the following error message : The WinRM client ca
nnot process the request. The WinRM client tried to use Kerberos authentication mechanism, but the destination computer
(mail.domain.ca:80) returned an 'access denied' error. Change the configuration to allow Kerberos authent
ication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos,
specify the local computer name as the remote destination. Also verify that the client computer and the destination com
puter are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic au
thentication and provide user name and password. Possible authentication mechanisms reported by server: For more inform
ation, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.:
Here is the error when I open Exchange Management Console:
Initialization failed
The following error occured while searching for the on-premises Exchange server:
[mail.domain.ca] Connecting to remote server failed with the following error message: The WinRM client cannot process the request. The WinRM client tried to use kerberos authentication mechanism to be used or specified one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisims reported by server: For more informaiton, see the about_Remote_troubleshooti
Any help or recommendations would be great!
Thanks,
ASKER
Hey KB,
Thanks for the Reply. I skimmed through those earlier, and started with the EMTshooter and received the following:
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
this script can potentially harm your computer. Do you want to run
C:\EMTshooter\EMTshooter.p
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): r
The user account that is attempting to connect is not Remote PowerShell
enabled. To check if a user is enabled for Remote PowerShell, you need to open
the Exchange Management Shell with an account that has been enabled,
and run the following query:
(Get-User <username>).RemotePowershe
This will return a True or False. If the output shows False,
the user is not enabled for Remote PowerShell. To enable the user,
run the following command:
Set-User <username> -RemotePowerShellEnabled True
[EMTS] C:\Windows\System32\Window
However, this is where its tossing me for a loop. I cant access EMS to confirm my user is enabled. This particular user had worked without issue for me for the last 9 months. However, the other day stopped working without changes being made.
Any other way to check the user without EMS?
Thanks for the Reply. I skimmed through those earlier, and started with the EMTshooter and received the following:
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful,
this script can potentially harm your computer. Do you want to run
C:\EMTshooter\EMTshooter.p
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): r
The user account that is attempting to connect is not Remote PowerShell
enabled. To check if a user is enabled for Remote PowerShell, you need to open
the Exchange Management Shell with an account that has been enabled,
and run the following query:
(Get-User <username>).RemotePowershe
This will return a True or False. If the output shows False,
the user is not enabled for Remote PowerShell. To enable the user,
run the following command:
Set-User <username> -RemotePowerShellEnabled True
[EMTS] C:\Windows\System32\Window
However, this is where its tossing me for a loop. I cant access EMS to confirm my user is enabled. This particular user had worked without issue for me for the last 9 months. However, the other day stopped working without changes being made.
Any other way to check the user without EMS?
regular powershell on your domain controller
import-module activedirectory
import-module activedirectory
ASKER
I think I may be missing a step?
PS C:\Users\richard> import-module activedirectory
PS C:\Users\richard> (Get-User <richard>).RemotePowershel
The '<' operator is reserved for future use.
At line:1 char:12
+ (Get-User < <<<< richard>).RemotePowershell
+ CategoryInfo : ParserError: (<:OperatorToken) [], ParentContainsErrorRecordE
+ FullyQualifiedErrorId : RedirectionNotSupported
PS C:\Users\richard> (Get-User richard).RemotePowershellE
The term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the sp
elling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:10
+ (Get-User <<<< richard).RemotePowershellE
+ CategoryInfo : ObjectNotFound: (Get-User:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\richard> import-module activedirectory
PS C:\Users\richard> (Get-User <richard>).RemotePowershel
The '<' operator is reserved for future use.
At line:1 char:12
+ (Get-User < <<<< richard>).RemotePowershell
+ CategoryInfo : ParserError: (<:OperatorToken) [], ParentContainsErrorRecordE
+ FullyQualifiedErrorId : RedirectionNotSupported
PS C:\Users\richard> (Get-User richard).RemotePowershellE
The term 'Get-User' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the sp
elling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:10
+ (Get-User <<<< richard).RemotePowershellE
+ CategoryInfo : ObjectNotFound: (Get-User:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Apologies I misread.
Use the second option (user name)
https://technet.microsoft.com/en-us/library/dd297932.aspx
Use the second option (user name)
https://technet.microsoft.com/en-us/library/dd297932.aspx
"User account" not "user name"
Sorry I'm on my phone and its super late.
Sorry I'm on my phone and its super late.
ASKER
No worries!
Ran from the DC, and get the following:
PS C:\Users\richard> $UserCredential = Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\richard> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mai
l.domain.ca/PowerShell/ -Authentication Kerberos -Credential $UserCredential
[mail.universalproperties.
nnot process the request. The authentication mechanism requested by the client is not supported by the server or unencr
ypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configura
tion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer na
me as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name
and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Trouble
shooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
Ran from the DC, and get the following:
PS C:\Users\richard> $UserCredential = Get-Credential
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\richard> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mai
l.domain.ca/PowerShell/ -Authentication Kerberos -Credential $UserCredential
[mail.universalproperties.
nnot process the request. The authentication mechanism requested by the client is not supported by the server or unencr
ypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configura
tion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer na
me as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name
and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Trouble
shooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
hi to Fix it you need to Fix the time on this server and all the DC that you have
restart the master dc and after that the exchnage
don't forget to check DNS that correct
restart the master dc and after that the exchnage
don't forget to check DNS that correct
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Consulted Microsoft Support.
http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx
http://blogs.technet.com/b/exchange/archive/2010/12/07/resolving-winrm-errors-and-exchange-2010-management-tools-startup-failures.aspx