12 September 2017

Exchange Management Shell not connecting to the server - PowerShell Exchange 2013 - EMS

PSSession : [sr-xxxxx.domain.lan] Processing data from remote server sr-xxxxx.domain.lan failed with the following error message: [ClientAccessServer=SR-xxxxx,BackEndServer=sr-xxxxx.domain.lan,RequestId=8aa81a77-bea6-408f-a4c6-83657ecc222f,TimeStamp=6-9-2017 19:29:58] [FailureCategory=WSMan-Others] The EndpointConfiguration with the http://schemas.microsoft.com/powershell/microsoft.exchange identifier is not in a valid initial session state on the remote computer. Contact your Windows PowerShell administrator, or the owner or creator of the endpoint configurat
ion. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $session = New-PSSession -ConfigurationName microsoft.exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : IncorrectProtocolVersion,PSSessionOpenFailed





Well, that's a nice one isn't it?

Problem is that on the local Exchange server you cannot start the management shell to administer your Exchange server. It does not want to connect to itself.
And by that I mean to the server name and domain name.

You can however start a PowerShell console and import the exchange module, this will load up and you can do your Exchange administration stuff.
But remoting is out of the question.

Now check this:

Event ID: 2112
The server doesn't have the Audit Security privilege on a domain controller. This privilege is used by ADAccess. Run policytest.exe. See KB 314294


The problem is that there is a group missing in the default domain controller policy, and notice the words "domain controller". Or the group is missing in a hardening policy that you created yourself for the domain controllers. The group we're looking for is "Exchange Servers".

Open the Microsoft Management Console and add the Group Policy Management Editor snap-in. Then, click Browse and select Domain Controllers from the Domains, OUs and linked Group Policy Objects list. Click OK twice and then click Finish. Click OK to close the Add or Remove Snap-ins window.

In the console tree, expand Local Computer Policy, Windows Settings, Security Settings and Local Policies. Under Local Policies, click User Rights Assignments.

In the results pane, double-click Manage auditing and security log. Verify that the "Exchange Servers" group is listed.


Make sure that the Exchange server is still a member of the Exchange Domain Servers group.
Make sure that the group permissions are inherited by the Microsoft Exchange computer account.

2 comments:

  1. Anonymous15/4/19 14:55

    Awesome

    ReplyDelete
  2. Anonymous21/1/22 22:00

    Great! thank you for posting, saved my time.

    ReplyDelete