Forum Discussion
How to connect to exchange in domain from non-domain network
Hi
I'm trying to connect from my home PC to Exchange (via VPN) like this
$username = "mylogin"
$password = "p@$$w0rd"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $securePassword)
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
I get an error
The WinRM client received HTTP status code "440" from the remote WS-Management service.
I also tried to connect like this and execute commands
Enter-PSSession -ComputerName 10.10.0.42 -Credential $cred
[10.10.0.42]: PS C:\Users\mylogin\Documents> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
[10.10.0.42]: PS C:\Users\mylogin\Documents> GET-mailbox
I also get an error
Active Directory operation failed in . Invalid credentials provided for 'domain\mylogin'.
How to properly connect to Exchange and execute commands from a non-domain PC?
Thanks for the advice, but I've already done and checked all this a long time ago. That's why I wrote here to find a solution.
As a result, I found a solution.
you need to make the following settings in iis.
in the Default Web Site - PowerShell section
you need to select the "Authentication" item and enable Basic authentication in it$username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange2019.domain.local/powershell/ -Authentication Basic -Credential $Cred -AllowRedirection Import-PSSession $Session Get-mailboxor via exchange server (10.10.0.42)
$username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) Enter-PSSession -ComputerName 10.10.0.42 -Credential $cred $username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange2019.domain.local/powershell/ -Authentication Basic -Credential $Cred -AllowRedirection Import-PSSession $Session Get-mailbox
4 Replies
Thanks for the advice, but I've already done and checked all this a long time ago. That's why I wrote here to find a solution.
As a result, I found a solution.
you need to make the following settings in iis.
in the Default Web Site - PowerShell section
you need to select the "Authentication" item and enable Basic authentication in it$username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange2019.domain.local/powershell/ -Authentication Basic -Credential $Cred -AllowRedirection Import-PSSession $Session Get-mailboxor via exchange server (10.10.0.42)
$username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) Enter-PSSession -ComputerName 10.10.0.42 -Credential $cred $username = "login@domain" $password = "P@$$w0rd" $securePassword = ConvertTo-SecureString $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($username, $securePassword) $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange2019.domain.local/powershell/ -Authentication Basic -Credential $Cred -AllowRedirection Import-PSSession $Session Get-mailboxError 440 (WinRM HTTP status code)
The error "The WinRM client received HTTP status code 440" suggests that the connection attempt was denied due to security or configuration issues, particularly with authentication and protocols used to connect to Exchange.
To resolve this:
- Ensure that PowerShell Remoting is enabled on the Exchange server and properly configured for external access.
- On the Exchange server, check if WinRM is configured and the required ports (default HTTP/HTTPS ports: 5985 and 5986) are open on the firewall for external connections.
- You can enable and configure PowerShell remoting on the Exchange server by running this command (in an elevated PowerShell window):
- Enable-PSRemoting -Force
- Check authentication settings: If using Basic Authentication, ensure that it's enabled on your Exchange server for the remote session. On modern versions of Exchange, Basic Authentication may be disabled for security reasons, and you might need to enable it if absolutely necessary or switch to OAuth authentication.
- Allow the remote session to redirect:
- If you're connecting via HTTP, ensure that you add the -AllowRedirection flag in your PowerShell command to allow the client to follow any redirection to HTTPS:
- $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
The error "Invalid credentials provided for 'domain\mylogin'" indicates that there is an issue with the Active Directory authentication from a non-domain network. Here are several things you can try:
Solutions:
- Use correct domain credentials: Ensure that you're entering the full username (e.g., domain\mylogin) and the correct password. You also need to make sure that the user has the necessary permissions to access the Exchange server.
- Use the full email address for credentials instead of just the username (e.g., email address removed for privacy reasons).
- Ensure that the PC can communicate with the domain: If you're using a VPN, confirm that the VPN is correctly connected and that your home PC can reach the domain controllers for authentication. Ensure that you have access to DNS resolution for the domain when connected via VPN.
- Check your AD credentials on the Exchange server: If your Exchange server is on-premises and not part of Azure AD, the account you are using to log into the Exchange server must be synchronized with Active Directory. If it is a hybrid Exchange setup, you may need to ensure that the credentials are valid for that environment.
- Use HTTPS for Exchange Web Services: If you are using HTTPS to access the Exchange Management Shell, ensure that the URL in the command is correct and uses HTTPS (which is often required for external connections).
3. Connect to Exchange from a non-domain PC
Here is a step-by-step approach to connecting to Exchange Online or On-Premises Exchange from a non-domain computer.
If you're connecting to Exchange Online (Office 365):
- You need to use Exchange Online PowerShell (not Exchange on-premises) via PowerShell.
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName email address removed for privacy reasons -ShowProgress $true
If you're connecting to On-Premises Exchange (using PowerShell remoting):
- Make sure that your PC is connected via VPN and that the server's ports are reachable.
- Ensure that PowerShell remoting is configured on the server, as mentioned above.
- $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
Enter-PSSession $session - est if PowerShell Remoting is working: Test if WinRM is working between your machine and the Exchange server by running:
- Test-WSMan -ComputerName <ExchangeServer>
- If this test fails, you may have to enable WinRM on both your machine and the server.
- Check if VPN is correctly configured: If you're not able to connect via VPN, ensure that your VPN client allows for DNS resolution to the domain and network routing to the Exchange server.
- Check firewalls and proxies: Ensure there are no network-level restrictions (like firewalls or proxy servers) blocking your connection.
To connect remotely to an Exchange server from a non-domain PC, ensure that you have:
- A working VPN connection to the domain.
- Correct authentication settings (full domain user or email address and correct password).
- PowerShell remoting enabled on the server.
- Correct URLs and use HTTPS for secure connections.
- Ensure that PowerShell Remoting is enabled on the Exchange server and properly configured for external access.
