Unable to Connect to EMS Server

Copper Contributor

Hello,

I am writing to report an issue that I am currently experiencing with my EMS setup. Specifically, I am unable to connect to one of two EMS servers, and I'm receiving this error message:

 

 

New-PSSession : [srvexc03.mydomain.local] Connecting to remote server srvexc03.mydomain.local failed with the following error message : For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Micr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed

 

 

 

I am hoping that some of you may have experienced a similar issue or have some insights that could help me resolve this problem.

Thank you in advance for your assistance

6 Replies

@jamelbouzidi 

Try to play with the following Parameters

 

$ServernameFQDN = "srvexc03.mydomain.local"
#Connection URL can be HTTP or HTTPS. Is the 
$conURI = "https://$ServernameFQDN/PowerShell/"
$conURI = "http://$ServernameFQDN/PowerShell/"
 
#Authentication:
#- Basic
#- Credssp
#- Digest
#- Kerberos
#- Negotiate
#- NegotiateWithImplicitCredential
 
#You can use SessionOption to skip the Certificate Checks
$SessionOption = New-PsSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
 
#Connect using Kerberos
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $conURI -Authentication Kerberos -SessionOption $SessionOption
Import-PSSession -Session $ExSession -DisableNameChecking -AllowClobber | Out-Null

#Connect using Basic Auth
$Cred = Get-Credential
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $conURI -Authentication Basic -Credential $Cred -SessionOption $SessionOption
Import-PSSession -Session $ExSession -DisableNameChecking -AllowClobber | Out-Null
 
Regards
Andres

@Andres Bohren 

 

Thank you for your reply.

When I use https I get this error:

New-PSSession : [srvexc03.mydomain.local] Connecting to remote server srvexc03.mydomain.local failed with the following error message : The SSL connection cannot be established. Verify that the service on the remote host is 
properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the 
following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". For more information, see the about_Remote_Troubleshooting Help topic.
At line:6 char:14
+ ... ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -Conn ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : -2144108102,PSSessionOpenFailed

 and when I use http, I get this one:

New-PSSession : [srvexc03.mydomain.local] Connecting to remote server srvexc03.mydomain.local failed with the following error message : The WinRM client cannot process the request. It cannot determine the content type of 
the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.
At line:6 char:14
+ ... ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -Conn ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : -2144108297,PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:7 char:27

Hi @jamelbouzidi 

 

Did you use the SessionOption to skip the Certificate Checks?

 

Check your Exchange Konfiguration
Get-PowerShellVirtualDirectory -Server srvexc03 | fl

 

AndresBohren_0-1681461523838.png

Regards

Andres

 

@Andres Bohren 

for the SessionOption, yes I skip the Certificate Checks.

This is what Get-PowerShellVirtualDirectory give me

RunspaceId                      : 10bb7a81-7bea-4958-b4aa-55581bff7d1e
RequireSSL                      : False
CertificateAuthentication       : True
VirtualDirectoryType            : PowerShell
Name                            : PowerShell (Default Web Site)
InternalAuthenticationMethods   : {}
ExternalAuthenticationMethods   : {}
LiveIdNegotiateAuthentication   : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : False
DigestAuthentication            : False
WindowsAuthentication           : False
OAuthAuthentication             : False
AdfsAuthentication              : False
MetabasePath                    : IIS://srvexc03.mydomain.local/W3SVC/1/ROOT/PowerShell
Path                            : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\PowerShell
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
AdminDisplayVersion             : Version 15.2 (Build 1118.7)
Server                          : SRVEXC03
InternalUrl                     : https://srvexc03.mydomain.local/powershell
ExternalUrl                     : https://exc.mydomain.com/powershell
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=PowerShell (Default Web Site),CN=HTTP,CN=Protocols,CN=SRVEXC03,CN=Servers,CN=Exchange Administrative Group
                                  (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=MY Organization,CN=Microsoft
                                  Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
Identity                        : SRVEXC03\PowerShell (Default Web Site)
Guid                            : d68ba73b-2cd8-4b37-a1a4-7df9ca794109
ObjectCategory                  : mydomain.local/Configuration/Schema/ms-Exch-Power-Shell-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchPowerShellVirtualDirectory}
WhenChanged                     : 14/04/2023 08:21:36
WhenCreated                     : 09/03/2023 10:40:27
WhenChangedUTC                  : 14/04/2023 07:21:36
WhenCreatedUTC                  : 09/03/2023 09:40:27
OrganizationId                  :
Id                              : SRVEXC03\PowerShell (Default Web Site)
OriginatingServer               : SrvLdap02.mydomain.local
IsValid                         : True
ObjectState                     : Changed

 

No Authentication Protocol is active on the PowerShell Directory
Set-PowerShellVirtualDirectory -Server srvexc03 -BasicAuthentication $true -WindowsAuthentication $true

@Andres Bohren 

I fix then Authentification Protocol,

RunspaceId                      : 10bb7a81-7bea-4958-b4aa-55581bff7d1e
RequireSSL                      : False
CertificateAuthentication       : True
VirtualDirectoryType            : PowerShell
Name                            : PowerShell (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated}
LiveIdNegotiateAuthentication   : False
WSSecurityAuthentication        : False
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
OAuthAuthentication             : False
AdfsAuthentication              : False
MetabasePath                    : IIS://srvexc03.mydomain.local/W3SVC/1/ROOT/PowerShell
Path                            : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\PowerShell
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
AdminDisplayVersion             : Version 15.2 (Build 1118.7)
Server                          : SRVEXC03
InternalUrl                     : https://srvexc03.mydomain.local/powershell
ExternalUrl                     : https://exc.mydomain.com/powershell

 But still doesn't work.

I forgot to tell you that neither the OWA nor the ECP doesn't work, only when I enter https://127.0.0.1/ecp