FIM 2010: provisioning to Exchange 2010 SP1 load balanced CAS
So I'm trying to provisioning new users to Exch 2010 SP1. Client has CAS servers that are load balanced. When I don't point to the load-balanced address, I get an error saying "Microsoft.MetadirectoryServices.ExtensionException: The term 'Update-Recipient' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. at Exch2010Extension.Exch2010ExtensionClass.AfterExportEntryToCd(Byte[] origAnchor, String origDN, String origDeltaEntryXml, Byte[] newAnchor, String newDN, String failedDeltaEntryXml, String errorMessage) when I do point to the loadbalanced address I get a different error: Message: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. After looking around I find articles talking about configuring Kerberos for load-balanced CAS servers. At high level glance seems there are some things that need to be done on the Exchange side, which might take some time. Question - is this really the only option I have to get it working? Am I going down the right path here? Anyone else have experience doing Exchange 2010 with loadbalanced servers? Thanks!
August 5th, 2011 1:16pm

In short Kerberos authentication to the URL is a requirement. No Kerberos, No Exchange Provisioning. So at first I would make sure your setup works when targetting http://casservername.demo.com/powershell as this should support Kerberos out of the box. If that's the case you could look into Kerberos enabling the CAS array and then you can use the loadbalanced URL. Some explanation: How to Configure the Exchange 2010 RPS URI http://setspn.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2011 2:17pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics