Additionally i would like to share the results of everything we did during troubleshooting.
Problem:
=======
Unable to Access Exchange Management Shell on Server 'EX2013'.
Environment:
===========
Windows Server 2012
Exchange Server 2013 CU1
Resolution:
=========
o
Issue was Unable to Access Exchange Management Shell on Server 'EX2013'..
o
We were getting error FullyQualifiedErrorId :
AccessDenied,PSSessionOpenFailed while accessing EMS, However OWA and EAC was working fine.
o
We were also not able to see
Exchange 2013 server when we run Get-ExchangeServer from Exchange 2010 Shell.
o
Verified the firewall was disabled.
o
Verified the Network configuration.
o
All the exchange services were present and started.
o
You were logged in with an account had Admin rights hence we logged off and logged back in with Administrator account but still the same issue.
o
Added host entry but still
had same issue.
o
We ran below command to check the Remote connectivity from the
effected server.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN
of Exchange 2010 server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential
o
We had the same issue.
o
Then we removed and reinstalled the exchange server completely but still had the same issue.
o
Later we formatted the box completely and installed everything again but still had the same issue.
o
Ran winrm quickconfig to check the WinRM configuration found it correct.
o
Ran below commands to add
exchange snapin for exchange.
Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010
Add-pssnapin Microsoft.Exchange.Management.PowerShell.SnapIn
o
Ran
Get-User icons-svc | fl Name, *rem* found
RemotePowerShellEnabled : True
o
did
IISreset But still had the same issue.
o
Ran
netstat -a to check port 80, which was open.
o
Verified the IIS, Default Web Site was started.
o
Verified the WSmen Kerbauth was Native and Local under
powershell Virtual Direcotry in Modules.
o
Bindings were correct on Default
Website.
o
Ran below command to enable .Net framework 4.0
%SystemDrive%\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir -enable
o
Did
IISreset and rebooted the server but still had the same issue.
o
Downloaded and ran Procmon took the PowerShell traces verified found there were permission issues and getting Access Denied errors.
o
Verified all the permission on below mentioned locations
14:01:14.0601232 powershell.exe 13020 RegOpenKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ACCESS DENIED Desired Access: All Access
14:01:13.9446459 powershell.exe 13020 RegOpenKey HKLM\SOFTWARE\Microsoft\ExchangeServer\v15\Transport ACCESS DENIED Desired Access: Read
14:01:13.9348908 powershell.exe 13020 RegOpenKey HKLM\SOFTWARE\Microsoft\ExchangeServer\v15\FIP-FS ACCESS DENIED Desired Access: Read
o
found all of them correct.
o
further went to verify the permission and Group Membership on trusted subsystem and members of
organization management group.
o
Found a security Group 'Exchange Installed Domain Servers' added as Member of
Organization management Group.
o
Hence removed that Security Group and there were other accounts added in same group hence removed them also.
o
Force the replication using
repadmin /syncall /AdeP.
o
Rebooted the server once.
o
Now we were able to connect EMS successfully.
o
Ran Get-ExchangeServer we could see both the servers now.
o
Then we were testing mailbox migration but got an error as Migration mailbox missing.
o
Ran setup.exe /preparead to create the same.
o
Ran the below commands to enable arbitration on the same.
Enable-Mailbox -Arbitration -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136"
Set-Mailbox "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" -Arbitration Management:$true
o
Now initiated the migration and completed successfully.
-
Edited by
radray
Wednesday, May 08, 2013 12:24 PM