Hello, I have problems managing Exchange 2010 from a trusted / foreign domain. I can login to all servers with the trusted account (also the Exchange servers) DNS is resolving the trusted domain Wins is not replicating (can this be the problem? WINS is not in use at the trusted domain) I have followed http://technet.microsoft.com/en-us/library/dd876871.aspx With a local account I have no problems managing Exchange (even a very new account) When query the trusted user for powershell enabled it tells me $true The problem is with EMS and EMC The problem is locally on the Exchange servers and on a management server in the same domain as the Exchange servers to manage When opening EMS it is connecting quite nicely to the Exchange 2010 server in the trusted domain after giving errors on the servers in the domain to manage Al ports between the Exchange servers and the DC's + Exchange server in the trusted domain are open The exact error I get is: VERBOSE: Connecting to EXCAS001.domain.local [EXCAS001.domain.local] Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionOpenFailed VERBOSE: Connecting to EXMB001.domain.local [exmb001.domain.local] Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionOpenFailed I am running out of options. Does anyone have an idear / solution? Thank you in advance for your support.

Have you seen this? - http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/51b9f958-0ed4-45d4-a0f4-b853f0ade2e2Jesper Bernle | Blog: http://xchangeserver.wordpress.com

Hi Knooijer, Andy update for your issue? Above gave some good information. Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Knooijer, Any update for your issue? Above gave some good information. Regards! Gavin Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I have tried, but it starts immediately about the user not being Remote Powershell Enabled. When I start EMS it connects to the local exchange-server (in the trusted domain). Lookup the user at that moment tells me it is PS Enabled. When I login with a local user (from the trusting domain) and perform a lookup on the trusted user, I get an error telling me the user cannot be found on the local DC. This is correct, because the user is known in the trusted / foreign domain. So I am stuck there now. In the mean time I also found I cannot perform Server Manager on a remote server with a trusted account. Any ideas? More info: All is performed from systems in the same domain. Only the user is in another domain. Best regards, knooijer

Oke, it is "solved" and now I have the get-logonuser problem (http://social.microsoft.com/Forums/en-US/partnermsgexchange/thread/1f105cfe-3939-4f0e-921d-51360f65a871). So I am stuck for the moment. The solution: I had created an external one-way trust. Making this a two-way forest trust solved it. Still one question (i can also try this, but it's 2:05 in the night here): Do I really need a two-way trust? I understand I need a forest trust because of Kerberos. Thank you for the support.

Hi KNooijer, Per my known, we should create two-way trust between the domain to configure the cross forests administration, and is the external trust. Some information for you: http://technet.microsoft.com/en-us/library/bb232078(EXCHG.80).aspx http://technet.microsoft.com/en-us/library/cc778851(WS.10).aspx Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.