I am trying to import from our Exchange Server and so far have been unsuccessful.
My objecive is to utilized Exchange CMDLETS from Active Directory PS session where I can iterate through my AD OU tree and then edit AD email attributes by creating arrays with Exchange specific smdlets such as ‘Get-Contacts’.
Specifics:
I am running this command from the Active Directory server
There is a clustered Exchange server enviornment where all Exchange servers are running on Windows 2012
Active Directory server and Exchange 2013 servers are on the same subnet, same domain.
From AD PowerShell Console, I am trying to import my Exchange server session. The credentials have been verified and correct, however when I run this, I receive this error. Since Exchange is running on Win2012, WinRm is already running and accepting commands. I also have the Trusted hosts on the Active Directory server set to ‘*’ to trust all servers. I went over all possibilities but I don’t see why this shouldn’t work, unless there are components about Exchange Shell I do not understand.
WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
"
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.techpro.com failed with the following error message : The WinRM
client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned
by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help
topic.At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce
ption
+ FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed
There’s potentially a bunch of stuff happening here. TrustedHosts ain’t it, though, and you should remove the * setting as it’s a terrible, horrible, bad, awful thing to have on a domain controller. Awful. This also likely has nothing to do with credentials, not with that error message.
First, because you’re using a cluster, you’re getting a redirect to the active node. That’s fine. Have you verified that you can directly connect, via Remoting, to each of the cluster nodes? Using their host names, not a cluster name? Let’s start with that.
I can successfully remote to each Exchange DAG Member (Database Availability Group) from the Domain Controller which resides on the same Subnet as these Exchange boxes.
Main Objective:
To compose a script that will iterate through multiple Active Directory OU’s and its users and perform checks and edit specific ‘Contact’ information (showinAddressbook) attributes within AD. Looping construct will be an ARRAY of business OU’s, but will need to utilize Exchange cmdlets (one of which is ‘Get-Contact’), hence why I need to be able to import Exchange session into my PowerShell session running on Active Directory server.
More Info:
Before your post, my research turned up a ‘next action item’ for me to try and resolve by running the “Exchange Management Troubleshooter” on the server to see if that turns up anything. https://support.microsoft.com/en-us/kb/3063897
However, if you see an alternative direction, please let me know.
My ‘experience’ thus far has been a crash course line composed of Kindle PowerShell books, working with ISE, and a smattering of your YouTube Videos, so I might not be as of yet ‘fluent’ in the correct terms.
Minus the Kerberos authentication, that is exactly the same ‘NEW-PSSession’ command I did above in my first post. When I try to create a session and assign to a new variable, that is when it errors out.
Attempting the same with Kerberos shows me that Kerberos is not setup on our system to accept this kind of authentication.
S C:\Users\administrator.TECHPRO> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
New-PSSession : [mail.techpro.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM
cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.techpro.com is
unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the
Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the
format HTTP/mail.techpro.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication
mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce
ption
+ FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed
Try it with just http. From poking around in Google, there are some other things that have to be configured for https to work properly. Most of the https examples are for O365, where you have to connect over the Internet.
Tried it with basic and Kerberos authentication without ‘https’, still errored out. The last attempt I tried with ‘https’ and as you can see, the redirect is working in that instance so I suspect that this server only listens on that secure port.
PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM
cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.XXXX.com is
unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the
Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the
format HTTP/mail.XXXX.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication
mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce
ption
+ FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed
PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM
client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client
configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce
ption
+ FullyQualifiedErrorId : -2144108322,PSSessionOpenFailed
PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
"
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM
client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned
by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help
topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce
ption
+ FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed
I am getting negative feedback from my organization’s staff as far as allowing Powershell windows authentication from within IIS on Exchange. I will have to to turn this capability on to see if this is my issue.