Hello! I’ve recently brought up a new machine to host a blackberry 10 server (which now uses powershell for some administration!) and have come across a remoting issue when it comes to simply entering a PS Session from Server A to the Exchange server.
The Scenario: All servers are within the same domain, running server 2008 R2 SP1, with Windows Firewall disabled and no Anti-Virus running. Server A is hosting the BES product, Server B is another host with some exchange tools and the Exchange server is the last.
Running: Enter-PSSession -ComputerName <ExchangeCA> -Credential <Domain><Domain Admin Account>
We are able to enter a session from Server B to Exchange, vice versa and from Server B to Server A. But when trying to start a session from Server A to either B or the Exchange CA, we are given a 403 HTTP response from the Win RM Client.
It seemed to be a destination configuration issue at first so I had tried the following:
- run ‘Enable-PSRemoting’ from an admin shell on the destination
- added the domain admin account to the local Administrators group
- added that account to Full Control user using: “Set-PSSessionConfiguration -Path Microsoft.Powershell”
- Checked that ‘Use SSL’ in the Powershell IIS panel was cleared
- Verified the admin account could authenticate and launch a powershell terminal on the destination locally
But since remoting works to the destination from all other hosts tested it must be a source configuration problem, anyone have an idea what it could be that would keep kicking back a 403? Any help is greatly appreciated =) Thanks!
Let me make sure I understand this
Your server A can be remoted to but you can’t remote from server A to any other server?
When you try to connect from server A to any other server you get a 403 HTTP response
A 403 error means “The server understood the request, but is refusing to fulfill it”
When you say you get the error from the WinRM client - how are you actually trying to connect?
Can you show the whole error message?
It sounds like you have connectivity but server A doesn’t recognise your right to connect
Your server A can be remoted to but you can’t remote from server A to any other server?
Correct!
Here is the error I will get from Server A, and running this same command from other hosts to the Exchange CA work fine, and reverse back to Server A also work fine.
PS C:\Windows\system32> Enter-PSSession -ComputerName <exchange CA> -Credential <admin account>
Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client received an HT
TP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting
Help topic.
At line:1 char:16
Enter-PSSession <<<< -ComputerName <exchange CA> -Credential <admin account>
- CategoryInfo : InvalidArgument: (<exchange CA>:String) [Enter-PSSession], PSRemotingTranspor
tException
FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Update: I’ve got it! I should’ve checked earlier but it looks like it was an internal proxy causing it to error -.-
`
PS C:\Windows\system32> Enter-PSSession -ComputerName <exchangeCA> -Credential <admin>
Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client received an HT
TP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting
Help topic.
At line:1 char:16
+ Enter-PSSession <<<< -ComputerName <exchangeCA> -Credential <admin>
+ CategoryInfo : InvalidArgument: (<exchangeCA>:String) [Enter-PSSession], PSRemotingTranspor
tException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
PS C:\Windows\system32> Enter-PSSession -ComputerName <exchangeCA> -Credential <admin> -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
[<exchangeCA>]: PS C:\Users\<admin>\Documents>
[<exchangeCA>]: PS C:\Users\<admin>\Documents> exit
PS C:\Windows\system32>
`
Thank you for looking into it 
But I am curious as to the difference between ‘None’ and ‘NoProxyServer’. I had not thought to set it this way because I had (wrongly) assumed ‘None’ meant no proxy.
OK well done! & thanks for letting us know you’ve resolved the issue.