EMC Kerberos Auth Fails
I'm a bit of an exchange noob so I wanted to up my skills and install it in a test enviornment, so I put 2010 Ent on a fresh fully updated '08R2 Ent DC, it started giving me WinRM errors which turned out to be as simple as enabling IPv6 on the network adapter(who'd
have thunk it!) and then it worked for ten minutes or so I entered in the product key, activated, restarted EMC and got this error on start "The attempt to connect to
http://[exchange server FQDN]/Powershell using "kerberos" failed:Connecting to remote server failed with the following error message : The WinRM Client cannot process the request. It cannot determine the content
type of the http response from the destination computer. The content type is absent or invalid. For more information, see the about_remote_troubleshooting Help topic."
I've tried reinstalling WinRM through Server Manager, and I installed Echange 2010 SP1 then tested, then rollout 5, and tested, this is what I get when I run EMT:
PS C:\Users\Administrator> C:\EMTshooter.ps1
Welcome to the Exchange Management Troubleshooter!
We recommend that you run the troubleshooter after making changes to
IIS to ensure that connectivity to Exchange Powershell is unaffected.
Checking IIS Service...
Checking the Exchange Install Path variable...
Checking the Powershell Virtual Directory...
Checking the Powershell vdir SSL setting...
Checking the Powershell vdir path setting...
Checking HTTP Port 80...
Checking HTTP Port 80 Host Name...
Testing for errors...
VERBOSE: Connecting to [exchange server FQDN]
[exchange server FQDN] Connecting to remote server failed with the following error message : The WinR
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemo
+ FullyQualifiedErrorId : PSSessionOpenFailed
The Exchange Management Troubleshooter successfully completed connecting to:
[exchange server FQDN]
Failed to connect to any Exchange Server in the current site.
Problem found:
Looking for error...
These are the possible causes for this error:
1. If the WSMan module entry is missing from the global modules section of the
C:\Windows\System32\Inetsrv\config\ApplicationHost.config file, as follows:
<globalModules>
<add name="WSMan" image="C:\Windows\system32\wsmsvc.dll" />
This will result in the WSMan module displaying as a Managed module on the PowerShell virtual director
To correct this, make sure that the WSMan module has been registered (but not enabled) at the Server l
enabled on the PowerShell virtual directory. Confirm that the WSMan entry exists in the Global Secti
ionHost.config file as shown above.
2. Remote PowerShell uses Kerberos to authenticate the user connecting. IIS implements this Kerberos
hod via a native module. In IIS Manager, if you go to the PowerShell Virtual Directory and then look a
should see Kerbauth listed as a Native Module, with the dll location pointing to \Program Files\Micro
er\v14\Bin\kerbauth.dll. If the Kerbauth module shows up as a Managed module instead of Native, or if
e has been loaded on the Default Web Site level (instead of, or in addition to, the PowerShell virtual
an experience this issue. To correct this, make sure that the Kerbauth module is not enabled on the De
t is only enabled on the PowerShell virtual directory. The entry type of "Local" indicates that the K
enabled directly on this level, and not inherited from a parent.
3. The Path of the Powershell virtual directory has been modified. The PowerShell virtual directory
"\Exchange Server\v14\ClientAccess\PowerShell"
directory or you will encounter problems.
After each error is resolved, close this window and re-run the tool to check for additional problems.
I've verified all three items and still having the same issue, and same response from EMT after multiple reboots, any help would be greatly appreciated, and I can provide any attional information to help.
November 13th, 2011 11:16pm
Hi mxrdr21,
I would suggest you rebuild the server.
Refer to:
This Exchange server is also a domain controller, which is not a recommended configuration
http://technet.microsoft.com/en-us/library/aa997407(EXCHG.80).aspx
Exchange Server 2010 cannot be installed on a domain controller if the forest is in split permission mode
http://technet.microsoft.com/en-us/library/ff772427(EXCHG.80).aspx
Weird issue with exchange 2010 and domain controllers
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/7e2fe691-381e-4a52-b0cf-e3820d6a74ba/
Considering it is a test environment for learning purpose, I would suggest you remove it and create a new one.
Just for your reference, this issue generally caused by permission related issue based on my research, you may try to troubleshoot this issue by methods
below:
1.
Verify the user role;
2.
Verify the Exchange server group;
3.
Run IIS reset.
Hope it is helpful.
Best Regards Fiona Liao E: v-fiolia@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2011 1:32am
Sorry for the delayed response, I just got to sink my teeth into this a bit more, anyway that's basically what I'm going to wind up doing, I finally got the exchange uninstallation issues sorted out now(it was giving me exsetup issues), so I'm going to
throw a little extra hardware in the server and create an exchange VM in Hyper-V.
November 16th, 2011 9:22pm