Exchange Management Shell does not connect to server

Hi,

Can't connect to server with Exchange Management Shell.

Restart, IISRESET etc. does not help.
Method :
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri EXCHSERVER.CONTOSO.COM/PowerShell/ -Authentication Kerberos
Import-PSSession $Session
also does not work.

Error:

VERBOSE: Connecting to EXCHSERVER.CONTOSO.COM.
New-PSSession : [EXCHSERVER.CONTOSO.COM] Connecting to remote server EXCHSERVER.CONTOSO.COM failed with the following
 error message : The WS-Management service cannot process the request. The load quota for the system has been exceeded.
 Send future requests at a slower rate or raise the system quota. For more information, see the about_Remote_Troublesho
oting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : -2144108120,PSSessionOpenFailed
VERBOSE: Connecting to EXCHSERVER.CONTOSO.COM.
New-PSSession : [EXCHSERVER.CONTOSO.COM] Connecting to remote server EXCHSERVER.CONTOSO.COM failed with the following
 error message : The WS-Management service cannot process the request. The load quota for the system has been exceeded.
 Send future requests at a slower rate or raise the system quota. For more information, see the about_Remote_Troublesho
oting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : -2144108120,PSSessionOpenFailed

October 8th, 2013 12:55pm

Hi,

Have you checked the url used for Powershell external access is working? Also Check the certificate assigned for the url for Powershell external access is working fine.

Free Windows Admin Tool Kit Click here and download it now
October 8th, 2013 1:22pm

Hi,

Yes. Powershell URL is fine.
SSL in not required on Powershell URL. Certificate is ok and trusted.

Sven

October 8th, 2013 1:27pm

Have you tried to re-create the PowerShell virtual directory?

Free Windows Admin Tool Kit Click here and download it now
October 8th, 2013 1:46pm

Hi,
At occasions that I have seen that error, I have done the below two things to solve it:

  1. Recycled the application pool MSExchangePowerShellProxyAppPool in IIS
  2. Restarted the service WinRM

See if it works for you too.

October 8th, 2013 3:50pm

Have you tried to re-create the PowerShell virtual dire

Free Windows Admin Tool Kit Click here and download it now
October 8th, 2013 5:33pm

Hi,
At occasions that I have seen that error, I have done the below two things to solve it:

  1. Recycled the application pool MSExchangePowerShellProxyAppPool in IIS
  2. Restarted the service WinRM

See if it works for yo

October 8th, 2013 5:37pm

Hi,

Blow post will help you resolve the issue:

http://social.technet.microsoft.com/Forums/exchange/en-US/44b7f47c-7466-4ae1-acd6-b59fb58dcfcc/exchange-management-shell-cannot-connect-to-itself?forum=exchange2010

Free Windows Admin Tool Kit Click here and download it now
October 8th, 2013 6:26pm

Hi,

Blow post will help you resolve the issue:

http://social.technet.microsoft.com/Forums/exchange/en-US/44b7f47c-7466-4ae1-acd6-b59fb58dcfcc/exchange-management-shell-cannot-connect-to-itself?forum=exchan

October 9th, 2013 10:18am

Finally figured it out.

Powershell VirtualDirectory path was :
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\PowerShell

Should be:
C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PowerShell

Something changed it within CU2 install.
God damn it Microsoft. When you release patch that does not break something.

Sven

  • Marked as answer by FatDoog Wednesday, October 09, 2013 11:03 AM
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2013 11:03am

Run a normal powershell
Import the Exchange server 2010 snapin and get the current certificates

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
PS C:\Users\Administrator> Get-ExchangeCertificate
Thumbprint                                Services   Subject
----------                                --------   -------
084B2597D626C5361CF8002FADBEA83B9144143D  IP.WS.     CN=trapoist.com, OU=Domain Control Validated
76C7987A7A9C7F9917A6A1B208220CA768CE0D23  IP..S.     CN=trapoist.com, OU=Domain Control Validated

Get-ExchangeCertificate | select *

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {trapoist.com, www.trapoist.com, autodiscover.trapoist.com, IMAP.trapoist.com...}
CertificateRequest   :
IisServices          : {IIS://MAILTRAPOIST/W3SVC/1}
IsSelfSigned         : False
KeyIdentifier        : 36A0EC10B4503C5DBF51815A50F442D9404BE04E
RootCAType           : ThirdParty
Services             : IMAP, POP, IIS, SMTP
Status               : Valid
SubjectKeyIdentifier : 36A0EC10B4503C5DBF51815A50F442D9404BE04E
PrivateKeyExportable : True
PublicKeySize        : 2048
ServicesStringForm   : IP.WS.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid...}
FriendlyName         : trapoist.com
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/9/2015 4:06:40 PM (SE VENCERA EL 8 DE SEPTIEMBRE)
NotBefore            : 8/5/2014 7:39:01 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 128...}
SerialNumber         : 27B309845C2696
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 084B2597D626C5361CF8002FADBEA83B9144143D
Version              : 3
Handle               : 485017248
Issuer               : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDad
                       dy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Subject              : CN=trapoist.com, OU=Domain Control Validated

AccessRules          : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
                       sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains   : {trapoist.com, www.trapoist.com, autodiscover.trapoist.com, mail.trapoist.com...}
CertificateRequest   :
IisServices          : {}
IsSelfSigned         : False
KeyIdentifier        : 54B2B188FA07098417B50DF52BDC0A41E44C9234
RootCAType           : ThirdParty
Services             : IMAP, POP, SMTP
Status               : DateInvalid
SubjectKeyIdentifier : 54B2B188FA07098417B50DF52BDC0A41E44C9234
PrivateKeyExportable : True
PublicKeySize        : 2048
ServicesStringForm   : IP..S.
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
                       y.Oid, System.Security.Cryptography.Oid...}
FriendlyName         : trapoist.com
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : 8/9/2014 4:06:40 PM
NotBefore            : 8/12/2013 2:29:54 PM
HasPrivateKey        : True
PrivateKey           : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 5, 161...}
SerialNumber         : 042D71441FC05E
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 76C7987A7A9C7F9917A6A1B208220CA768CE0D23
Version              : 3
Handle               : 485016480
Issuer               : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godadd
                       y.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Subject              : CN=trapoist.com, OU=Domain Control Validated

Renew the expired selfsigned certificate

PS C:\Users\Administrator> Get-ExchangeCertificate -Thumbprint '76C7987A7A9C7F9917A6A1B208220CA768CE0D23' | New-ExchangeCertificate

 Confirm

Overwrite the existing default SMTP certificate?

 Current certificate: '76C7987A7A9C7F9917A6A1B208220CA768CE0D23' (expires 8/9/2014 4:06:40 PM)

Replace it with certificate: 'C3FBFA049FE6AC1806B950EB7A7AF8286EE04880' (expires 4/13/2020 12:56:34 PM)

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

 Thumbprint                                Services   Subject

---------                                --------   -------

C3FBFA049FE6AC1806B950EB7A7AF8286EE04880  IP..S.     OU=Domain Control Validated, CN=trapoist.com

 

PS C:\Users\Administrator> Get-ExchangeCertificate

 

Thumbprint                                Services   Subject

----------                                --------   -------

C3FBFA049FE6AC1806B950EB7A7AF8286EE04880  IP..S.     OU=Domain Control Validated, CN=trapoist.com

084B2597D626C5361CF8002FADBEA83B9144143D  IP.WS.     CN=trapoist.com, OU=Domain Control Validated

76C7987A7A9C7F9917A6A1B208220CA768CE0D23  IP..S.     CN=trapoist.com, OU=Domain Control Validated

 

#DELETE THE OLD CERTIFICATE (EXPIRED)

PS C:\Users\Administrator> Remove-ExchangeCertificate -Thumbprint 76C7987A7A9C7F9917A6A1B208220CA768CE0D23

 

Confirm

Are you sure you want to perform this action?

Remove certificate with thumbprint 76C7987A7A9C7F9917A6A1B208220CA768CE0D23 from the computer's certificate store?

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

PS C:\Users\Administrator> Get-ExchangeCertificate

 

Thumbprint                                Services   Subject

----------                                --------   -------

C3FBFA049FE6AC1806B950EB7A7AF8286EE04880  IP..S.     OU=Domain Control Validated, CN=trapoist.com

084B2597D626C5361CF8002FADBEA83B9144143D  IP.WS.     CN=trapoist.com, OU=Domain Control Validated

 

#CALLING CMD TO RESET THE IIS.

PS C:\Users\Administrator> cmd

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

#RESET EL IIS

C:\Users\Administrator>iisreset

 

Attempting stop...

Internet services successfully stopped

Attempting start...

Internet services successfully restarted

Done


April 13th, 2015 3:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics