PS Remoting with an Exchange CA server

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Richard Siddaway Richard Siddaway 3 years, 9 months ago.

  • Author
    Posts
  • #10327
    Profile photo of Andrew Cheung
    Andrew Cheung
    Participant

    Hello! I've recently brought up a new machine to host a blackberry 10 server (which now uses powershell for some administration!) and have come across a remoting issue when it comes to simply entering a PS Session from Server A to the Exchange server.

    The Scenario: All servers are within the same domain, running server 2008 R2 SP1, with Windows Firewall disabled and no Anti-Virus running. Server A is hosting the BES product, Server B is another host with some exchange tools and the Exchange server is the last.

    Running: Enter-PSSession -ComputerName -Credential \

    We are able to enter a session from Server B to Exchange, vice versa and from Server B to Server A. But when trying to start a session from Server A to either B or the Exchange CA, we are given a 403 HTTP response from the Win RM Client.

    It seemed to be a destination configuration issue at first so I had tried the following:
    – run 'Enable-PSRemoting' from an admin shell on the destination
    – added the domain admin account to the local Administrators group
    – added that account to Full Control user using: "Set-PSSessionConfiguration -Path Microsoft.Powershell"
    – Checked that 'Use SSL' in the Powershell IIS panel was cleared
    – Verified the admin account could authenticate and launch a powershell terminal on the destination locally

    But since remoting works to the destination from all other hosts tested it must be a source configuration problem, anyone have an idea what it could be that would keep kicking back a 403? Any help is greatly appreciated =) Thanks!

  • #10330
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    Let me make sure I understand this

    Your server A can be remoted to but you can't remote from server A to any other server?
    When you try to connect from server A to any other server you get a 403 HTTP response
    A 403 error means "The server understood the request, but is refusing to fulfill it"

    When you say you get the error from the WinRM client – how are you actually trying to connect?
    Can you show the whole error message?

    It sounds like you have connectivity but server A doesn't recognise your right to connect

  • #10331
    Profile photo of Andrew Cheung
    Andrew Cheung
    Participant

    Your server A can be remoted to but you can’t remote from server A to any other server?

    Correct!

    Here is the error I will get from Server A, and running this same command from other hosts to the Exchange CA work fine, and reverse back to Server A also work fine.

    PS C:\Windows\system32> Enter-PSSession -ComputerName -Credential
    Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client received an HT
    TP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting
    Help topic.
    At line:1 char:16
    + Enter-PSSession < <<< -ComputerName -Credential

    + CategoryInfo : InvalidArgument: (:String) [Enter-PSSession], PSRemotingTranspor
    tException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

  • #10333
    Profile photo of Andrew Cheung
    Andrew Cheung
    Participant

    Update: I've got it! I should've checked earlier but it looks like it was an internal proxy causing it to error -.-

    `
    PS C:\Windows\system32> Enter-PSSession -ComputerName  -Credential 
    Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client received an HT
    TP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting
     Help topic.
    At line:1 char:16
    + Enter-PSSession < <<<  -ComputerName  -Credential 
        + CategoryInfo          : InvalidArgument: (:String) [Enter-PSSession], PSRemotingTranspor
       tException
        + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
    
    PS C:\Windows\system32> Enter-PSSession -ComputerName  -Credential  -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
    []: PS C:\Users\\Documents>
    []: PS C:\Users\\Documents> exit
    PS C:\Windows\system32>
    `

    Thank you for looking into it 🙂 But I am curious as to the difference between 'None' and 'NoProxyServer'. I had not thought to set it this way because I had (wrongly) assumed 'None' meant no proxy.

  • #10334
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    OK well done! & thanks for letting us know you've resolved the issue.

You must be logged in to reply to this topic.