Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, January 12, 2020 10:08 PM
Hi People,
Today for some odd reason one My Exchange servers won't open the exchange management shell.
I have 2 servers in 2016 DAG. Everything seems to be working ok. ECP working fine.
Have restarted the broken server, this didn't help.
Can open the exchange management shell on second server fine.
Not sure where to look now?
Any ideas?
Thxs Chris
All replies (14)
Friday, January 31, 2020 2:18 AM ✅Answered
Ok I have found a fix for this issue....
But this fix is not related to the error I was getting in my EMS, but it fixed the EMS issue.
I ran the command listed in this post, and job done. EMS now working!
How did I work this out? My second exchange 2016 server (The good one) was logging the following error in the event viewer:
"Exception: Microsoft.Exchange.Security.Authentication.BackendRehydrationException: Rehydration failed"
Chris !
Monday, January 13, 2020 3:59 AM
1. Launch IIS Manager
2. Expand "Sites" under the server with this issue
3. Click on "Exchange Back End"
4. In the actions pane to the right, click on "Bindings"
5. Select the https type and click on "Edit"
6. Select the appropriate certificate and click on Ok.
7. From an elevated command prompt window (I prefer Powershell these days) type "iisreset" and hit enter.
Monday, January 13, 2020 4:01 AM
This also may useful,
https://evotec.xyz/exchange-2013-powershell-errors-out-and-exchange-2013-ecp-doesnt-work-correctly/
Monday, January 13, 2020 4:02 AM
Hi
Have you tried rebooting the domain controllers as well to see if you have not lost access of some kind on this server?
Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Monday, January 13, 2020 6:15 AM
Hi,
Is there any update about your issue?
It can be possibly a WIN RM Issue. Run winrm quickconfig and see whether u are able to connect
If you are unable to connect then Try reinstalling the WinRM
Import-Module ServerManager
Remove-WindowsFeatureWinRM-IIS-Ext
Add-WindowsFeatureWinRM-IIS-Ext
Also check if you have a certificate assigned to the Default Web Site - HTTPS Binding/Port 443, and Exchange Back End web site - HTTPS binding/Port 444
The following is a similar issue for your reference as well:
>>>>>>>>
I finally found the solution. The Exchange Trusted Subsystem (MS Exchange Security Groups in AD Users & Computers) was missing the Administrators group from the Member Of tab. Once I added this group and logged off and back in I was then able to connect to the primary active Exchange server using EMS. I haven't seen this mentioned online anywhere and the MS article for the Access Denied error also failed to mention to check this.
<<<<<<<<
Regards,
Joyce Shen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, January 13, 2020 8:09 PM
Hi People,
Ok thxs for all the ideas here.
I have gone thru each one of them here, still no luck. Please note that I have 2 exchange servers in a DAG and this is only effecting one of them.
The only one here I don't understand is this one:
"I finally found the solution. The Exchange Trusted Subsystem (MS Exchange Security Groups in AD Users & Computers) was missing the Administrators group from the Member Of tab. Once I added this group and logged off and back in I was then able to connect to the primary active Exchange server using EMS. I haven't seen this mentioned online anywhere and the MS article for the Access Denied error also failed to mention to check this."
My Exchange trusted subsystem looks like this...
Thxs Chris
Thursday, January 16, 2020 7:49 AM
Hi,
Is there any update about your issue?
Have you checked the event viewer to get any related error log about the issue? The event log may be helpful to troubleshooting.
We may refer to this issue: Exchange Management Shell - Access Denied which had an eventid 265, caused by the RBAC.
I also see the similar issue which is caused by the time difference between Exchange and DC, after synchronizing the time on exchange server, the issue was resolved.
Regards,
Joyce Shen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, January 16, 2020 8:50 PM
Thxs for your input here, yes still a issue.
Nothing in Event logs and no 265 eventid's as well.
I have double checked the time sync to the DC's and this seems ok.
Very frustrating :(
Thxs Chris
Tuesday, January 21, 2020 7:27 AM
Hi,
What changes have been made in your environment before this issue occured which may related to this?
Please verify whether remote powershell works, steps can be seen in this article:
Connect to Exchange servers using remote PowerShell
Regards,
Joyce Shen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, January 21, 2020 9:39 PM
Hi Joyce,
Thxs for your in put here.
Change? None that I know of.
I have successfully followed this link you supplied here. I ran this from my second good exchange server. (So-exchange01)
All seems ok.
Thxs Chris
Thursday, January 23, 2020 8:47 AM
Hi,
So remote powershell can work properly, but local EMS cannot work.
Please make sure the account you login the server as admin or has right peremission. Or you can change another account to login the server and connect the EMS again.
Regards,
Joyce Shen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, January 23, 2020 7:40 PM
Hi Joyce.
Correct, as I said from the start, EMS on one DAG member don't work.
Nothing to do with accounts as I've tried a few including local admin.
I logged a call with MS yesterday.... after almost 4 hours on the phone with the tech, no luck yet.
Thxs Chris
Tuesday, January 28, 2020 7:40 AM
Hi,
Seems that you have opened a ticket with Microsoft, is there any progress about your issue so far?
If your issue has been resolved, please share the solution here.
Regards,
Joyce Shen
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, January 29, 2020 12:25 AM
Well after 4 hours on Thursday and another + 4 hours on Friday and 2 more hours today with MS tech, still no luck.
Chris
