0

I have installed Exchange Server 2013 on a Windows Server 2012 machine.

When I try to establish a remote PowerShell connection, using this command with Kerberos authentication:

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://servername/powershell" -Credential $credential -Authentication "Kerberos"

I get the following error:

New-PSSession : [servername] Connecting to remote server servername failed with the following error message : Logon failure: unknown user name or bad password. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:20
+ $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -Connecti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : LogonFailure,PSSessionOpenFailed

However, if I try it with basic authentication, a connection is established successfully.

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://servername/powershell" -Credential $credential -Authentication "Basic"

Can somebody please tell me why this error is happening, and also a remedy to this.

Uma Priyadarsi
  • 85
  • 1
  • 3
  • 11

2 Answers2

0

This sounds alot like you haven't configured an SPN correctly for the target machine you wish to connect to.

You can use the setspn command (https://technet.microsoft.com/en-gb/library/cc731241.aspx) to check for duplicates or set an appropriate one to allow Kerberos authentication.

Unfortunately there is not enough information in your post to tell you what the correct SPN and on which account it should be set.

This is also a good source of explaining setting up computers for powershell remoting (including using Kerberos) (http://www.ravichaganti.com/blog/wp-content/uploads/2010/12/A%20layman's%20guide%20to%20PowerShell%202.0%20remoting-v2.pdf)

DanL
  • 1,974
  • 14
  • 13
  • I'm trying to learn and figure out the SPN settings. I'll get back to you once I do that. If you have any pointers on where to look for, it would be very helpful. – Uma Priyadarsi Sep 15 '15 at 07:02
0

In my case, it turns out, the system from which I was trying to initiate remote Powershell session was in a different workgroup (windows domain) than the workgroup in which my exchange server was installed.

In Kerberos, we cannot establish such connections over cross-domain.

Kerberos in general is little painful although more secure, with its multiple points of checks, which can actually also turn out to be multiple points of failure, unless of course configured properly. Time sync, domain, spn etc.

This websites might be of interest/help to someone who faces similar issues in the future: http://anexinetisg.blogspot.in/2013/07/kerberosslaying-dragon-in-exchange.html

Uma Priyadarsi
  • 85
  • 1
  • 3
  • 11