If I logon to Exchange servers using the local Administrator account and I open EMS it results in this error:
[server.domain.local] Connecting to remote server failed with the following error message : WinRM cannot process the r
equest. The following error occured while using Kerberos authentication: A specified logon session does not exist. It m
ay already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information,
see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
Exception calling "GetComputerDomain" with "0" argument(s): "Logon failure: unknown user name or bad password.
"
At P:\Program Files\Microsoft\Exchange Server\V14\bin\ConnectFunctions.ps1:204 char:70
+ [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain <<<< ().Forest.Name
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Exception calling "GetComputerSite" with "0" argument(s): "Logon failure: unknown user name or bad password.
"
At P:\Program Files\Microsoft\Exchange Server\V14\bin\ConnectFunctions.ps1:164 char:92
+ $localSite=[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At P:\Program Files\Microsoft\Exchange Server\V14\bin\ConnectFunctions.ps1:253 char:17
+ $search.FindAll <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
You cannot call a method on a null-valued expression.
At P:\Program Files\Microsoft\Exchange Server\V14\bin\ConnectFunctions.ps1:146 char:33
+ $siteName = $siteDN.ToString <<<< ().SubString(3).Split(",")[0]
+ CategoryInfo : InvalidOperation: (ToString:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
WARNING: No Exchange servers are available in the Active Directory site . Connecting to an Exchange server in another
Active Directory site.
Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.:
If I logon to Exchange servers using the domain Administrator account and I open EMS it works fine.
Also opening EMC from local Administrator fails but if I open it from domain Administrator user account it works fine.
Environment: Exchange 2010 SP1 CU4 single-site two-server configuration, with both servers running CAS/HUB and MAILBOX roles. I use DAG to achieve HA and a hardware balancer to balance the CAS roles. No Edge role nor Unified Messaging roles are present.
So, is it possible to open Exchange 2010 EMC and EMS using the local Administrator account when Exchange farm is composed by more then one server?
If you know it works with a Domain Admin account, I don't see the point of even trying with the local admin. If you have a specific need you're not telling us about, please update your question.
That said, you might be able to use the Run As trick when logged in as that local admin, and run the EMC or EMS as the domain admin account. Again, seems kinda pointless though.
Update in response to comment:
Your local admin is just that - a local admin. Exchange is a domain resource, and permission is controlled with domain accounts. Since Exchange requires Active Directory to function properly, you wouldn't do very well troubleshooting if there was no domain connectivity anyway, since things would be failing all over the place.
User contributions licensed under CC BY-SA 3.0