PowerShell.com
Forums » Ask the Experts » PowerShell for Windows » Error in Exchange server commands - get mailbox

Error in Exchange server commands - get mailbox

rated by 0 users
This post has 1 Reply | 1 Follower

Not Ranked
Posts 2
Reply
Chithra Posted: 05-10-2012 8:16 AM

Hello,

I am working with power shell and Exchange server 2010. I was able to get mailbox details using the following command

 

$server='WIN-APRJ2923AV5.abc.com';$pwd= convertto-securestring 'Global123$' -asplaintext -force;$cred=new-object -typename System.Management.Automation.PSCredential -argumentlist 'Administrator',$pwd;
 invoke-command -computername $server -credential $cred -scriptblock {Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010; get-mailbox xyz}

 I have tried this command with IP address instead of Computername....

$server='192.168.1.194';$pwd= convertto-securestring 'Global123$'-asplaintext -force;$cred=new-object -typename System.Management.Automation.PSCredential -argumentlist 'WIN-APRJ2923AV5.abc.com\Administrator',$pwd;
 invoke-command -computername $server -credential $cred -scriptblock {Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010; get-mailbox xyz}

 But it threw an exception as follows

[192.168.1.194] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the
 destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following
 command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken

 What is the problem with second query? Can anyone help me on this?

Regards
Sebastian

Top 10 Contributor
Posts 597
Microsoft MVP
Top Contributor
Reply
Tobias replied on 05-11-2012 5:07 AM

Exchange 2010 uses PowerShell remoting internally, which in turn uses Kerberos authentication. When you use IP addresses, Kerberos no longer works so you get security exceptions.

If you MUST use IP addresses (you are then losing mutual authentication which introduces spoofing risks), you need to configure your client for it. To do this, as an admin you need to first enable remoting on your side temporarily:

Enable-PSRemoting -force

Then, you change security settings to allow negotiate authenticaton like so:

Set-Item wsman:\localhost\client\trustedhosts * -force

Then, you can disable remoting on your side again:

Disable-PSRemoting -force

Now, you can use IP addresses. However, since you now no longer have transparent Kerberos authentication, you also MUST use the -Credential parameter and explicitly specify the account you want to use for authentication.

Hope that helps,

Tobias

Page 1 of 1 (2 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.