I am attempting to establish a PowerShell session to run several Exchange commands against an Exchange server on the localhost. I keep getting the following error:
New-PSSession : [<HOSTNAME>] Connecting to remote server <HOSTNAME> failed with the following error message
: Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'h ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
My code is a copy paste from the Microsoft Technet Article. It works against remote machine, but anytime I target the machine I am running from, I get the above error.
What I've tried so far:
about_remote_troubleshooting
help topic. Nothing in there relating to Access Denied errors worked.net use
and net session
to make sure I didn't have a weird multiple connections with the same credentials issue. (I didn't see anything to indicate that)Some quick notes:
The specific commands I am entering are:
$cred = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<HOSTNAME>/Powershell' -Credential $cred
Is connecting to the localhost like this something that I should be able to do? Or is it just not supported?
I am at a complete loss at this point. Any help, even to point me in the right direction, would be greatly appreciated.
EDIT: I should add, I've attempted connecting to this localhost from a different machine, using the same commands as above, and it worked without issue. So, I don't think it is a local configuration issue.
So, I stumbled on the solution late last week. It seems to have something to do with the authentication being used. I had left the "-Authentication" parameter blank, intending to let the New-PSSession command sort out which method would be best.
Apparently, this defaults to the "Negotiate" authentication method, which will select Kerberos against a remote machine, but will select NTLM otherwise (or at least, that was my observed/assumed behavior). See this Microsoft description of the authentication methods.
Specifying a specific Authentication method (Both "Kerberos" and "Basic" worked, "Negotiate" didn't, I didn't tinker too much past this) clears the issue and allowed me to connect to the local exchange instance.
So, rather than this:
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<HOSTNAME>/Powershell' -Credential $cred
Do this:
$session = New-PSSession -Authentication Kerberos -ConfigurationName Microsoft.Exchange -ConnectionUri 'http://<HOSTNAME>/Powershell' -Credential $cred
Why did that work? I have no clue. I'll leave it to people who know more than me to explain it.