When attempting to open the Exchange Management shell you see the following;
[box]
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help **
Get general help: Help
Get help for a cmdlet: Help or -?
Exchange team blog: Get-ExBlog
Show full output for a command: | Format-List
Show quick reference guide: QuickRef
VERBOSE: Connecting to {mail server}
New-PSSession : [{mail server}] Processing data from remote server {mail server} failed with the
following error message: [ClientAccessServer={mail server}BackEndServer={mail server},RequestId=f092f550-6451-
4dea-820d-20322101874a,TimeStamp=08/10/2020 09:24:58]
[AuthZRequestId=eb185d5f-6a49-471f-9267-ad0ce9231d0f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user
"DOMAIN/{User-Name}" isn't assigned to any management roles. For more information, see the
about_Remote_Troubleshooting Help topic.
[/box]
When this happens you may also see Event ID 258 get logged;
[box]
Log Name: Application
Source: MSExchange RBAC
Date: {date} {time}
Event ID: 258
Task Category: RBAC
Level: Error
Keywords: Classic
User: N/A
Computer: {Mail Server}
Description:
(Process 9680, PID w3wp.exe)"RemotePS Public API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The user "{Domain/user-name}" isn't assigned to any management roles.
[/box]
Solution
I’ve highlighted the most pertinent text in the error messages (above), that being;
The user “{Domain/User-Name}” isn’t assigned to any management roles.
For once Microsoft error messages are actually quite descriptive and helpful! The user that you are attempting to open the Exchange Management Shell with does not have the Exchanger administrative rights to do so! Typically to manage Exchange you need to be a member of the ‘Organization Management’ group, (my Englishness OCD hates that spelling!)
So, (obviously using your administrative account NOT you normal user account ;P ) Add yourself to that group.
Remember, granting rights via a ‘group‘ means you will have to log off, and then back on again, before you actually get those rights.
Related Articles, References, Credits, or External Links
A Dynamic Distribution list, (as the name implies), maintains its membership for you. Unlike a normal static distribution list that you need to add/remove mailboxes manually.
Solution
Use PowerShell/Exchange Management Shell
1. I’m assuming you already have an OU populated with mail enabled users, in this example called Engineering.
2. Launch the Exchange Management Shell, Execute the following command, (change the values in red to match your own);
Note: In this example the ‘Alias’ can’t be created with a space in it, so it would be EngineeringDept@domainc.com.
Exchange 2013 Use the Exchange Admin Center
1. I’m assuming you already have an OU populated with mail enabled users, in this example called Sales.
2. Launch the Exchange Admin Center > recipients > Groups > Add > Specify a Name and Alias > Browse to the OU > Save.
Exchange 2007 / 2010 Use the Exchange Management Console
1. I’m assuming you already have an OU populated with mail enabled users, in this example called Sales.
2. From within the Exchange Management Console > Recipient Configuration > New Dynamic Distribution Group > Browse > Select your OU > Specify a Name and Alias > Next.
3. Specify the recipient types or click next to select All.
4. Specify any conditions > or leave blank to select none > Next > New.
5. Finish.
Related Articles, References, Credits, or External Links
I like to keep Exchange databases in their own volume, so one of the first things I do is move them.
Warning: Moving a mail database will make it unavailable while it is being moved, warn your users, or plan in some down time.
Solution
1. First see where the database is now. From within the Exchange admin center (https://localhost/ecp) > Servers > Databases > Select the database to be moved.
Note: Take a note of the database path, and the database filename (filename.edb). Copy the complete path to Notepad.
2. Create a folder on your ‘target’ volume, for the database to live in.
Since Exchange 2007, its management tasks have been done via PowerShell, (yes even the GUI Management). Which is fine, however it runs all that PowerShell from a virtual directory that lives in the servers’ IIS webserver. When that fails or there is a problem, Exchange runs quite happily, but you can’t run the management tools.
There are a number of reasons for this to fail and a number of different error messages, I will list them as I come acoss them.
Error 1 (Seen 16/10/12)
Error: Connecting to the remote server failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-exchangeserver- useWIA $true – suppressError $true’ -CurrentVersion ‘Version 14.1(Build 218.15).
I got the same when trying to access the Exchange Management Shell as well.
Update 16/10/12: I got this problem today again! It seems AVG 2012 causes this problem as well, if you have AVG installed remove it and try again.
Solution (Error 1)
1. Firstly drop to command line > then (as asked) run “WinRM QuickConfig”. Carry out any changes that it asks by simply pressing “y”.
2. Run the same command again untill it returns two positive results.
3. Start > Run > Services.msc {enter} Locate the following three services, make sure that they are set to “automatic startup” and are running.
IIS Admin Service Windows Remote Management (WS-Management) World Wide Web Publishing Service
4. Start > Administrative Tools > Expand Sites > Default Web Site > Make sure the default web site IS STARTED.
THIS WAS MY PROBLEM! If you can see the green start arrow then its NOT started.
5. When I attempted to start the default web site I got the following error:
Error: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020).
Essentially one or both of the two comms ports that IIS uses (Port 80 HTTP and Port 443 HTTPS) have been taken by another process or program. Have a common sense check, what’s been installed on this server that might have a “web portal”? UPS software, AV software, another web server like Apache for example?
To find out what process is using the port
6. Close down any open windows that you have on the server. At command line issue the following two commands:
The fist checks for programs using port 80, In my case there were none, the second command checks port 443, heres my culpritt. All I know at this point is it’s PID (in the example below 4852).
7. To find out what that PID is, right click your Task bar > Launch Task Manager > Processes Tab > View > Select Columns.
9. Sort the PID column (by clicking on the column title) locate the PID in question, find out what it is. Once you know that stopping it will not harm the server, then simply right click and “End Process Tree”.
Note: Some legitimate important Windows processes might be using these ports like “lsass” and “system”.
10. Now you should be able to start the default website, and the Exchange Management Console should open correctly.
WARNING: You have not fixed the problem! (Just identified it), the software that hijacked the IIS ports needs uninstalling, or changing so that it uses a different port.
Error 2 (Seen 02/05/13)
Connecting to the remote server failed with the following error message: The WinRM client… cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-exchangeserver- useWIA $true – suppressError $true’ -CurrentVersion ‘Version 14.1(Build 218.15).
And from the Exchange Managent Shell;
Other Symtoms;
Attempting to open OWA gives a 500 – Internal server error. (If that’s the only problem and it’s SBS 2011, make sure the ‘Microsft Exchange Form Based Authentication’ service is running).
Solution (Error 2)
I spent an entire afternoon fighting with this error on an SBS 2011 server! Every post I found on the internet did NOT fix it. Not even this one (which was so close) but my envirnment variables were correct
The EMTShooter did not help either, I checked it’s recommendations. and they were all correct.
The bottom line is: This is an IIS problem not an Exchange one, the site I was at had done a lot of work on this server and just installed some third party software, (that may or may not have changed some IIS configuration settings). So I connected to another working SBS 2011 Server and copied the contents of the c:inetpubwwwroot folder to the affected machine (back it’s contents up first!). Then run the following command;
[box] iisreset [/box]
If you don’t have access to a working SBS 2011 server, here you go, (you owe me a vodka!)
Error 3 (Seen 30/04/14)
“The attempt to connect to http://server.domain.com/PowerShell using “Kerberos” authentication failed: connecting to remote server failed with the following error message : The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic.”
If you attempt to install Exchange Service Pack 3 on an Exchange server that is currently running Service Pack 1 you will see this error.
Error:
The ‘IIS 6 WMI Compatibility’ component is required. Install the component via Server Manager.
Solution
Note: This was a prerequisite for SP2, so if you do not see this error your Exchange was deployed with SP2 slipstreamed into it, or the problem was dealt with when SP2 was installed.