About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.

2012/02/22

Exchange 2010 WinRM and Powershell

Situation

Opening the Exchange Management Shell (EMS) on the server fails to connect to the local server with this error:

Connecting to remote server failed with the following error message : The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.

Nice, huh?  Looking at the event log gave me an RBAC error and a a few others as shown…

(Process w3wp.exe, PID 3244) "RBAC authorization is unavailable due to the transient error: The Microsoft Exchange Active Directory Topology service on server localhost can't be contacted via RPC. Error 0x5."

Process w3wp.exe (PID=3244). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 5 (Error 0x5 (Access is denied) from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall.

Process w3wp.exe (PID=3244). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 5 (Error 0x5 (Access is denied) from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall.

What changed over the last week?  E2010 SP2 and RU1 had been run into the environment – but nothing else.

This was very frustrating because all the “normal” fixes to this did not work.  WinRM extensions, Kerberos auth on the powershell vdir, rebooting, you name it, I looked at it.  Nada.

The Fix

On a whim, while checking the PowerShell virtual directory path, and comparing a working server to this non-functioning server, I looked at the application pool…oh &%*!.  How did it get that way?  Four hours of chasing my tail.  Four hours of my life I cannot get back.

My only thought is that SP2 or SP2 RU1 borked that setting for some bizarre reason.  Here is a nice screen shot of what it was…

clip_image002[5]

…and what it should be:

clip_image002

YMMV

2 comments:

Unknown said...

Amazing. I had the EXACT SAME PROBLEM and this fixed it by setting the AppPool soccertly as explained here! I was pulling my hair out as I tried all of the other "fixes" and non of them worked. This was an issue caused by SP2.

Unknown said...

Amazing! This worked for me as well by setting the AppPool to powershell. I had tried all of the other fixes and nothing worked. This is an issue with SP2.

test 02 Feb

this is a test it’s only a test this should be a picture