Home » Exchange Server » Exchange 2010 Management Console Initialization Failed

Exchange 2010 Management Console Initialization Failed

I encountered this problem shortly after installing a second Exchange Server 2010 server into my organization.  Initially I thought that this second server had caused the problem but on further investigation I found out the real culprit.

The initialization error I was receiving when opening the Exchange Management Console was:

Initialization Failed: Connecting to remote server failed with the following error message: Access is denied.

emcerror

The Event Log of the server had this error:

Log Name:      Application
Source:        MSExchangeSA
Date:          13/12/2009 8:22:28 PM
Event ID:      9385
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’; the error code was ‘8007203a’. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.

If this computer is not a member of the group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’, you should manually stop all Microsoft Exchange services, run the task ‘add-ExchangeServerGroupMember,’ and then restart all Microsoft Exchange services.

I double checked the “Exchange Servers” group in Active Directory and confirmed that the two servers were already in there.

exchangeserversgroup

I then found this error in the Event Log of the server:

Log Name:      Application
Source:        MSExchangeIS
Date:          13/12/2009 9:14:29 PM
Event ID:      5003
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Unable to initialize the Information Store service because  the clocks on the client and server are skewed.   This may be caused by a time change either in the client or the server,  and may require a reboot of that computer.   Verify that your domain is properly configured and  is currently online.

As we know a time sync problem will cause Kerberos authentication issues.  I checked and sure enough the clocks on the Exchange servers were out by more than 5 minutes from the domain controllers.

The reason for this was that my Exchange servers were hosted on a Hyper-V server that is not synced to the same time source as the domain controllers which are hosted on a separate VMware ESX server.  Normally the Exchange servers would still sync their time with the PDC-E for their domain but the Hyper-V integration settings were overriding this.

hypervsettings

Clearing the Time Synchronisation option and then running net time /set on the two Exchange servers brought their clocks back into sync with their domain controllers.

hypervsettings2

Restarting the servers then allowed all of the Exchange services to come online properly again, and the intialization error no longer occurred when launching the Exchange Management Console.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

60 comments

  1. LeSmu says:

    I’ve had the same issue, but I couldn’t solve it by set the time synchronisation.

    Additional I had to reinstall the WinRM service. After installation type on PowerShell “winrm qucikconfig” and reboot the Server.

    This might help too.

    Regards,
    Smu

  2. eiger3970 says:

    I can’t find settings for EX2010.xxxxxxx.local.
    Management
    Integration Services
    Services
    Time synchronization

    Please help with the path as this looks like the closest fix to the exact same issue I’m having.
    Cheers,
    eiger3970.

    • Those settings are in Hyper-V, which I’m using to virtualize those servers. If yours are physical servers, or virtualized on another platform, then you’ll need to look for different time sync settings.

    • LeSmu says:

      You will find these settings in your Hyper-V Manager if you are using MS Hyper-V. Right-Klick on the Servers in the management console and select “settings”, than you will find the Tome Synchronisation.

  3. Chad Solarz says:

    Nice post paul. hoping you were gonna be able to save the day for me once again. I guess i went to the well one too many times. I know it’s way out of best practices, but i have one consolidated box. DC / Exch 2010 & Ocs 2007 R2. Unsure when it happened, but can’t authenticate to EMC or EMS due to the following error. Not a time issue, even tried resetting the computer and user account passwords.

    Did the winRM thing, no luck

    IIS seems to have a binding to port 80 on the default website too.

  4. Stephen Lloyd says:

    Nice post Paul. I’ve been racking my brain trying to find a decent post to resolve this issue. I even came close to throwing in the towel and trying a recover on Exchange box.

    Good call, and exact message error in Google – homed it in !!!

    Thanks…

  5. Kevin says:

    Paul: good post but i’ve got a different error and hoping you can point me in the right direction. “The attempt to connect to http://server/powershell using “kerberos” authentication failed: connecting to remote server failed with the following error message: The winRM client sent a request to an http server and got a response saying the requested http url was not available. This is usually returned by a http server that does not support the ws-management protocol”

    This is what i get when trying to connect emc 2010 to a 2003 server to try to add a new forest to start the mailbox migration process. any ideas would be totally apperciated

    • Hi Kevin, you can’t connect to a remote Exchange 2003 server/org with the EMC for Exchange 2010. I believe you will need to run the mailbox move requests via the Exchange Management Shell instead.

  6. S E says:

    It really was just a Time setting for the system. When running Exchange in a VM, if you sync the Time of the Guest OS to the ESXi host using VMtools, you need to make sure that the ESXi host time is consistent with the time on the host of the Active Directory too. Best way is to use NTP client on ESXi so they are surely synchronized. Otherwise disable time sync between the host and the guest and make sure everything is within a few minutes of each other. But NTP is really the smartest choice. Once the times are set, you might have to disable then re-enable the time sync in VMtools and all should be fine again.

  7. Victor says:

    Hey Paul,
    I’m getting a similar error that I can’t seem to find a solution to. I was hoping you could help.
    “The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”
    Any ideas? Would the Time Sync work for this as well?

    • Pim says:

      Hello Victor,

      Just open command line on your server and fire command:
      net time /set
      Your Exchange servers need to be in sync with AD.
      This helped me, may help you as well.

      Regards,
      Pim

      P.S. : Thanks Cunningham for this wonderfull post. It saved my lot of time to find what went wrong 🙂

    • Swiff says:

      I have found that if this is the result of an upgrade your profile can become corrupt.

      Try to log in with a different user if you have no issue then its you profile.
      if this is the case then right click computer>properties>advanced systems settings
      under user settings click settings> and delete the corrupt profile

  8. U. P. B. Michael says:

    Hi Paul, thanks for your nice article. I am encountering the same problem and there is no issue with the time. The Domain Controller and the exchange server both using same time.

    The detail regarding the error is as follows:

    ” The following error occurred while searching for the on-premise Exchange server:

    No Exchange servers are available in any Active Directory sites. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion ‘Version 14.1 (Build 218.15) “.

    At the event viewer of Microsoft Exchange with Database availability group displays following error : MS Exchange DsAccess :

    ” All domain controller servers in use are not responding.”

    I’ve checked the active directory site and found the domain controller right there.
    I cannot understand what’s exactly causing the problem

    Any help/thought will highly be appreciated.
    Thanks more in advance.

  9. Joe says:

    I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WinRM related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support WS-Management Protocol.

    This is on an SBS2011 server. DC, Exchange SharePoint etc. When I open the Exchange Powershell console I get the same message. I’ve reset IIS and I’m also having another issue on the same machine with four Exchange services not starting automatically even though they are set to start as such. I put in a dependency for them to start after Netlogon, but still no dice.

    Thoughs?
    Joe

  10. Ben says:

    I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WS-Management related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WS-Management service cannot process this request. The system load quota of 1000 requests per 2 seconds has been exceeded .

    Please help

  11. Jilltre says:

    Thanks! We had a disconnect from the Internet overnight due to a firewall device failure… and our main server lost time (gotta check that battery)… anyway.. the Exchange server is on a HyperV machine…. once I corrected the time issue, the console connected. Woot!

  12. themexbob says:

    Hey.

    Like to say thanks!

    I kept on getting this error for past two weeks and I am very happy to say that issue was due to TimeSync on one of my BackupDC’s. Adjust time and issue resolved. Would not be able to figure this one out on time if it wasn’t for this blog.

    Awesome keep up the great work.

  13. JESSICA GODOY says:

    Thanks!!!!!

    I had problems with Exchange server 2013 and this article resolved my problem!

    Thank you very much for shared this.

    Jessica Godoy

  14. Saurabh Damle says:

    The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”

    We have Active Directory In VmWare EsXi and Exchange 2010 on Physical Server. I can see that by entering “net time /set” works well but after few moments it changes the time again.

    Please help.

    Thank you so much

    • Jeff says:

      Your DC is virtualized. For some reason, sometimes a virtual DC will pick up its host machine time even if you just set it on the VM. Update the host time and see if it still has a problem.

  15. Ryan Bach says:

    so I have a little bit of a different issue. We are currently on 2010 sp3 RU 8v2. We have created a new Role group for our Helpdesk agents so that they can create new mailboxes and modify existing mailbox but to not be able to delete or disable them. we created a test user so that we can test this new role group before we apply it to the agents. we have added this test user to the role group and when we logged into a box that has the Management tools installed and launched the EMC and got the following message… Initialization Failed: The World Wide Web Publishing service (W3SVC) isn’t running on any exchange servers in the site. Make sure that the W3SVC is running on atleast one exchange server. but if I turn around and log in as myself I can launch it with no issues. Then if I take this account and log in directly on one of the exchange servers I can launch this with out issue. Obviously its not a permission issue to the console. Its an issue connecting to the remote powershell. I have been beating my head on the desk over this and can not come up with anything. Anyone else had this issue and what did you do to resolve it.

  16. shruti says:

    I am unable to create database on exchange server! Event viewer shows following error.
    entry is added to AD. Looks like cannot find local server.

    – System

    – Provider

    [ Name] MSExchangeApplicationLogic

    – EventID 9104

    [ Qualifiers] 49156

    Level 2

    Task 2

    Keywords 0x80000000000000

    – TimeCreated

    [ SystemTime] 2015-09-30T01:33:57.000000000Z

    EventRecordID 65783

    Channel Application

    Computer exchange.adv.com

    Security

    – EventData

    MSExchangeMailSubmission
    Microsoft.Exchange.Data.Directory.LocalServerNotFoundException: Cannot find information about the local server exchange.adv.com in Active Directory. This may be related to a change in the server name. at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindLocalServer() at Microsoft.Exchange.Data.ApplicationLogic.PickerServerList.LoadFromAD(PickerServerList oldServers) at Microsoft.Exchange.Data.ApplicationLogic.ADConfigurationLoader`2.c__DisplayClass1.b__0() at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)

    Any help much appreciated!
    Thanks in advance

  17. David Lee says:

    My Exchange Management Console has given me initialization failed.

    The following error occurred while searching for the on-premises Exchange server:

    [tya-ex.enli.com] Connecting to remote server tya-ex.enli.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-ExchangeServer -UseWIA $true – SuppressError $true – CurrentVersion ‘Version 14.3 (Build 123.4)”.

    May I know what the problem is and how to solve it.

    Thanks.

  18. Sandeep says:

    Hi Paul,

    Kindly help me to solve this issue. When I am trying to login to my exchange management console, i am getting the following error..

    “Connecting to New Exchange Forest.

    The attempt to connect using HTTPS protocol “Kerberos” failed: Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.

    The attempt to connect using HTTPS protocol “Basic” failed: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic”

    Please anybody help me to solve this issue as ai am facing trouble to create and edit users.

Leave a Reply

Your email address will not be published. Required fields are marked *