I encountered this problem shortly after installing a second Exchange Server 2010 server into my organization. Initially I thought that this second server had caused the problem but on further investigation I found out the real culprit.
The initialization error I was receiving when opening the Exchange Management Console was:
Initialization Failed: Connecting to remote server failed with the following error message: Access is denied.
The Event Log of the server had this error:
Log Name: Application
Source: MSExchangeSA
Date: 13/12/2009 8:22:28 PM
Event ID: 9385
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: ex1.exchangeserverpro.local
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’; the error code was ‘8007203a’. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.If this computer is not a member of the group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’, you should manually stop all Microsoft Exchange services, run the task ‘add-ExchangeServerGroupMember,’ and then restart all Microsoft Exchange services.
I double checked the “Exchange Servers” group in Active Directory and confirmed that the two servers were already in there.
I then found this error in the Event Log of the server:
Log Name: Application
Source: MSExchangeIS
Date: 13/12/2009 9:14:29 PM
Event ID: 5003
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: ex1.exchangeserverpro.local
Description:
Unable to initialize the Information Store service because the clocks on the client and server are skewed. This may be caused by a time change either in the client or the server, and may require a reboot of that computer. Verify that your domain is properly configured and is currently online.
As we know a time sync problem will cause Kerberos authentication issues. I checked and sure enough the clocks on the Exchange servers were out by more than 5 minutes from the domain controllers.
The reason for this was that my Exchange servers were hosted on a Hyper-V server that is not synced to the same time source as the domain controllers which are hosted on a separate VMware ESX server. Normally the Exchange servers would still sync their time with the PDC-E for their domain but the Hyper-V integration settings were overriding this.
Clearing the Time Synchronisation option and then running net time /set on the two Exchange servers brought their clocks back into sync with their domain controllers.
Restarting the servers then allowed all of the Exchange services to come online properly again, and the intialization error no longer occurred when launching the Exchange Management Console.
Hi Paul
Just came across this same issue today, and it deceived me at first. We noticed the domain time seemed to be out of sync to the public time, however both the Exchange Server’s time were the same. What caught me was that the Edge server’s time was actually correct (non-domain time, non domain joined), but it was out against the two Exchange servers, hence the issue above was in effect.
Corrected the domain time, and EMC and EMS started working.
I did reboot one server, but eventually both server’s tools started working, without rebooting the second sever.
Thanks again for your valuable blog, it is very much appreciated…!
experienced the same issue on exch2010sp3/w2008r2 server after applying Windows patch for wannacry virus, i ve tried all the solutions posted here without succes, finally got it to work again by modifying this IISmanager>default web site>ecp>Windows authentication>Advanced setting> extended protection = accept (it was on OFF)
thanks everybody
Hi Paul,
Kindly help me to solve this issue. When I am trying to login to my exchange management console, i am getting the following error..
“Connecting to New Exchange Forest.
The attempt to connect using HTTPS protocol “Kerberos” failed: Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.
The attempt to connect using HTTPS protocol “Basic” failed: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic”
Please anybody help me to solve this issue as ai am facing trouble to create and edit users.
Excelente, muy acertado la respuesta para este error. Muchas Gracias!
My Exchange Management Console has given me initialization failed.
The following error occurred while searching for the on-premises Exchange server:
[tya-ex.enli.com] Connecting to remote server tya-ex.enli.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-ExchangeServer -UseWIA $true – SuppressError $true – CurrentVersion ‘Version 14.3 (Build 123.4)”.
May I know what the problem is and how to solve it.
Thanks.
“Access is denied”
Usually that means you are logged on with an account that does not have any rights to manage Exchange.
Hi Paul,
I’m log-in using administrator password but previously there is no problem at all.
I am unable to create database on exchange server! Event viewer shows following error.
entry is added to AD. Looks like cannot find local server.
– System
– Provider
[ Name] MSExchangeApplicationLogic
– EventID 9104
[ Qualifiers] 49156
Level 2
Task 2
Keywords 0x80000000000000
– TimeCreated
[ SystemTime] 2015-09-30T01:33:57.000000000Z
EventRecordID 65783
Channel Application
Computer exchange.adv.com
Security
– EventData
MSExchangeMailSubmission
Microsoft.Exchange.Data.Directory.LocalServerNotFoundException: Cannot find information about the local server exchange.adv.com in Active Directory. This may be related to a change in the server name. at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindLocalServer() at Microsoft.Exchange.Data.ApplicationLogic.PickerServerList.LoadFromAD(PickerServerList oldServers) at Microsoft.Exchange.Data.ApplicationLogic.ADConfigurationLoader`2.c__DisplayClass1.b__0() at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
Any help much appreciated!
Thanks in advance
Type iisrest at elevated command prompt,
iisreset is the correct command sorry
please tell me the Role and feature configuration of server 2012 R2 for exchange server 2010.
It is not supported to run Exchange Server 2010 on Windows Server 2012 R2.
No i have run Microsoft Exchange Server 2010 in windows Server 2012 but i have been that mistake you’re explained above.
Thank you so much. Time synchronization!!!
This worked for me.
so I have a little bit of a different issue. We are currently on 2010 sp3 RU 8v2. We have created a new Role group for our Helpdesk agents so that they can create new mailboxes and modify existing mailbox but to not be able to delete or disable them. we created a test user so that we can test this new role group before we apply it to the agents. we have added this test user to the role group and when we logged into a box that has the Management tools installed and launched the EMC and got the following message… Initialization Failed: The World Wide Web Publishing service (W3SVC) isn’t running on any exchange servers in the site. Make sure that the W3SVC is running on atleast one exchange server. but if I turn around and log in as myself I can launch it with no issues. Then if I take this account and log in directly on one of the exchange servers I can launch this with out issue. Obviously its not a permission issue to the console. Its an issue connecting to the remote powershell. I have been beating my head on the desk over this and can not come up with anything. Anyone else had this issue and what did you do to resolve it.
Check that you are logged in using Domain Admin not local Admin
Pingback: Fix Vmtools Error 1000 Windows XP, Vista, 7, 8 [Solved]
it’s working. thanks paul
Pingback: msha jobs mountain states Health alliance
Pingback: Anonymous
thank you, this fixed the issue….
The following error occured while attempting to connect to the specified server “yada-yada”:
The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”
We have Active Directory In VmWare EsXi and Exchange 2010 on Physical Server. I can see that by entering “net time /set” works well but after few moments it changes the time again.
Please help.
Thank you so much
Your DC is virtualized. For some reason, sometimes a virtual DC will pick up its host machine time even if you just set it on the VM. Update the host time and see if it still has a problem.
Pingback: Exchange Management Console 2010 kerberos authentication Failed | Omakku
Hi PAUL,
Merci cet article a résolut mon problème
Thanks!!!!!
I had problems with Exchange server 2013 and this article resolved my problem!
Thank you very much for shared this.
Jessica Godoy
I started attacking the issue the complete wring way looking at access issues. Turned out to be time sync. thx!
Hey.
Like to say thanks!
I kept on getting this error for past two weeks and I am very happy to say that issue was due to TimeSync on one of my BackupDC’s. Adjust time and issue resolved. Would not be able to figure this one out on time if it wasn’t for this blog.
Awesome keep up the great work.
Thanks! We had a disconnect from the Internet overnight due to a firewall device failure… and our main server lost time (gotta check that battery)… anyway.. the Exchange server is on a HyperV machine…. once I corrected the time issue, the console connected. Woot!
Hello Guys,
I used iisreset command in powershell and it works, am now able to load the EMC.
Thanks Paul
iisreset did the trick for me. THANK YOU
powershell iisreset did it for me too, cheers mate.
I had the error after adding another w2k12r2 DC to our site (although I think this could well have been a coincidence!) as we already have 2 w2k12r2 DC and I added another the day before without any issues.
Top man, worked perfectly, thanks
I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WS-Management related issue, from my interpretation.
http://server/PowerShell using “Kerberos” authentication failed:
Connecting to remote server failed with the following error message : The WS-Management service cannot process this request. The system load quota of 1000 requests per 2 seconds has been exceeded .
Please help
I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WinRM related issue, from my interpretation.
http://server/PowerShell using “Kerberos” authentication failed:
Connecting to remote server failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support WS-Management Protocol.
This is on an SBS2011 server. DC, Exchange SharePoint etc. When I open the Exchange Powershell console I get the same message. I’ve reset IIS and I’m also having another issue on the same machine with four Exchange services not starting automatically even though they are set to start as such. I put in a dependency for them to start after Netlogon, but still no dice.
Thoughs?
Joe
Thanks Paul.. You saved me again.
Hi Paul, thanks for your nice article. I am encountering the same problem and there is no issue with the time. The Domain Controller and the exchange server both using same time.
The detail regarding the error is as follows:
” The following error occurred while searching for the on-premise Exchange server:
No Exchange servers are available in any Active Directory sites. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion ‘Version 14.1 (Build 218.15) “.
At the event viewer of Microsoft Exchange with Database availability group displays following error : MS Exchange DsAccess :
” All domain controller servers in use are not responding.”
I’ve checked the active directory site and found the domain controller right there.
I cannot understand what’s exactly causing the problem
Any help/thought will highly be appreciated.
Thanks more in advance.
Hi Do you have solution for this issue.
i am getting this same issue .
i have tried with all but no luck
Thanks! This solved my problems.
Thanks
This solved my issues. Thumbs up!
This worked for me, Thank you guys
Hey Paul,
I’m getting a similar error that I can’t seem to find a solution to. I was hoping you could help.
“The following error occured while attempting to connect to the specified server “yada-yada”:
The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”
Any ideas? Would the Time Sync work for this as well?
Hello Victor,
Just open command line on your server and fire command:
net time /set
Your Exchange servers need to be in sync with AD.
This helped me, may help you as well.
Regards,
Pim
P.S. : Thanks Cunningham for this wonderfull post. It saved my lot of time to find what went wrong 🙂
Thanks Pim. I was able to sync with the AD and it works fine. Also thanks to Paul for posting all this.
I have found that if this is the result of an upgrade your profile can become corrupt.
Try to log in with a different user if you have no issue then its you profile.
if this is the case then right click computer>properties>advanced systems settings
under user settings click settings> and delete the corrupt profile
This was helpful…Thank you very much………
OMG thank you so much, I was using a test lab with Hyper-V and didnt think to check the time.
this was helpful.
did a net time / set after turning off the Hyper-v time sync. It all worked.
Sarbjit
Hi Paul
Thanks. This solved my problem. Time sync problem.
Regards!!
It really was just a Time setting for the system. When running Exchange in a VM, if you sync the Time of the Guest OS to the ESXi host using VMtools, you need to make sure that the ESXi host time is consistent with the time on the host of the Active Directory too. Best way is to use NTP client on ESXi so they are surely synchronized. Otherwise disable time sync between the host and the guest and make sure everything is within a few minutes of each other. But NTP is really the smartest choice. Once the times are set, you might have to disable then re-enable the time sync in VMtools and all should be fine again.
Pingback: Exchange 2010 Management Console Initialization Failed « Viral Rathod's Blog
Paul: good post but i’ve got a different error and hoping you can point me in the right direction. “The attempt to connect to http://server/powershell using “kerberos” authentication failed: connecting to remote server failed with the following error message: The winRM client sent a request to an http server and got a response saying the requested http url was not available. This is usually returned by a http server that does not support the ws-management protocol”
This is what i get when trying to connect emc 2010 to a 2003 server to try to add a new forest to start the mailbox migration process. any ideas would be totally apperciated
Hi Kevin, you can’t connect to a remote Exchange 2003 server/org with the EMC for Exchange 2010. I believe you will need to run the mailbox move requests via the Exchange Management Shell instead.
Nice post Paul. I’ve been racking my brain trying to find a decent post to resolve this issue. I even came close to throwing in the towel and trying a recover on Exchange box.
Good call, and exact message error in Google – homed it in !!!
Thanks…
Nice post paul. hoping you were gonna be able to save the day for me once again. I guess i went to the well one too many times. I know it’s way out of best practices, but i have one consolidated box. DC / Exch 2010 & Ocs 2007 R2. Unsure when it happened, but can’t authenticate to EMC or EMS due to the following error. Not a time issue, even tried resetting the computer and user account passwords.
Did the winRM thing, no luck
IIS seems to have a binding to port 80 on the default website too.
Certificate issue perhaps. I’ve seen it break when people mess with SSL certs via the IIS mgmt tools.
But yeah you might have gone one step too far with all that role stacking 🙂
net time /set was success
Pingback: Fixing Exchange 2010 Management Tools WinRM Errors - Exchange Server Pro
I can’t find settings for EX2010.xxxxxxx.local.
Management
Integration Services
Services
Time synchronization
Please help with the path as this looks like the closest fix to the exact same issue I’m having.
Cheers,
eiger3970.
Those settings are in Hyper-V, which I’m using to virtualize those servers. If yours are physical servers, or virtualized on another platform, then you’ll need to look for different time sync settings.
You will find these settings in your Hyper-V Manager if you are using MS Hyper-V. Right-Klick on the Servers in the management console and select “settings”, than you will find the Tome Synchronisation.
Thanks. This saved my Friday afternoon. Time sync problem.
I’ve had the same issue, but I couldn’t solve it by set the time synchronisation.
Additional I had to reinstall the WinRM service. After installation type on PowerShell “winrm qucikconfig” and reboot the Server.
This might help too.
Regards,
Smu