I encountered this problem shortly after installing a second Exchange Server 2010 server into my organization.  Initially I thought that this second server had caused the problem but on further investigation I found out the real culprit.

The initialization error I was receiving when opening the Exchange Management Console was:

Initialization Failed: Connecting to remote server failed with the following error message: Access is denied.

emcerror

The Event Log of the server had this error:

Log Name:      Application
Source:        MSExchangeSA
Date:          13/12/2009 8:22:28 PM
Event ID:      9385
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’; the error code was ‘8007203a’. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.

If this computer is not a member of the group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’, you should manually stop all Microsoft Exchange services, run the task ‘add-ExchangeServerGroupMember,’ and then restart all Microsoft Exchange services.

I double checked the “Exchange Servers” group in Active Directory and confirmed that the two servers were already in there.

exchangeserversgroup

I then found this error in the Event Log of the server:

Log Name:      Application
Source:        MSExchangeIS
Date:          13/12/2009 9:14:29 PM
Event ID:      5003
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Unable to initialize the Information Store service because  the clocks on the client and server are skewed.   This may be caused by a time change either in the client or the server,  and may require a reboot of that computer.   Verify that your domain is properly configured and  is currently online.

As we know a time sync problem will cause Kerberos authentication issues.  I checked and sure enough the clocks on the Exchange servers were out by more than 5 minutes from the domain controllers.

The reason for this was that my Exchange servers were hosted on a Hyper-V server that is not synced to the same time source as the domain controllers which are hosted on a separate VMware ESX server.  Normally the Exchange servers would still sync their time with the PDC-E for their domain but the Hyper-V integration settings were overriding this.

hypervsettings

Clearing the Time Synchronisation option and then running net time /set on the two Exchange servers brought their clocks back into sync with their domain controllers.

hypervsettings2

Restarting the servers then allowed all of the Exchange services to come online properly again, and the intialization error no longer occurred when launching the Exchange Management Console.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Ralph

    Hi Paul
    Just came across this same issue today, and it deceived me at first. We noticed the domain time seemed to be out of sync to the public time, however both the Exchange Server’s time were the same. What caught me was that the Edge server’s time was actually correct (non-domain time, non domain joined), but it was out against the two Exchange servers, hence the issue above was in effect.
    Corrected the domain time, and EMC and EMS started working.
    I did reboot one server, but eventually both server’s tools started working, without rebooting the second sever.
    Thanks again for your valuable blog, it is very much appreciated…!

  2. mouden

    experienced the same issue on exch2010sp3/w2008r2 server after applying Windows patch for wannacry virus, i ve tried all the solutions posted here without succes, finally got it to work again by modifying this IISmanager>default web site>ecp>Windows authentication>Advanced setting> extended protection = accept (it was on OFF)

    thanks everybody

  3. Sandeep

    Hi Paul,

    Kindly help me to solve this issue. When I am trying to login to my exchange management console, i am getting the following error..

    “Connecting to New Exchange Forest.

    The attempt to connect using HTTPS protocol “Kerberos” failed: Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.

    The attempt to connect using HTTPS protocol “Basic” failed: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic”

    Please anybody help me to solve this issue as ai am facing trouble to create and edit users.

  4. Juan Antonio Rodríguez

    Excelente, muy acertado la respuesta para este error. Muchas Gracias!

  5. David Lee

    My Exchange Management Console has given me initialization failed.

    The following error occurred while searching for the on-premises Exchange server:

    [tya-ex.enli.com] Connecting to remote server tya-ex.enli.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command ‘Discover-ExchangeServer -UseWIA $true – SuppressError $true – CurrentVersion ‘Version 14.3 (Build 123.4)”.

    May I know what the problem is and how to solve it.

    Thanks.

    1. Avatar photo
      Paul Cunningham

      “Access is denied”

      Usually that means you are logged on with an account that does not have any rights to manage Exchange.

      1. David Lee

        Hi Paul,

        I’m log-in using administrator password but previously there is no problem at all.

  6. shruti

    I am unable to create database on exchange server! Event viewer shows following error.
    entry is added to AD. Looks like cannot find local server.

    – System

    – Provider

    [ Name] MSExchangeApplicationLogic

    – EventID 9104

    [ Qualifiers] 49156

    Level 2

    Task 2

    Keywords 0x80000000000000

    – TimeCreated

    [ SystemTime] 2015-09-30T01:33:57.000000000Z

    EventRecordID 65783

    Channel Application

    Computer exchange.adv.com

    Security

    – EventData

    MSExchangeMailSubmission
    Microsoft.Exchange.Data.Directory.LocalServerNotFoundException: Cannot find information about the local server exchange.adv.com in Active Directory. This may be related to a change in the server name. at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.FindLocalServer() at Microsoft.Exchange.Data.ApplicationLogic.PickerServerList.LoadFromAD(PickerServerList oldServers) at Microsoft.Exchange.Data.ApplicationLogic.ADConfigurationLoader`2.c__DisplayClass1.b__0() at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)

    Any help much appreciated!
    Thanks in advance

  7. Mathew

    Type iisrest at elevated command prompt,

    1. Mathew

      iisreset is the correct command sorry

  8. Dilip Biswakarma

    please tell me the Role and feature configuration of server 2012 R2 for exchange server 2010.

    1. Avatar photo
      Paul Cunningham

      It is not supported to run Exchange Server 2010 on Windows Server 2012 R2.

      1. Ahmed Fathe

        No i have run Microsoft Exchange Server 2010 in windows Server 2012 but i have been that mistake you’re explained above.

  9. BHaichim

    Thank you so much. Time synchronization!!!

  10. DRBonny

    This worked for me.

  11. Ryan Bach

    so I have a little bit of a different issue. We are currently on 2010 sp3 RU 8v2. We have created a new Role group for our Helpdesk agents so that they can create new mailboxes and modify existing mailbox but to not be able to delete or disable them. we created a test user so that we can test this new role group before we apply it to the agents. we have added this test user to the role group and when we logged into a box that has the Management tools installed and launched the EMC and got the following message… Initialization Failed: The World Wide Web Publishing service (W3SVC) isn’t running on any exchange servers in the site. Make sure that the W3SVC is running on atleast one exchange server. but if I turn around and log in as myself I can launch it with no issues. Then if I take this account and log in directly on one of the exchange servers I can launch this with out issue. Obviously its not a permission issue to the console. Its an issue connecting to the remote powershell. I have been beating my head on the desk over this and can not come up with anything. Anyone else had this issue and what did you do to resolve it.

  12. Claudine zahra

    Check that you are logged in using Domain Admin not local Admin

  13. serdar

    it’s working. thanks paul

  14. Shaikh

    thank you, this fixed the issue….

  15. Saurabh Damle

    The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”

    We have Active Directory In VmWare EsXi and Exchange 2010 on Physical Server. I can see that by entering “net time /set” works well but after few moments it changes the time again.

    Please help.

    Thank you so much

    1. Jeff

      Your DC is virtualized. For some reason, sometimes a virtual DC will pick up its host machine time even if you just set it on the VM. Update the host time and see if it still has a problem.

  16. Antonin BRAGAI

    Hi PAUL,

    Merci cet article a résolut mon problème

  17. JESSICA GODOY

    Thanks!!!!!

    I had problems with Exchange server 2013 and this article resolved my problem!

    Thank you very much for shared this.

    Jessica Godoy

  18. sean

    I started attacking the issue the complete wring way looking at access issues. Turned out to be time sync. thx!

  19. themexbob

    Hey.

    Like to say thanks!

    I kept on getting this error for past two weeks and I am very happy to say that issue was due to TimeSync on one of my BackupDC’s. Adjust time and issue resolved. Would not be able to figure this one out on time if it wasn’t for this blog.

    Awesome keep up the great work.

  20. Jilltre

    Thanks! We had a disconnect from the Internet overnight due to a firewall device failure… and our main server lost time (gotta check that battery)… anyway.. the Exchange server is on a HyperV machine…. once I corrected the time issue, the console connected. Woot!

  21. Ben

    Hello Guys,

    I used iisreset command in powershell and it works, am now able to load the EMC.

    Thanks Paul

    1. richard s

      iisreset did the trick for me. THANK YOU

      1. Kerry

        powershell iisreset did it for me too, cheers mate.

        I had the error after adding another w2k12r2 DC to our site (although I think this could well have been a coincidence!) as we already have 2 w2k12r2 DC and I added another the day before without any issues.

    2. Jackyladdo

      Top man, worked perfectly, thanks

  22. Ben

    I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WS-Management related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WS-Management service cannot process this request. The system load quota of 1000 requests per 2 seconds has been exceeded .

    Please help

  23. Joe

    I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WinRM related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support WS-Management Protocol.

    This is on an SBS2011 server. DC, Exchange SharePoint etc. When I open the Exchange Powershell console I get the same message. I’ve reset IIS and I’m also having another issue on the same machine with four Exchange services not starting automatically even though they are set to start as such. I put in a dependency for them to start after Netlogon, but still no dice.

    Thoughs?
    Joe

  24. Kirld

    Thanks Paul.. You saved me again.

  25. U. P. B. Michael

    Hi Paul, thanks for your nice article. I am encountering the same problem and there is no issue with the time. The Domain Controller and the exchange server both using same time.

    The detail regarding the error is as follows:

    ” The following error occurred while searching for the on-premise Exchange server:

    No Exchange servers are available in any Active Directory sites. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion ‘Version 14.1 (Build 218.15) “.

    At the event viewer of Microsoft Exchange with Database availability group displays following error : MS Exchange DsAccess :

    ” All domain controller servers in use are not responding.”

    I’ve checked the active directory site and found the domain controller right there.
    I cannot understand what’s exactly causing the problem

    Any help/thought will highly be appreciated.
    Thanks more in advance.

    1. Pritam Roy Choudhury

      Hi Do you have solution for this issue.
      i am getting this same issue .
      i have tried with all but no luck

  26. Luiz

    Thanks! This solved my problems.

  27. Trikks

    Thanks
    This solved my issues. Thumbs up!

  28. lisa

    This worked for me, Thank you guys

  29. Victor

    Hey Paul,
    I’m getting a similar error that I can’t seem to find a solution to. I was hoping you could help.
    “The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”
    Any ideas? Would the Time Sync work for this as well?

    1. Pim

      Hello Victor,

      Just open command line on your server and fire command:
      net time /set
      Your Exchange servers need to be in sync with AD.
      This helped me, may help you as well.

      Regards,
      Pim

      P.S. : Thanks Cunningham for this wonderfull post. It saved my lot of time to find what went wrong 🙂

      1. Victor

        Thanks Pim. I was able to sync with the AD and it works fine. Also thanks to Paul for posting all this.

    2. Swiff

      I have found that if this is the result of an upgrade your profile can become corrupt.

      Try to log in with a different user if you have no issue then its you profile.
      if this is the case then right click computer>properties>advanced systems settings
      under user settings click settings> and delete the corrupt profile

  30. Kathir

    This was helpful…Thank you very much………

  31. Eric Weintraub

    OMG thank you so much, I was using a test lab with Hyper-V and didnt think to check the time.

  32. sarbjit

    this was helpful.
    did a net time / set after turning off the Hyper-v time sync. It all worked.

    Sarbjit

  33. jabarca84

    Hi Paul

    Thanks. This solved my problem. Time sync problem.

    Regards!!

  34. S E

    It really was just a Time setting for the system. When running Exchange in a VM, if you sync the Time of the Guest OS to the ESXi host using VMtools, you need to make sure that the ESXi host time is consistent with the time on the host of the Active Directory too. Best way is to use NTP client on ESXi so they are surely synchronized. Otherwise disable time sync between the host and the guest and make sure everything is within a few minutes of each other. But NTP is really the smartest choice. Once the times are set, you might have to disable then re-enable the time sync in VMtools and all should be fine again.

  35. Kevin

    Paul: good post but i’ve got a different error and hoping you can point me in the right direction. “The attempt to connect to http://server/powershell using “kerberos” authentication failed: connecting to remote server failed with the following error message: The winRM client sent a request to an http server and got a response saying the requested http url was not available. This is usually returned by a http server that does not support the ws-management protocol”

    This is what i get when trying to connect emc 2010 to a 2003 server to try to add a new forest to start the mailbox migration process. any ideas would be totally apperciated

    1. Avatar photo
      Paul Cunningham

      Hi Kevin, you can’t connect to a remote Exchange 2003 server/org with the EMC for Exchange 2010. I believe you will need to run the mailbox move requests via the Exchange Management Shell instead.

  36. Stephen Lloyd

    Nice post Paul. I’ve been racking my brain trying to find a decent post to resolve this issue. I even came close to throwing in the towel and trying a recover on Exchange box.

    Good call, and exact message error in Google – homed it in !!!

    Thanks…

  37. Chad Solarz

    Nice post paul. hoping you were gonna be able to save the day for me once again. I guess i went to the well one too many times. I know it’s way out of best practices, but i have one consolidated box. DC / Exch 2010 & Ocs 2007 R2. Unsure when it happened, but can’t authenticate to EMC or EMS due to the following error. Not a time issue, even tried resetting the computer and user account passwords.

    Did the winRM thing, no luck

    IIS seems to have a binding to port 80 on the default website too.

    1. Avatar photo
      Paul Cunningham

      Certificate issue perhaps. I’ve seen it break when people mess with SSL certs via the IIS mgmt tools.

      But yeah you might have gone one step too far with all that role stacking 🙂

  38. darshana

    net time /set was success

  39. eiger3970

    I can’t find settings for EX2010.xxxxxxx.local.
    Management
    Integration Services
    Services
    Time synchronization

    Please help with the path as this looks like the closest fix to the exact same issue I’m having.
    Cheers,
    eiger3970.

    1. Avatar photo
      Paul Cunningham

      Those settings are in Hyper-V, which I’m using to virtualize those servers. If yours are physical servers, or virtualized on another platform, then you’ll need to look for different time sync settings.

    2. LeSmu

      You will find these settings in your Hyper-V Manager if you are using MS Hyper-V. Right-Klick on the Servers in the management console and select “settings”, than you will find the Tome Synchronisation.

  40. ed

    Thanks. This saved my Friday afternoon. Time sync problem.

  41. LeSmu

    I’ve had the same issue, but I couldn’t solve it by set the time synchronisation.

    Additional I had to reinstall the WinRM service. After installation type on PowerShell “winrm qucikconfig” and reboot the Server.

    This might help too.

    Regards,
    Smu

Leave a Reply