Troubleshooting Cayosoft Administrator Exchange On-premises Connections

Licenses needed: Enterprise or Exchange On-premises

Summary

There are three items that need to be correctly configured to establish a successful connection from Cayosoft Administrator to a Microsoft Exchange On-premises Server. These three items are:

1. The Exchange Server

2. The security settings on the two servers

3. The connection settings within Cayosoft Administrator

Typical error messages

[<exchange.domain.com>] Connecting to remote server <exchange.domain.com> failed with the following error message: 
The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. 
For more information, see the about_Remote_Troubleshooting Help topic."

[ClientAccessServer=CHWT11BA21066,BackEndServer=server name,RequestId=7e62cc75-46d2-46c7-a96f-ad2a7a4610ae,TimeStamp=6/11/2018 1:26:05 PM] 
[FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting Help topic.

Error: Unable to match the identifier name Shared to a valid enumerator name. 
Specify one of the following enumerator names and try again: Regular, Room, Equipment                

Error Details: The WS-Management service cannot process the request. 
Operations involving multiple messages from the client are not supported. 
For more information, see the about_Remote_Troubleshooting Help topic.

Test connection to Exchange on-premise Server outside of Cayosoft Administrator

Run the following script.

Replace <ExchangeOnPrem_ConnectUri> with the value that you have in parameter Connect URI at Home > Configuration > Connected Systems Extensions > Microsoft Exchange extension and enter the same credentials that you're using in this extension when the script asks.

###
$ExchangeOnPrem_ConnectUri="<ExchangeOnPrem_ConnectUri>"
$ExchangeOnPrem_Cred = (Get-Credential)
###

[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Ssl3
$connectionParams = @{}
if($ExchangeOnPrem_ConnectUri.Trim() -like"http:*"){ $connectionParams.Add("Authentication", "Kerberos") }else{ $connectionParams.Add("Authentication", "Basic") }
$url = $ExchangeOnPrem_ConnectUri.Trim()
if ($url.EndsWith("/") -eq$false) { $url = $url + "/" }
$global:OnPremisesSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $url -AllowRedirection -SessionOption (New-PSSessionOption -SkipRevocationCheck) -Credential $ExchangeOnPrem_Cred @connectionParams 
$tmpImported = Import-PSSession$global:OnPremisesSession
###

Troubleshooting Exchange On-Premises Settings

Verify the TrustedHosts setting on the Exchange Server:

1. Open a Powershell prompt and run the command:

   Copy

   WinRM get winrm/config/client

2. See the example results below:

   Copy

   PS C:\> WinRM get winrm/config/client Client
           
   NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth
           
   Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false
   DefaultPorts
   HTTP = 5985
   HTTPS = 5986
   TrustedHosts

3. If the results are empty like they are in the example above continue to step 4. Otherwise, move to the next section of this guide.

4. Run the following command on the Exchange Server.

   Copy

   Set-item wsman:localhost\client\trustedhosts -value %Administrator_server_FQDN%

   Replace the Administrator_server_FQDN placeholder with your Cayosoft Administrator server FQDN.

5. Check that the settings are applied, running the command again:

   Copy

   WinRM get winrm/config/client

6. See the example results below:

   Copy

   PS C:\> WinRM get winrm/config/client Client
           
   NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth
           
   Basic = true Digest = true Kerberos = true
    
   Negotiate = true Certificate = true CredSSP = false
   DefaultPorts
   HTTP = 5985
   HTTPS = 5986
   TrustedHosts = *
   Note that the last line of output has changed to "TrustedHosts = *".

Verify the Cayosoft Administrator Configuration

• Restart the Cayosoft Administrator Server. This is to make sure you don't have some cached credentials somewhere.

• Verify service account permissions - In the Exchange Admin center, verify the Exchange connection account holds the Exchange Role Organizational Management.

• Verify the credentials are correct - In the Cayosoft Administrator Console in Microsoft Exchange extension settings, reenter the user name and password for the Exchange connection account, then restart the Cayosoft Administrator Service.

• Verify firewall settings are set for Remote Powershell - The remote Powershell connection from Cayosoft Administrator to Exchange is done over Port 80 to the Exchange Server. Port 80 traffic must be allowed through the firewall on both computers. For more information see Connect to Exchange servers using remote PowerShell.

Connectivity error after installing Windows Update KB4103725

Symptoms: you installed Windows Update KB4103725 on Exchange Server or Cayosoft Administrator server. After that you start to get the connectivity error message in the Cayosoft Administrator Console:

Sessions to Microsoft Exchange could not be established. 
Please read the platform returned error message(s) to identify the problem. 
The Check Settings Action, located on each extension's configuration page, may be useful for troubleshooting connections issues.

Error Details: [<exchange.domain.com>] Connecting to remote server
<exchange.domain.com> failed with the following error message: 
The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. 
For more information, see the about_Remote_Troubleshooting Help topic.

Solution: By default, after KB4103725 is installed, patched clients cannot communicate with unpatched servers. So, you need to install it on both the Cayosoft Administrator server and Exchange Server and reboot both of them.

More information about KB4103725 you can be found here:

• May 8, 2018—KB4103725 (Monthly Rollup)

• CredSSP updates for CVE-2018-0886

Connectivity error with Failure category 'Cafe-SendFailure'

Symptoms: you start getting an error from Microsoft Exchange extension:

Error: [<server name>] Connecting to remote server <server name> failed with the following error message : 
[ClientAccessServer=CHWT11BA21066,BackEndServer=<server name>,RequestId=7e62cc75-46d2-46c7-a96f-ad2a7a4610ae,TimeStamp=6/11/2018 1:26:05 PM] [FailureCategory=Cafe-SendFailure] 
For more information, see the about_Remote_Troubleshooting Help topic.

Solution: the most possible reason is a binding error on IIS for the Exchange Web Service. To fix it, follow the steps below:

1. Open IIS on the Exchange server:

   1. Press the Windows+R keys to open the Run dialog.

   2. Type inetmgr and press Enter.

   3. Navigate to the server name > Sites.

   4. Right-click the Exchange Back End.

   5. Select Edit Bindings:

2. In the new window, select https and then click Edit...

3. If SSL certificate field has the option Not selected change it to a valid certificate, for example, Microsoft Exchange:

4. Click Ok.

5. Close the Site Bindings dialog.

Enumeration error in Cayosoft Web Portal

Symptoms: When performing some actions with Active Directory users with Exchange on- premise mailbox, you may get the error:

Cannot bind parameter 'ErrorAction'. 
Cannot convert value 'Ignore' to type 'System.Management.Automation.ActionPreference' due to invalid enumeration values. 
Specify one of the following enumeration values and try again. The possible enumeration values are 'SilentlyContinue, Stop, Continue, Inquire'.

Solution:

1. In the Cayosoft Administrator Console, navigate to Microsoft Exchange extension settings.

2. In the Connect URI, check the server name where Microsoft Exchange Server is installed.

3. Login to the machine with Microsoft Exchange Server.

4. Check the installed PowerShell version. The PowerShell version should be 5.1. Please see How to determine the current PowerShell version.

If these steps do not resolve the issue, please send a request via email to support@cayosoft.com.

'The WS-Management service cannot process the request' error

Symptoms: When connecting to Exchange Server on-premises from Cayosoft Administrator installed on Windows Server 2019 or later you can get the following error:

The WS-Management service cannot process the request' 

The error appears if the service account is LocalSystem and the ConnectionUri value starts from HTTPS so basic authentication is used. The root cause is that under the LocalSystem connection requests use HTTP/2 protocol instead of HTTP/1.1 and the client OS fails to proceed with the response from the Exchange server.

Solution:

1. To resolve this error, you must disable HTTP2 protocol support in the WinHttp component on the machine from which you are connecting to Exchange Server.

   It is disabled by default in earlier versions of supported operating systems.

   Adding the following registry key and restarting the server disables it on Windows Server 2019 or later. Note that this is a machine-wide registry key:

   Copy

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Settings\WinHttp]"EnableDefaultHTTP2"=dword:00000000

2. The key can be set via PowerShell running as Administrator with the following command:

   Copy

   Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\' -Name EnableDefaultHTTP2 -Value 0
   

3. Restart Windows Server 2019 or later.

New Shared Mailbox and the Convert to Shared Mailbox web actions don't work correctly in Web Portal

Symptoms: The New Shared Mailbox and the Convert to Shared Mailbox do not work correctly.

It does convert it to a shared mailbox on Microsoft 365, however, in Active Directory it doesn't change the right attributes. Execution History has the following error:

Cannot process argument transformation on parameter 'Type'. 
Cannot convert value "Shared" to type "Microsoft.Exchange.Management.RecipientTasks.ConvertibleRemoteMailboxSubType". 
Error: "Unable to match the identifier name Shared to a valid enumerator name. 
Specify one of the following enumerator names and try again: Regular, Room, Equipment"

Solution:

Cayosoft Administrator supports Exchange 2016 with Cumulative Update 10 (CU10) and above. In CU10 Microsoft introduced remote shared mailbox types.

For details please see this article: Cayosoft Administrator System Requirements.