Published: March 23, 2017
Updated: June 5, 2018
Applies to: Cayosoft Administrator 8.x and above
Licenses needed: Enterprise or Exchange On-premises
Summary: There are three items that need to be correctly configured to establish a successful connection from Cayosoft Administrator to a Microsoft Exchange On-premises Server. These three items are:
- The Exchange Server
- The security settings on the two servers
- The connection settings within Cayosoft Administrator
In this article:
Typical error messages
Issue | Resolution |
---|---|
|
|
|
|
|
|
|
|
|
|
Test connection to Exchange on-premise Server outside of Cayosoft Administrator
Run the following script.
Replace <ExchangeOnPrem_ConnectUri> with the value that you have in parameter Connect URI at Home > Configuration > Connected Systems Extensions > Microsoft Exchange extension and enter the same credentials that you're using in this extension when the script asks.
###
$ExchangeOnPrem_ConnectUri="<ExchangeOnPrem_ConnectUri>"
$ExchangeOnPrem_Cred = (Get-Credential)
###
[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Ssl3
$connectionParams = @{}
if($ExchangeOnPrem_ConnectUri.Trim() -like "http:*"){ $connectionParams.Add("Authentication", "Kerberos") }else{ $connectionParams.Add("Authentication", "Basic") }
$url = $ExchangeOnPrem_ConnectUri.Trim()
if ($url.EndsWith("/") -eq $false) { $url = $url + "/" }
$global:OnPremisesSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $url -AllowRedirection -SessionOption (New-PSSessionOption -SkipRevocationCheck) -Credential $ExchangeOnPrem_Cred @connectionParams
$tmpImported = Import-PSSession $global:OnPremisesSession
###
Troubleshooting Exchange On-Premises Settings
Verify the TrustedHosts setting on the Exchange Server:
1. Open a Powershell prompt and run the command:
WinRM get winrm/config/client
2. See the example results below:
PS C:\> WinRM get winrm/config/client Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts
3. If the results are empty like they are in the example above continue to step 4. Otherwise, move to the next section of this guide.
4. Run the following command on the Exchange Server.
Set-item wsman:localhost\client\trustedhosts -value *
5. Check that the settings are applied, running the command again
WinRM get winrm/config/client
6. See the example results below:
PS C:\> WinRM get winrm/config/client Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts = *
Verify the Cayosoft Administrator Configuration
Restart the Cayosoft Administration Server - Reboot the Cayosoft Administrator Server. This is to make 100% certain that we didn't have some cached credentials somewhere.
Verify service account permissions - In the Exchange Admin center Verify the Exchange connection account holds the Exchange Role Organizational Management.
Verify the credentials are correct - In Cayosoft Administrator Console in Microsoft Exchange Extension settings, reenter the username and password for the Exchange connection account, then restart the Administrator Service.
Verify firewall settings are set for Remote Powershell - The remote Powershell connection from Cayosoft Administrator to Exchange is done over Port 80 to the Exchange Server. Port 80 traffic must be allowed through the firewall on both computers. For more information see https://technet.microsoft.com/en-us/library/dd335083%28v=
Connectivity error after installing Windows Update KB4103725
Symptoms: you installed Windows Update KB4103725 on Exchange Server or Cayosoft Administrator server. After that you start to get the connectivity error message in Cayosoft Administrator Console:
"Sessions to 'Microsoft Exchange' could not be established. Please read the platform returned error message(s) to identify the problem. The Check Settings Action, located on each extension's configuration page, may be useful for troubleshooting connections issues.
Error Details: [<exchange.domain.com>] Connecting to remote server <exchange.domain.com> failed with the following error message: The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic."
Solution: By default, after KB4103725 is installed, patched clients cannot communicate with unpatched servers. So, you need to install it on both the Cayosoft Administrator server and Exchange Server and reboot both of them.
More information about KB4103725 you can be found here:
Connectivity error with Failure category 'Cafe-SendFailure'
Symptoms: you start getting an error from Microsoft Exchange extension:
Error: [<server name>] Connecting to remote server <server name> failed with the following error message : [ClientAccessServer=CHWT11BA21066,BackEndServer=<server name>,RequestId=7e62cc75-46d2-46c7-a96f-ad2a7a4610ae,TimeStamp=6/11/2018 1:26:05 PM] [FailureCategory=Cafe-SendFailure] For more information, see the about_Remote_Troubleshooting Help topic.
Solution: the most possible reason is a binding error on IIS for the Exchange Web Service. To fix it, follow the steps below:
- Open IIS on the Exchange server:
- Press the Windows+R keys to open the Run dialog.
- Type inetmgr and press Enter.
- Navigate to the server name > Sites.
- Right-click on Exchange Back End.
- Select Edit Bindings:
- In the new window, select https and then click Edit...
- If SSL certificate field has the option 'Not selected' change it to a valid certificate, for example, 'Microsoft Exchange':
- Click Ok.
- Close Site Bindings dialog.
Enumeration error in Cayosoft Web Portal
Symptoms: When performing some actions with Active Directory users with Exchange on-premise mailbox, you may get the error: Cannot bind parameter 'ErrorAction'. Cannot convert value 'Ignore' to type 'System.Management.Automation.ActionPreference' due to invalid enumeration values. Specify one of the following enumeration values and try again. The possible enumeration values are 'SilentlyContinue, Stop, Continue, Inquire'.
Solution:
- In Cayosoft Administrator Console navigate to Microsoft Exchange extension
- In Connect URI check the server name where Microsoft Exchange Server is installed
- Login to the machine with Microsoft Exchange Server
- Check the installed PowerShell version. The PowerShell version should be 5.1. Please see How to determine the current PowerShell version.
If these items do not resolve the issue, please send a request via email to support@cayosoft.com.
'The WS-Management service cannot process the request' error
Symptoms: When connecting to Exchange Server on-premises from Cayosoft Administrator installed on Windows Server 2019 or later you can get 'The WS-Management service cannot process the request' error.
The error appears if the service account is LocalSystem and the ConnectionUri value starts from 'HTTPS' so basic authentication is used. The root cause is that under the LocalSystem connection requests use HTTP/2 protocol instead of HTTP/1.1 and the client OS fails to proceed with the response from the Exchange server.
Solution:
- To resolve this error you must disable HTTP2 protocol support in the WinHttp component on the machine from which you are connecting to Exchange Server. It is disabled by default in earlier versions of supported operating systems. Adding the following registry key and restarting the server disables it on Windows Server 2019 or later. Note that this is a machine-wide registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"EnableDefaultHTTP2"=dword:00000000 - The key can be set via PowerShell running as Administrator with the following command:
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\' -Name EnableDefaultHTTP2 -Value 0 - Restart Windows Server 2019 or later.
New Shared Mailbox and the Convert to Shared Mailbox web actions don't work correctly in Web Portal
Symptoms: The "New Shared Mailbox" and the "Convert to Shared Mailbox" do not work correctly.
It does convert it to a shared mailbox on Microsoft 365, however, in Active Directory it doesn't change the right attributes. Execution History has the following error: Cannot process argument transformation on parameter 'Type'. Cannot convert value "Shared" to type "Microsoft.Exchange.Management.RecipientTasks.ConvertibleRemoteMailboxSubType". Error: "Unable to match the identifier name Shared to a valid enumerator name. Specify one of the following enumerator names and try again: Regular, Room, Equipment"
Solution:
Cayosoft Administrator supports Exchange 2016 with Cumulative Update 10 (CU10). In CU10 Microsoft introduced remote shared mailbox types.
For details please see this article: https://support.cayosoft.com/hc/en-us/articles/360016502352-Cayosoft-Administrator-System-Requirements#SoftwareRequirements.
Comments
0 comments
Please sign in to leave a comment.