locked
Running Exchange Script remotely per ssh RRS feed

  • Question

  • I have a HA-Proxy, which handles the SSL encryption but cannot handle the SMTPS or IMAPS encryption.

    So I have installed openssh on the Exchange server and I have written a powershell script to do the import and enable stuff.

    My Problem is now, when I launch the Script via ssh from the linux machine, It gives me this Error:

    root@Test-Proxy-01:~/bin# ssh administrator@exchange@192.168.70.100 powershell C:\\Scripts\\Working\\Renew_Cert\\Renew_Cert.ps1 -Path C:\\Scripts\\Working\\Renew_Cert\\Cert\\testexchange.hosttech.eu.pfx
    VERBOSE: Connecting to EX-01.exchange.test.
    New-PSSession : [ex-01.exchange.test] Connecting to remote server ex-01.exchange.test failed with the following error
    message : WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using
    Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does not exist.
      -The client and remote computers are in different domains and there is no trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
    use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: winrm help config. For more
    information, see the about_Remote_Troubleshooting Help topic.
     Other Possible Cause:
      -The domain or computer name was not included with the specified credential, for example: DOMAIN\UserName or
    COMPUTER\UserName.
    At line:1 char:1
    + New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Micr ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
       gTransportException
        + FullyQualifiedErrorId : 1312,PSSessionOpenFailed
    Exception calling "GetComputerSite" with "0" argument(s): "An operations error occurred.
    "
    At C:\Program Files\Microsoft\Exchange Server\V15\bin\ConnectFunctions.ps1:164 char:2
    +     $localSite=[System.DirectoryServices.ActiveDirectory.ActiveDirect ...
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : ActiveDirectoryOperationException
    
    Failed to connect to an Exchange server in the current site.

    I am logged in as domain administrator and to initialize the Exchange Shell, I have this on top of my script:

    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    . "$PSScriptRoot\Remote_Connect\RemoteExchange.ps1"
    Connect-ExchangeServer -auto

    The RemoteExchange.ps1 was slightly modifyed to remove the banner. This Worked so far, when run locally.

    How can I successfully start the script?

    Tuesday, August 18, 2020 8:12 AM

All replies

  • Hi,

    loading the Exchange snap-in in your own scripts has never been supported. The correct way to execute scripts against Exchange is to use remoting, and since it uses the same HTTPS protocol as the regular Exchange webservices, there's no need to do any SSH remote control.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Tuesday, August 18, 2020 8:14 PM
  • Ok, so this means I have to open a remote shell inside the Script?
    Do you mean, I have to use the PSSession from the microsoft docs below?
    https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-servers-using-remote-powershell

    How else can I connect from a Linux box to the Exchange?

    As an alternative I've created a new scheduled task and triggered that from ssh. That worked but it's a bit hacky.

    Wednesday, August 19, 2020 12:50 PM
  • Ah, sorry, overlooked that "run from the Linux box" part. IN that case, yeah, you're kind of stuck with scheduled tasks and the like.

    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, August 19, 2020 1:24 PM
  • Maybe We can still work it out, because I have read about PowerShell Core and the compatibility with linux.
    So I have installed it and now I have a PS prompt on linux (strange feeling to see it :D), where I can use the New-PSSession cmdlet.

    Do you have an easy how to or a link to a guide on where I can set this up the right way?
    I have tested it, but I'm getting errors:

    PS /root> $UserCredential = Get-Credential -UserName exchange.test\Administrator
    PS /root> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange.test/PowerShell/ -Authentication Kerberos -Credential $UserCredential
    New-PSSession: [testexchange.hosttech.eu] Connecting to remote server testexchange.hosttech.eu failed with the following error message : Kerberos verify cred with password failed No credentials were supplied, or the credentials were unavailable or inaccessible For more information, see the about_Remote_Troubleshooting Help topic.

    (The URI was replaced here with the one that is used behind the Proxy.)
    I tried with exchange\Administrator (instead of the whole domain name) but that also didn't work.


    Wednesday, August 19, 2020 2:43 PM
  • Hi,

    I never tried, to be honest, but in my experience on Windows, if the remoting client and the Exchange server do not belong to Kerberos realms trusting each other, you need to dumb the Exchange side down to Basic authentication...


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Wednesday, August 19, 2020 3:16 PM
  • Hello,

    Ok, thanks for your help. I tried to join the domain (according to this how to: https://www.server-world.info/en/note?os=Debian_10&p=realmd) and I am joined, but it still isn't working...

    The effort gets now too big to get it working, so I will use the scheduled task approach.

    Thursday, August 20, 2020 7:19 AM