none
Unable to connect Exchange 2010 using remote powershell if tls 1.0 and 1.1 is disabled

    Question

  • We have disabled tls1.0 and tls1.1 on the Exchange 2010 machine, after that we are unable to connect to the exchange using remote powershell. We can only connect if tls 1.0 and 1.1 is enable.

    Exchange 2010 : SP3 : RoleUpdate 20
    OS : Server 2008 R2 SP1

    Receive this error

    =============================================

    PS C:\> .\test.ps1
    using url: https://192.168.1.28/PowerShell/
    New-PSSession : [192.168.1.28] Connecting to remote server 192.168.1.28 failed with the following error message : The
    SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for
    HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most
    commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to
    analyze and configure the WinRM service: "winrm quickconfig -transport:https". For more information, see the
    about_Remote_Troubleshooting Help topic.
    At C:\test.ps1:14 char:14
    + ... psSession = New-PSSession -ConfigurationName Microsoft.Exchange -Conn ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
       gTransportException
        + FullyQualifiedErrorId : -2144108102,PSSessionOpenFailed
    Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for
    the argument, and then try running the command again.
    At C:\test.ps1:17 char:18
    + Import-PSSession $psSession #-CommandName "Get-Mailbox","format-list" ...
    +                  ~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

    =========================================================

    Powershell script: We I am using for many years now and it is working perfectly in test and production environment

    $Exchange_Server= "192.168.1.28";
    $Admin = "AD10\administrator";
    $AdminPassword = "test";
    $OU ="";

    $secpasswd = ConvertTo-SecureString $AdminPassword -AsPlainText -Force
    $Credentials = New-Object System.Management.Automation.PSCredential ($Admin, $secpasswd)

    $uri = "https://$Exchange_Server/PowerShell/";

    "using url: $uri";

    $sessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck;
    $psSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $uri -Authentication BASIC  -Credential $Credentials  -AllowRedirection -SessionOption $sessionOptions

    Import-PSSession $psSession #-CommandName "Get-Mailbox","format-list" -AllowClobber:$true;

    Friday, May 4, 2018 9:21 AM

Answers

  • Hi HA-Host,

    In this article, we know that it will cause proxy errors if TLS 1.0 is disabled on Exchange 2010. So, if you want to use remote PowerShell in Exchange 2010, you should enable the TLS 1.0. 


    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by HA-Host Monday, May 7, 2018 9:20 AM
    Monday, May 7, 2018 9:16 AM

All replies

  • Force PS to use TLS 1.2 

    [Net.ServicePointManager]::SecurityProtocol = 
            [Net.SecurityProtocolType]::Tls12


    **Please don't forget to mark as helpful or answer**

    Friday, May 4, 2018 11:50 AM
  • Force PS to use TLS 1.2 

    [Net.ServicePointManager]::SecurityProtocol = 
            [Net.SecurityProtocolType]::Tls12


    **Please don't forget to mark as helpful or answer**


    Friday, May 4, 2018 11:55 AM
  • Are you sure the powershell site has a binding on 443?


    **Please don't forget to mark as helpful or answer**

    Friday, May 4, 2018 11:57 AM
  • Are you sure the powershell site has a binding on 443?


    **Please don't forget to mark as helpful or answer**

    Yes it is confirmed, I can open powershell url in web with SSL like https://IPaddress/powershell

    everything work fine when I enable tls1.0, not sure if it is exchange 2010 or winrm requirement. But our company want to disable all other tls and just to enable tls1.2 on the system.


    • Edited by HA-Host Friday, May 4, 2018 12:01 PM spell mistake
    Friday, May 4, 2018 12:01 PM
  • Hi HA-Host,

    In this article, we know that it will cause proxy errors if TLS 1.0 is disabled on Exchange 2010. So, if you want to use remote PowerShell in Exchange 2010, you should enable the TLS 1.0. 


    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by HA-Host Monday, May 7, 2018 9:20 AM
    Monday, May 7, 2018 9:16 AM