Exchange2010 PowerShell problem in ADMA RRS feed

  • Question

  • Hello,

    I am trying to use FIMto provision Distribution groups, but whenever I try to export new groups (created with FIM Portal), I get the following error: 

    There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Management.Automation.Remoting.PSRemotingTransportException

    Message: Connecting to remote server failed with the following error message : The server certificate on the destination computer (myExchangeServer:443) has the following errors: 
    The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.

    Stack Trace:    at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
       at System.Management.Automation.Runspaces.RunspacePool.Open()
       at System.Management.Automation.RemoteRunspace.Open()
       at Exch2010Extension.Exch2010ExtensionClass.OpenConnection(String uri, PSCredential credential)
       at Exch2010Extension.Exch2010ExtensionClass.BeginExportToCd(String connectTo, String domain, String server, String user, String password)

    The certificate is valid (has 9 months left), and has been issued by a valid CA, but the CRL info on the Certificate is in LDAP Format, and apparently, the revocation list cannot be retrieved from the server (Server cannot be found).

    I know I can bypass this problem when connecting to Exchange 2010 using PowerShell by including the following option: 

     -SessionOption (New-PSSessionOption -SkipRevocationCheck)

    I have even added the host "myExchangeServer" to the WinRM trustedHosts configuration, but it did not work.

    Is there any way to bypass the CertificateRevocationList checking with FIM for its Powershell Exchange Connection?

    • Edited by Amarquez81 Wednesday, January 14, 2015 1:41 PM formatting
    Wednesday, January 14, 2015 1:40 PM

All replies

  • Assuming that the exchange certificate has been installed on the FIM Box and the service accounts have the proper rights in Exchange. 

    Try disabling it in IE, Internet Options --> Advanced --> Uncheck "Check For Server Certificate Revocation".



    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Thursday, May 28, 2015 6:42 PM
    Wednesday, January 21, 2015 10:46 PM