none
"Kerberos" authentication failed while trying to access EMC or EMS

    Question

  • Salam,

    I have successfully installed Exchange 2010 SP1 on a transitional environment, the installation went smooth without any problem and I've done most of the trasitioning configuration from Exchange Server 2003 to Exchange Server 2010.

    Currently we're in the process of moving the mailboxes, but I've come across a problem recently which stopped all my work and I can no longer commence with this transition unless its solved.

    Sometimes when I try to access EMC or EMS I get the hereunder error:

    The following error occurred while attempting to connect to the specified Exchange server 'afhmail.arabfinancehouse.com.lb':

    The attempt to connect to http://afhmail.arabfinancehouse.com.lb/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

    I've read most of the articles found on the internet including http://msexchangeteam.com/archive/2010/02/04/453946.aspx to try to troubleshoot this problem but nothing has worked so far, I tried removing Win RM IIS extensions as well then adding them again with a restart and nothing. I tried the Kerbauth dll removal also nothing and the problem keeps to occur and the situation is not stable.

    Also I read in a KB article somewhere that if we have multiple domain controllers a single domain controller should be assigned on the Exchange Server (Organization Configuration, Server Configuration, Recipient Configuration) so I assigned the PDC to be selected by those configurations at startup, yet I am still facing the same problem.

    Again I emphasis that the problem comes and goes, at a time I can access EMS and at another is just gives me the Kerberos error.

    Thank you very much in advance,
    Kindest Regards.


    Abdullah Abdullah
    Thursday, December 30, 2010 8:01 AM

All replies

  • Thursday, December 30, 2010 12:02 PM
  • ok

    you can take help of the troubleshooter discussed in this blog http://msexchangeteam.com/archive/2010/12/07/457139.aspx

    by the way looks like the error message you got does not match the cases discussed in the blog

    http://msexchangeteam.com/archive/2010/02/04/453946.aspx.

     


    Dhruv
    Thursday, December 30, 2010 12:43 PM
  • Salam,

     

    Thank you Dhruvaraj, but I've used the troubleshooter as well with no luck. Currently I'm moving all mailboxes back to 2k3 and I'll do some more troubleshooting then.

    Thank you.


    Abdullah Abdullah
    Thursday, December 30, 2010 1:38 PM
  • Hi Abdullah,

    Can you open the EMS?

    If yes, please run the WinRM QC and post the results here.

    If possible, please use another admin's account to log on to Exchange to try to open EMC.

    Frank Wang

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, January 04, 2011 7:01 AM
  • Hi Abdullah,

    Any updates on your issue?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 06, 2011 5:15 AM
  • Hi Abdullah,

    Any updates on your issue?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 07, 2011 2:01 AM
  • I get the same error. Noone seems to have  a solution...?!
    Wednesday, April 27, 2011 11:50 AM
  • Salam,

    Sorry for the late reply but I've been quite busy lately. Just wanted to inform you that the problem was resolved, it was mainly because error in the time setup of the exchange server.

    When I first installed Windows 2k8 R2 I forgot to setup the time zone and when the problem occurred I didn't notice, yet later on I noticed the time difference and adjusted the time zone, it worked for about 10 minutes and then the time zone was changed again.

    I tried many fixes yet every time I adjust the time zone it returns to its previous state, any way I moved back all the moved mailboxes to the Exchange 2k3 server and setup a new Windows 2k8 R2 server, kept a keen eye on the time and poof problem resolved and now everything is okay.

    Note: adjust the time zone before joining the server to the domain, also if the server is a virtual machine make sure you install the tools (e.g VMWare tools, etc..) and then adjust the time zone.

    Thank you all for your support and help,
    Kindest regards.
    Abdullah^2
    Wednesday, April 27, 2011 1:54 PM
  • Hello.

    Please make sure that the WWW Publishing Service is started.

    Cheers.


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog

    • Proposed as answer by johnb85022 Sunday, July 08, 2012 1:06 AM
    Wednesday, June 27, 2012 2:07 PM
  • Salam,

    Sorry for the delay in replying to all, but the problem seemed to be in time synchronization. I noticed that the time differed from that of the MDC even though I tried troubleshooting it much nothing had worked so I removed everything and started from scratch.

    I believe now in Win2k8 R2 SP1 this problem is resolved, thank you all.


    Abdullah^2

    Sunday, July 08, 2012 7:16 AM
  • This issue occurs because you need to fix the bindings on 'Default Web Site' in IIS Mananger...

    Make sure it contains these bindings:

    Type           port         ip address        binding information
     
    net.tcp                                             808:*
     
    net.pipe                                           *
     
    net.msmq                                         localhost
     
    msmq.formatname                            localhost
     
    http            80             127.0.0.1
     
    https          443            *
     
    http           80              *
     
    https          443            127.0.0.1


    ... it worked for me. I had removed http 80 * to harded IIS when this issue started. I put it back in and it worked again.
    • Edited by Luke McGrory Wednesday, September 19, 2012 4:01 AM
    Wednesday, September 19, 2012 4:00 AM
  • I was experiencing this same issue where the EMC would not open properly (in my lab environment).  To start with, I restarted the DC and Exchange servers but nothing changed.  However, after logging onto the DC and then the Exchange server, I noticed that the time between them differed by 6 minutes.  The DC was then configured as an authoritative time server (per http://support.microsoft.com/kb/816042) and then again both servers were restarted.  After the configuration change and restart, both servers now had the same time and were in sync ... and I was able to successfully open the EMC without further issue.


    Todd

    Thursday, October 18, 2012 5:09 PM
  • I have the same problem and I solved it with restarting www publishing service
    • Proposed as answer by eeacosta Monday, November 26, 2012 6:27 PM
    Tuesday, October 30, 2012 8:00 AM
  • I know this is an old post, but thought I'd add what solved this problem for me when I had it recently.

    We'd taken over a SBS server from another company, changed the admin password (for obvious reason) and then started to get this issue.

    The resolution was that the new password had not updated in credential manager so I had to go in and manually change it there, once I'd done this I was able to go into EMC again.

    Monday, November 05, 2012 10:13 AM
  • Could you pls elaborate me, where to update the password manually.
    • Proposed as answer by Borgius Wednesday, January 02, 2013 3:56 PM
    • Unproposed as answer by Borgius Wednesday, January 02, 2013 3:56 PM
    Tuesday, November 06, 2012 5:39 AM
  • Hello,

    I have the same probleme and i can't resolve it,

    L'erreur suivante s'est produite lors de la tentative de connexion au serveur Exchange 'fs-exchange.for-softwares.ad' spécifié :

    La tentative de connexion à http://fs-exchange.for-softwares.ad/PowerShell à l'aide de l'authentification "Kerberos" a échoué : La connexion au serveur distant a échoué avec le message d'erreur suivant : Échec d’ouverture de session : nom d’utilisateur inconnu ou mot de passe incorrect. Pour plus d'informations, voir la rubrique d'aide about_Remote_Troubleshooting.

    Wednesday, January 02, 2013 3:57 PM
  • We are having this same issue, though there is a partial fix.

    Time Sync is not the issue, all servers are using the same time.

    The normal domain admin account is what is used most of the time to admin the server, while using that account we keep getting this error,  The password for that account had been changed however RDP connections work fine with the new password and we have been able to use the EMC for a days AFTER the change.  then suddenly it does not work.

    Other domain admins can log in using other accounts and the EMC works just fine.

    we would like to know just what happened to the main account and how to fix repair it with out blowing away the User profile and rebuilding it.

    • Proposed as answer by Borgius Thursday, January 03, 2013 12:59 PM
    Wednesday, January 02, 2013 5:42 PM
  • I have the same problem and I solved it with restarting www publishing service
    Thanks, this solved our problem. 
    • Proposed as answer by kenier1 Sunday, March 10, 2013 11:44 PM
    Wednesday, January 09, 2013 8:54 PM
  • You can also get this error if you have set the default binding on port 80 to a different hostname... took me a few minutes to figure that out when I was attempting to setup redirection.

    So if you have a particular hostheader on the default port 80 binding - remove it.

    HTH!

    Friday, May 24, 2013 3:31 PM
  • Changing the time to match the DC, then logging off and back on fixed it for me.
    Tuesday, January 28, 2014 3:02 PM
  • iisreset fixed this for me.
    Friday, April 04, 2014 12:19 AM