Ezeq's questions -server

Ezeq

Asked: 2020-03-07 09:10:30 +0800 CST

Connecting to exchange online with Powershell (Winrm)

2

After playing with the Microsoft Azure MDM Baselines I got blocked from using the Powershell for Exchange Online module .
I have removed myself one time, and after some reboots and some quick config all went well. But this time I'm still not able to do New-ExoPSSession, I'm stuck with no more ideas to troubleshoot this.
So I do:

Connect-ExchangeOnline -UserPrincipalName [email protected]

and get the:

New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the 
following error message : The client cannot connect to the destination specified in the 
request. Verify that the service on the destination is running and is accepting requests. 
Consult the logs and documentation for the WS-Management service running on the 
destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the 
following command on the destination to analyze and configure the WinRM service: "winrm 
quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnl
ineManagement.psm1:401 char:30

I have removed my user and machine from all Azure Profiles, and I'm able to use this commands in other machine. So I started to change the Local GPOs to ensure all was in place:

PS C:\WINDOWS\system32> winrm get winrm/config

returns:

Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 30000
        URLPrefix = wsman
        AllowUnencrypted = true [Source="GPO"]
        Auth
            Basic = true [Source="GPO"]
            Digest = true [Source="GPO"]
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = true [Source="GPO"]
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = * [Source="GPO"]
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true [Source="GPO"]
        Auth
            Basic = true [Source="GPO"]
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = true [Source="GPO"]
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = * [Source="GPO"]
        IPv6Filter = * [Source="GPO"]
        EnableCompatibilityHttpListener = true [Source="GPO"]
        EnableCompatibilityHttpsListener = true [Source="GPO"]
        CertificateThumbprint
        AllowRemoteAccess = true [Source="GPO"]
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

and

  PS C:\WINDOWS\system32> winrm enumerate winrm/config/listener

returns:

Listener [Source="GPO"]
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174,<a lot of IPv6>

Listener [Source="Compatibility"]
    Address = *
    Transport = HTTP
    Port = 80
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174, <a lot of IPv6>

Listener [Source="Compatibility"]
    Address = *
    Transport = HTTPS
    Port = 443
    Hostname = ooo-VASCO
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174, ::1, <a lot of IPv6>

the

PS C:\WINDOWS\system32> Get-Item WSMan:\localhost\Client\TrustedHosts

shows:

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   TrustedHosts                   GPO             *

The event viwer saves this:

Event ID 11: WSMan API Call :: Creating WSMan shell with the ResourceUri: http://schemas.microsoft.com/powershell/Microsoft.Exchange and ShellId: bla-bla-bla

Event ID 254: :: Activity Transfer

Event ID 161: User authentication :: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

even did a

C:\WINDOWS\system32>winrm invoke Restore winrm/Config 
Restore_OUTPUT

(edit)
and yes id did:> winrm quickconfig several times during the troubleshooting, but the result is:
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

(another edit)
With another profile in the same machine, the connection fails.
Using the same user in a new machine, connection is successful.

(edit after testing with other computer)
I was able to apply the same restrictive MDM policies on another device and revert them back.
the other device is connecting with basic authentication, but the problematic device still won't do the authentication even with it set to true, as seen in the current config:

PS C:\Windows\System32> winrm get winrm/config
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false [Source="GPO"]
        Auth
            Basic = true [Source="GPO"]
            Digest = false [Source="GPO"]
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false [Source="GPO"]
        Auth
            Basic = true [Source="GPO"]
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

Can any one share some path for this?

~~Edit: Just moved to PS7 and the error changed a bit:~~

New-ExoPSSession: C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnlineManagement.psm1:401 Line | 401 | … PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, | Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'..

.

Ezeq

Asked: 2019-04-24 05:04:52 +0800 CST

moving to Online Archive (in-place Archive) with powershell

2

I'm trying to move the content of one folder in Exchange Online to the 'In-Place Archive'. As I have to do this for different folder for different users I was thinking of doing it with Powershell Search-Mailbox but I can´t find the proper path to put in -TargetMailbox

Could you point it out?

Ezeq

Asked: 2018-06-08 06:20:13 +0800 CST

Office 365 Mailbox of unlicensed user

1

I'm trying to find any softdeleted mailbox that may be in the recycle bin, due to the licence removal (office or Exchange).
Initialy I used Get-Mailbox -SoftDeletedMailbox but the results where null

After this disappointing result I did Get-MsolUser -ReturnDeletedUsers to check if I was really connected,and I got 2 results, deleted 2 other users with mailboxs, now I have 1 result.

Now I have 3 questions:
the initial one: how do I find a mailbox of an user that has lost his licence?,
and a new one: why do I have 1 result when I should have at least 2?,
and a bonus: if they where shared mailbox would it be any different?
BR
Vasco

Connecting to exchange online with Powershell (Winrm)

moving to Online Archive (in-place Archive) with powershell

Office 365 Mailbox of unlicensed user

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?