cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bramassendorp
Engaged Sweeper II
Hi,

I have an issue with Lansweeper and Exchange scanning, I tried all the troubleshooting steps documented but it is still not working.

Log file (did not use the original host names):

2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG Executing script failed
2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG Asset with FQDN 'exchangehost.domain.local' not found in Exchange server list.
2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG DOMAIN\exchangehost\1 is not found in the domain's Exchange server list

When I try it via the "Scan Test Tool" it does scan the information.

In Lansweeper the hosts are not showing the "Exchange" tab.

Powershell is enabled and set to RemoteSigned, the scanning account is member of domain admins.

Please advice!
20 REPLIES 20
Jim Gallott wrote:
I have tested remote powershell successfully from the scanning server to the exchange servers using:

https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps

All three connect and I can run Get-mailbox.

I did remote powershell successfully to the preferred domain controller using:

Enter-PSSession -ComputerName <dc_name> –credential <credentials>

Still Exchange won't scan. It does not seem to be the remote powershell that is getting in the way.


Same here, can connect fine remotely via PowerShell. Does anyone know where the script LANSweeper runs to scan Exchange is located? Or what commands it runs?

Reason I ask is I was hoping to connect manually and run these myself to troubleshoot further.
Use this switch when testing your remote PowerShell: -UseSSL
example: Enter-PSSession -ComputerName <dc_name> –credential <credentials> -UseSSL

If it fails that is your problem and my above comment will fix it.

I also looked for the script they use to scan Exchange and was unsuccessful in finding it. I was going to try and modify it not to use SSL.

3cardmagictrick wrote:
Jim Gallott wrote:
I have tested remote powershell successfully from the scanning server to the exchange servers using:

https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps

All three connect and I can run Get-mailbox.

I did remote powershell successfully to the preferred domain controller using:

Enter-PSSession -ComputerName <dc_name> –credential <credentials>

Still Exchange won't scan. It does not seem to be the remote powershell that is getting in the way.


Same here, can connect fine remotely via PowerShell. Does anyone know where the script LANSweeper runs to scan Exchange is located? Or what commands it runs?

Reason I ask is I was hoping to connect manually and run these myself to troubleshoot further.


Corey Lambert wrote:
Use this switch when testing your remote PowerShell: -UseSSL
example: Enter-PSSession -ComputerName <dc_name> –credential <credentials> -UseSSL

If it fails that is your problem and my above comment will fix it.

I also looked for the script they use to scan Exchange and was unsuccessful in finding it. I was going to try and modify it not to use SSL.

3cardmagictrick wrote:
Jim Gallott wrote:
I have tested remote powershell successfully from the scanning server to the exchange servers using:

https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps

All three connect and I can run Get-mailbox.

I did remote powershell successfully to the preferred domain controller using:

Enter-PSSession -ComputerName <dc_name> –credential <credentials>

Still Exchange won't scan. It does not seem to be the remote powershell that is getting in the way.


Same here, can connect fine remotely via PowerShell. Does anyone know where the script LANSweeper runs to scan Exchange is located? Or what commands it runs?

Reason I ask is I was hoping to connect manually and run these myself to troubleshoot further.




Use this switch when testing your remote PowerShell: -UseSSL
example: Enter-PSSession -ComputerName <dc_name> –credential <credentials> -UseSSL

Originally connecting remotely using Enter-PSSession was failing but the comment and article you shared with steps on how to configure an SSL self signed certificate worked perfectly, seriously cannot thank you enough for that. I'm 100% self taught with PowerShell and I am a total amateur at best so was so satisfying to read that article you shared 😉

I can connect perfectly fine now however I'm getting this error 😞

PS C:\Users\USERNAME> Enter-PSSession -ComputerName EXCHANGE SERVER NAME -credential DOMAIN\USERNAME -UseSSL

PowerShell credential request
Enter your credentials.
Password for user DOMAIN\USERNAME: **********

[EXCHANGE SERVER NAME]: PS C:\Users\USERNAME\Documents> Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
[EXCHANGE SERVER NAME]: PS C:\Users\USERNAME\Documents> Get-Mailbox
Active Directory operation failed on . The supplied credential for 'DOMAIN\USERNAME' is invalid.
+ CategoryInfo : NotSpecified: (:) [], ADInvalidCredentialException
+ FullyQualifiedErrorId : [Server=EXCHANGE SERVER NAME,RequestId=aa150a06-0e4d-4cf3-97f8-dc627c72beb9,TimeStamp=19/10/2021 9:47:15 PM] [FailureCategory=Cmdlet-ADInvalidCredentialException] 476A3E7D



Interesting thing is I found this article (https://www.alitajran.com/load-exchange-management-shell-in-powershell-ise/#:~:text=To%20load%20Exch...) and when I follow the steps in listed under the "Connect to Exchange servers with remote PowerShell" section it works PERFECTLY!

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://EXCHANGE SERVER NAME/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session -DisableNameChecking
Get-Mailbox

MoonDogg
Engaged Sweeper III
I think I may have found something.
I found in my error log that it is trying to use ssl on port 5986 and when I test winRM with ssl on port 5986 it fails, but it works without ssl on port 5985.

PS C:\WINDOWS\system32> Test-WSMan -ComputerName exchange-server


wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0



PS C:\WINDOWS\system32> Test-WSMan -ComputerName exchange-server -UseSSL
Test-WSMan : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859046"
Machine="***.COM"><f:Message>WinRM cannot complete the operation. Verify that the specified computer name is
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled
and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote
computers within the same local subnet. </f:Message></f:WSManFault>
At line:1 char:1
+ Test-WSMan -ComputerName exchange-server -UseSSL
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (exchange-server:String) [Test-WSMan], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand



I also ran this on my exchange server:

PS C:\Users\administrator.MHA> winrm quickconfig -transport:https
WinRM service is already running on this machine.
WSManFault
Message
ProviderFault
WSManFault
Message = Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.

Error number: -2144108267 0x80338115
Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.
MoonDogg
Engaged Sweeper III
Has anyone receive a resolution for this issue? I am having the same issue and have an open case with support. I can perform a remote powershell session to and from my exchange, domain controller, and Lansweeper servers without problems but Lansweeper itself errors out.
jgallott
Engaged Sweeper II
Corey Lambert wrote:
Has anyone receive a resolution for this issue? I am having the same issue and have an open case with support. I can perform a remote powershell session to and from my exchange, domain controller, and Lansweeper servers without problems but Lansweeper itself errors out.


No solution yet. I also have a case open with Lansweeper. I will post if anything develops.
phcg2509
Engaged Sweeper
brama wrote:
Hi,

I have an issue with Lansweeper and Exchange scanning, I tried all the troubleshooting steps documented but it is still not working.

Log file (did not use the original host names):

2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG Executing script failed
2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG Asset with FQDN 'exchangehost.domain.local' not found in Exchange server list.
2021-08-02 09:45:10,012 [236] INFO LOGEXCHANGESCANNING DEBUG DOMAIN\exchangehost\1 is not found in the domain's Exchange server list

When I try it via the "Scan Test Tool" it does scan the information.

In Lansweeper the hosts are not showing the "Exchange" tab.

Powershell is enabled and set to RemoteSigned, the scanning account is member of domain admins.

Please advice!


It seems that a permission account such as domain admins or exchange admins is needed to successfully scan
bramassendorp
Engaged Sweeper II
We found out that we indeed had some powershell issues.

Still, mailboxes are not scanned, after contact with lansweeper support, it seems to be a bug.

Dev team is working on a fix.
brama wrote:
We found out that we indeed had some powershell issues.

Still, mailboxes are not scanned, after contact with lansweeper support, it seems to be a bug.

Dev team is working on a fix.


What issues did you eventually find with the powershell requirements? We're running into the same errors for (lack of) scanning of our Exchange servers. I am able to connect remotely via powershell from the Lansweeper host to the Exchange server Exchange management shell. I think I have covered all the bases in the checklist, but would be interested if there are other less obvious issues that I need to tend to.

Thanks.
Has there been any update from the Dev team on when a fix will be ready for this issue?

I also followed all the setup and troubleshooting steps @ https://www.lansweeper.com/knowledgebase/scanning-exchange-server-mailboxes/#:~:text=%20In%20order%20for%20Lansweeper%20to%20scan%20Exchange,client%20machine%20is%20configured%20to%20al...%20More%20 however still facing same issue.