Unable to Open Exchange 2010 Management Console on Small Business Server 2011

Article ID: 2587513
Expand all | Collapse all

Symptoms

When we try to open the Exchange Management Console we get the following Error.

Error while launching Exchange Management Console on SBS 2011

In IIS Logs we get the following errors:

2011-07-26 14:55:34 fe80::d461:fc68:dc34:f6a3%11 POST /PowerShell PSVersion=2.0 80 CPANDL\SBSAdmin fe80::d461:fc68:dc34:f6a3%11 Microsoft+WinRM+Client 500 0 0 1409

Event Viewer:

Log Name: Application
Source: MSExchange RBAC
Date: 7/26/2011 8:25:34 PM
Event ID: 22
Task Category: RBAC
Level: Error
Keywords: Classic
User: N/A
Computer: SBS2011.cpandl.local
Description:
(Process w3wp.exe, PID 7476) "RBAC authorization is unavailable due to the transient error: The Microsoft Exchange Active Directory Topology service on server localhost can't be contacted via RPC. Error 0x5."


Log Name: Application
Source: MSExchange ADAccess
Date: 7/26/2011 8:25:34 PM
Event ID: 2152
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: SBS2011.cpandl.local
Description:

Process w3wp.exe (PID=7476). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 5 (Error 0x5 (Access is denied) from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall.

 

Cause

The identity settings for PowerShellAppPool in IIS is set to "ApplicationPoolIdentity"

 

Advanced settings for PowerShellAppPool

Apart from this reason there can be more possible causes for similar issue as desribed in the Exhange Team Blog for Troubleshooting Exchange 2010 Management Tools startup issues.

 

Resolution

 

Resolution:

 

Before following the steps mentioned below make sure we have checked the resolution for issues relating to WinRM as described in the article http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx

 

To resolve the issue we need to change the Identity Type for PowerShell Application Pool.

 

This change can be made from either of the two places.

 

  1. From IIS Console (recommended)

 

  1. Open IIS Console
  2. Select the <Server Name >
  3. Expand Application Pools
  4. On the Right Hand Side highlight
      PowerShell Application Pool
    Right click PowerShell Application Pool, select Advance Settings
  5. Change the Identity from ApplicatioPoolIdentity to LocalSystem
  6. Restart IIS

 

  1. Changes can also be done by modifying ApplicationHost.Config file.

 

  1. Open ApplicationHost.config file in notepad
  1. Search for PoweShell
  1. We will see entries similar to the one shown below.

ApplicationHost.Config File

 

  1. Change the value for IdentityType from "ApplicationPoolIdentity" to "LocalSystem"
  2. Save the file, restart IIS

 

After making these changes we should be able to launch the Exchange 2010 Management Console.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2587513 - Last Review: January 4, 2012 - Revision: 3.0
Keywords: 
KB2587513

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com