question

PekkaPekkonen-2967 avatar image
0 Votes"
PekkaPekkonen-2967 asked VenkatVaddi-9143 answered

Cannot connect Exchange online with Powershell

Hello

I have a problem to connect to Exchange online with a global admin account (MFA enabled).

Here are the errors I get:
1st error
New-ExoPSSession : Processing data from remote server outlook.office365.com failed with the following error message: Th
e request for the Windows Remote Shell with ShellId 4BC388B1-124B-41D9-87B9-42D6BD57990A failed because the shell was n
ot found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the se
rver. Provide the correct ShellId or create a new shell and retry the operation. For more information, see the about_Re
mote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1
:475 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang
e.Management.ExoPowershellSnapin.NewExoPSSession

2nd error
New-ExoPSSession : Processing data from remote server outlook.office365.com failed with the following error message: [A uthZRequestId=f2baaa6c-ce5d-4bbc-aa13-d4457901547f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user "EURP19
0A003.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/xxx.onmicrosoft.com/xxx" isn't assigne
d to any management roles. For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1
:475 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang
e.Management.ExoPowershellSnapin.NewExoPSSession

127128-image.png

So far I have tested with other network and other computer with same kind results. I have the problem with several tenants and it has lasted at least a week.

One work around is that I can create a new global admin. With that it seems to work normally. But would there be possibilities to retain the original admin access?


office-exchange-online-itpro
image.png (344.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PekkaPekkonen-2967 avatar image
1 Vote"
PekkaPekkonen-2967 answered ZhengqiLou-MSFT commented

Hello

Thank you @ZhengqiLou-MSFT for the response. Here are further details.

It should be cloud-only and non-multi-region tenant. I get the second error over and over again, so trying another time does not seem to help either.

I also tried to remove GA rights and add them again but the error still keeps coming.

I hope these clarified the issue.

[Edit: ZhengqiLou-MSFT provided the solution in the comments]

Regards,
Pekkapek

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @PekkaPekkonen-2967 ,

Yes i get it.

I just did some research about this and some of the posts say it could be a language/location issue. Some of the Nordic users say they have the same issues.

Are you using English as your windows language? If not, please consider changing it to English and test.

Best regards,
Lou

0 Votes 0 ·

Hello @ZhengqiLou-MSFT

Thank you for the tip Lou and apologies for the delay. I'm a Nordic user indeed so that is relevant.

My display language is already English but there are also some other settings.

131031-image.png

Even though I think I installed the computer in English, there seems to be Finnish value in the registry.

131013-image.png

I tried to change Regional format from Finnish (Finland) to English (Finland). And actually now the Exchange Online PowerShell seems to work.

131023-image.png

It continued to work even if I changed the setting back.
In any case, I consider this is solved. Thank you very much for the effort!

Regards,
PekkaPek


1 Vote 1 ·
image.png (33.1 KiB)

Hi PekkaPek,

Very happy to know your issue has been resolved and thank you for sharing the ideas and solutios here. Definitely it will help someone who has the same probelms:)

Cheers,
Lou

0 Votes 0 ·

Hi @PekkaPekkonen-2967

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

If you are still stuck in this issue, please feel free to post your questions.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered

Hi @PekkaPekkonen-2967 ,

For the first error, please check this document for help: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/invalidshellid-error-in-rps
See the scenario two: In this scenario, you should rerun the cmdlet. A different back-end server should be contacted, and then the cmdlet should run successfully.

For the second one, as it points out the "XXX isn't assigned to any management roles.", I think it's a permission mistake.
As you said you used a GA account to login the Exchange Online PowerShell and failed, but new created GA could work correctly. Would you like to share something about your environment? Is it a hybird and the former GA account lives on-prem?

Also please try re-assign permission to the former account, and see if this time it could work or not.

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AviLuintel-8737 avatar image
0 Votes"
AviLuintel-8737 answered Steven-1428 commented

I am experiencing the same issue. The language setting does not seem to be an issue at my end as English is set as default language. Please, suggest..


New-ExoPSSession : Connecting to remote server <URL> failed with the following error message : For more
information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\<username omittedhere >\Documents\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnl
ineManagement.psm1:475 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang
e.Management.ExoPowershellSnapin.NewExoPSSession




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Interestingly I started getting this error today too. I found that I could successfully connect using powershell 7, but not v5. In v5 I used:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

to set TLS to 1.2 and it started working. Not sure if that's applicable for you though.

0 Votes 0 ·
AviLuintel-8737 avatar image
0 Votes"
AviLuintel-8737 answered

Hi Steven,
I am supposed to use v5 at my workplace. I even tried uninstalling and reinstalling of exchange module but without any luck.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AviLuintel-8737 avatar image
0 Votes"
AviLuintel-8737 answered

I was able to figure out the solution.

Steps:
1) Displays remotepowershell status: In my case it showed false

Get-User -Identity <UserIdentity> | Format-List RemotePowerShellEnabled

2) Now enable the remotepowershell for exchange online
Set-User -Identity <UserIdentity> -RemotePowerShellEnabled $true

3) validate: run step 1 and it should display true. I was then able to connect to exchange online through powershell

Hope it helps to those who have same issues.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VenkatVaddi-9143 avatar image
0 Votes"
VenkatVaddi-9143 answered

The issue got fixed for me following the below steps:
1. Open Registry Editor
2. Navigate to the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003
3. Backup the key
4. Under Functions, remove the following signature suites from the list:
RSAE-PSS/SHA256
RSAE-PSS/SHA384
RSAE-PSS/SHA512
5. Reboot the computer
6. After the reboot, the issue will get fixed.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.