1890 views

Microsoft Exchange 2010 PowerShell connector - Java exception

Dear All,

I am facing an issue with installing a connector for mailbox audit events in Exchange 2010 SP2 - the connector I am using is Microsoft PowerShell Connector. This is not my first installation for such a connector, but this time I am receiving an exception I don't know how to handle.

Scenario information:

-> I have a clustered Exchange implementation and I am installing the connector on the member holding the replicated mailbox database (the active one is on the other member, but I suspect this should not be an issue considering how clustering works for Exchange 2010)

-> The user I am installing the connector with is in the Local Administrators group on the Exchange Server and also in the Organization Management group in terms of Exchange Security Groups

-> The Windows Server is a 2008

-> I have enabled auditing on the Exchange server and it works

Behavior:

-> The installation goes smoothly, except for the step immediately following introducing the Server FQDN and the path to the PowerShell - after clicking Next it waits unusually long while validating parameters and in the end it prompts a java.net.SocketTimeoutException: Read timed out

-> It asks me if I still want to continue, I do and continue with the installation

-> The connector starts without any issues, it registers with the manager and starts sending Raw Events

-> However, in terms of information from the Exchange Server it does not retrieve anything: no logs, no mailboxes file in /current/user/agent/agentdata folder and no temporary log files in the same mentioned folder

A few important ERRORs I get in the agentsetup file immediately after setup (and that I can't find in normal setups) are below:

[2015-03-26 15:38:18,039][ERROR][default.com.arcsight.i.a.t][_apiVerifySimpleParameters]

AxisFault

faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException

faultSubcode:

faultString: java.net.SocketTimeoutException: Read timed out

faultActor:

faultNode:

faultDetail:

{http://xml.apache.org/axis/}stackTrace:java.net.SocketTimeoutException: Read timed out

[2015-03-26 15:38:18,039][ERROR][default.com.arcsight.i.a.t][verifyParameters]

java.rmi.RemoteException: ; nested exception is:

java.net.SocketTimeoutException: Read timed out

at com.arcsight.i.a.t.a(t.java:2427)

at com.arcsight.i.a.t.a(t.java:2900)

at com.arcsight.agentsetup.NGConnectorParameterPanelProcessor$1.run(NGConnectorParameterPanelProcessor.java:120)

at com.arcsight.wizard.n.a(n.java:343)

at com.arcsight.agentsetup.NGConnectorParameterPanelProcessor.processNext(NGConnectorParameterPanelProcessor.java:127)

at com.arcsight.wizard.e.d$0.g(d$0.java:61)

at com.arcsight.wizard.kb.process(kb.java:562)

at com.arcsight.wizard.swing.BaseWizardPanelImpl$6.run(BaseWizardPanelImpl.java:367)

I also get many of these afterwards:

[2015-03-26 15:39:34,416][ERROR][default.com.arcsight.i.a.t][ensureLoggedIn]
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (401)Unauthorized
faultActor:
faultNode:
faultDetail:
{}:return code:  401
&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;&lt;soapenv:Envelope xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd=&quot;http://www.w3.org/2001/XMLSchema" xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode xmlns:ns1=&quot;http://xml.apache.org/axis/">ns1:Server.Unauthenticated</faultcode><faultstring>Not authenticated (method [getSupportedAPIVersion])&lt;/faultstring&gt;&lt;detail&gt;&lt;ns2:hostname xmlns:ns2=&quot;http://xml.apache.org/axis/">Exchange-MB03</ns2:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
{http://xml.apache.org/axis/}HttpErrorCode:401

(401)Unauthorized
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)

When I start the Windows service I get no further errors, not even in the connector logs (or at least I haven't identified any).

There is more information I can provide, however I don't want to load the post excessively; if anyone knows what exactly happens in the step where I get the Exception (when verifying the FQDN and powershell access) it would also be good in order to try and run the eventual commands directly in powershell and see the outcome - perhaps I will find the issue that way.

Many thanks,

Stefan

Labels (1)
0 Likes
13 Replies
Commodore Commodore
Commodore

Good day,

For assigning this privileges, Organization Management and Record Management (which include multiple role) to the user violates the security policy in our environment.

Exchange admin is saying this user will become the exchange admin, so they suggested to go for minimum roles required.

I have come through integration using Logbinder, have you used that ?

Need your expertise to hoe to proceed in this scenario.

@Alexandru Truta,

@Stefan Oancea

Regards,

Irfan

0 Likes

Hello Irfan,

I do understand the concerns about the "Organization Management" role. I faced those as well. However, I do think that "Record Management" should be enough. I can't guarantee it though, perhaps you could try it.

As for Logbinder, sorry but I have no experience with that.

All the best,

Stefan

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.