Anonymous_User Absent Member.
Absent Member.
868 views

Exchange 2013 PowerShell Service Error


We have a new IDM 4.0.2 AE environment that we are trying to provision
Exchange 2013 mailboxes in.

We created a new IDM 4 Active Directory driver. We installed the IDM
PowerShell Service. We configured the service to run as a service
account in the AD domain. We validated the account permissions by
executing PowerShell commands direct from the PowerShell client on the
server where the IDM service is installed.

When executing a basic Enable-Mailbox command we are getting the
following error:

"[07/30/14 12:17:17.327]:Exchange 2013 ST:
DirXML Log Event -------------------
Driver:
\SEMPRA-IDV-QA-TREE\Sempra-IDV\Services\IDM\DriverSet\Exchange 2013
Channel: Subscriber
Object: \SEMPRA-IDV-QA-TREE\Sempra-IDV\Users\Active\799402
Status: Error
Message: Error completing powershell command. ERROR: The term
'Enable-Mailbox' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if
a path was included, verify that the path is correct and try again."

We referred to the install doc and a support doc that referred to
required account permissions and installed tools but we confirmed that
to all still be valid in the environment.

We have tried running the IDM service as both a service account and as
the local system account, both approaches resulted in the same error.

Any other reasons why this error would be thrown? It seems the service
isn't loading the PowerShell commands properly but we have communication
to AD via the driver config, communication to Exchange verified through
the PowerShell client, authentication because the driver and the service
successfully start and authorization confirmed through the PowerShell
client.


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=51442

Labels (1)
0 Likes
11 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error

gdrtx wrote:

>
> We referred to the install doc and a support doc


Which support doc?
https://www.netiq.com/support/kb/doc.php?id=7014069
or
https://www.netiq.com/support/kb/doc.php?id=7012362


> that referred to
> required account permissions and installed tools but we confirmed that
> to all still be valid in the environment.
>
> We have tried running the IDM service as both a service account and as
> the local system account, both approaches resulted in the same error.


When you mean a "service account" do you mean a regular AD user with the correct rights assigned in Exchange ("Recipient Management" and "View-Only Organization Management”)

With "Local System", it is the computer account which needs to have rights assigned in Exchange ("Organizational Management")
> Any other reasons why this error would be thrown? It seems the service
> isn't loading the PowerShell commands properly but we have communication
> to AD via the driver config, communication to Exchange verified through
> the PowerShell client, authentication because the driver and the service
> successfully start and authorization confirmed through the PowerShell
> client.


Have you looked at this TID?
https://www.netiq.com/support/kb/doc.php?id=7012362

Some of the reasons for your error:

1. Incorrect Exchange rights assigned to the account that the service runs as.
2. One or more Exchange server lacks the Exchange Management Tools locally installed.

If you still have problems, I suggest you open a SR and get support to help troubleshoot the issue.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


So yes, we have already found
https://www.netiq.com/support/kb/doc.php?id=7012362 and that was part of
the validations already done. So to more specifically answer your
questions, yes by service account we mean a regular AD user with the
correct rights assigned as documented in the driver doc and yes, the
local system account is the computer account that has the documented
rights assigned. And yes, all Exchange servers have the management
tools locally installed.

We ran the Windows PowerShell client from the IDM server where the IDM
PowerShell Service is installed and created a PowerShell session with
our target Exchange 2013 box using the AD credentials for our service
account. Using that client we could execute all Exchange PowerShell
commands. This validated that the service account had the required
permissions and that there was no communication issues between the
servers.

Now the other link, https://www.netiq.com/support/kb/doc.php?id=7014069,
has not been attempted yet. That article specifically mentions a
Windows 2012 Standard server where we are running this on Windows 2008
R2 Enterprise. Just for the sake of argument we will try that but I
know the IDM PowerShell Service was installed as administrator but I'm
not positive about the Exchange Management Tools...

Thanks


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error

gdrtx wrote:

> target Exchange 2013 box using the AD credentials for our service
> account. Using that client we could execute all Exchange PowerShell
> commands. This validated that the service account had the required
> permissions and that there was no communication issues between the
> servers


There is no way to guarantee that the IDM Exchange Service will connect to the same server you tested with. There could be communications issues with one of the other servers.
Also, are there any older Exchange servers in your environment (2010 for example)? There are some known complexities/issues when you have a mixed-version deployment.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


alexmchugh;247150 Wrote:
>
> There is no way to guarantee that the IDM Exchange Service will connect
> to the same server you tested with. There could be communications issues
> with one of the other servers.


Thanks for the heads up. I was curious how that worked since a target
server was never specified in any of my configurations. I will double
check to make sure there are no communication issues with any other
Exchange 2013 servers in the environment.

alexmchugh;247150 Wrote:
>
> Also, are there any older Exchange servers in your environment (2010 for
> example)? There are some known complexities/issues when you have a
> mixed-version deployment.


Uh-oh. This is being done as part of a migration from Exchange 2010 to
Exchange 2013 so there are some of the old Exchange 2010 servers still
in place. The plan is to start provisioning to the new servers while
the Exchange team migrates the existing mailboxes over in batches. If
mixed-version deployments are known to have issues this could be a
problem.

Do you know of any documentation that discusses the issues and possible
solutions for mixed-version deployments?


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


gdrtx;247160 Wrote:
> Thanks for the heads up. I was curious how that worked since a target
> server was never specified in any of my configurations. I will double
> check to make sure there are no communication issues with any other
> Exchange 2013 servers in the environment.
>
>
>
> Uh-oh. This is being done as part of a migration from Exchange 2010 to
> Exchange 2013 so there are some of the old Exchange 2010 servers still
> in place. The plan is to start provisioning to the new servers while
> the Exchange team migrates the existing mailboxes over in batches. If
> mixed-version deployments are known to have issues this could be a
> problem.
>
> Do you know of any documentation that discusses the issues and possible
> solutions for mixed-version deployments?

This should not be a problem with the next release of IDM.

AD Driver configuration will provide an option to set preferred exchange
server for use by the powershell service for provisioning if it is
desired that the provisioning not rely on the exchange server list
discovered (current default behavior is all Exchange 2010/2013 servers
are discovered in the farm and the first server would be used for
exchange provisioning).


--
vivekbm
------------------------------------------------------------------------
vivekbm's Profile: https://forums.netiq.com/member.php?userid=528
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
Knowledge Partner
Knowledge Partner

Re: Exchange 2013 PowerShell Service Error

> AD Driver configuration will provide an option to set preferred exchange
> server for use by the powershell service for provisioning if it is
> desired that the provisioning not rely on the exchange server list
> discovered (current default behavior is all Exchange 2010/2013 servers
> are discovered in the farm and the first server would be used for
> exchange provisioning).


Future tense? It 'will'? Or is it there, and we do not know about it yet?


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


Its addressed and ready for the next release.


--
vivekbm
------------------------------------------------------------------------
vivekbm's Profile: https://forums.netiq.com/member.php?userid=528
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


Has there been any movement on this since July of Last year? I've got
the same issue. Any resolutions? Or has there been a patch released
that addresses this?

Thanks,


--
folboteur
------------------------------------------------------------------------
folboteur's Profile: https://forums.netiq.com/member.php?userid=3683
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
gdrtx Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


folboteur;257213 Wrote:
> Has there been any movement on this since July of Last year? I've got
> the same issue. Any resolutions? Or has there been a patch released
> that addresses this?
>
> Thanks,


IDM 4.5 that was released late last year (Oct. I think) added the
support to specify a target Exchange server to resolve these types of
conflicts. My issue was resolved in IDM 4.0.2 by removing the old
version of Exchange from the environment after it was no longer needed.


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exchange 2013 PowerShell Service Error


That's hopeful, since I'm on IDM 4.5.0.2, using the Powershell Service.
Do you know explicitly where this ability to specify the target
exchange server is found? I'm hunting through my AD Driver GCV's and
don't see anything obvious. (Or unobvious, for that matter. ) 🙂


--
folboteur
------------------------------------------------------------------------
folboteur's Profile: https://forums.netiq.com/member.php?userid=3683
View this thread: https://forums.netiq.com/showthread.php?t=51442

0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Exchange 2013 PowerShell Service Error

On 5/19/15 3:44 PM, folboteur wrote:
>
> That's hopeful, since I'm on IDM 4.5.0.2, using the Powershell Service.
> Do you know explicitly where this ability to specify the target
> exchange server is found? I'm hunting through my AD Driver GCV's and
> don't see anything obvious. (Or unobvious, for that matter. ) 🙂
>
>


Driver Parameters -> Driver Options, and if you set the Exchange
Interface type to 'IDM Powershell Service' then you'll get an optionto
add the Exchange Service FQDN.



Casper

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.