To enable the remote PowerShell, do the following on the involved Exchange servers:
-
Open the Windows PowerShell.
-
Execute the command: Enable-PSRemoting -Force.
The Exchange domain user, who executes the remote PowerShell calls, must be member of the following roles:
-
“View-Only Configuration”
-
“Mail Recipients”
By default ImageMaster tries to open a PowerShell connection via HTTPS on port 5986 with basic authentication. In contrast to this, the typical default settings are initialized to use Kerberos via HTTP on port 80.
Related ImageMaster configuration settings
The configuration on ImageMaster side can be changed via the ImageMaster AdminClient [UM AdminClient] in the “Exchange Server Settings”, and on an ImageMaster Coordinator server the authentication type can be switched to Kerberos by a setting in the Windows registry via the following path:
HKEY_LOCAL_MACHINE\Software\T-Systems\ImageMaster\ServersideJobs\
In this path an entry as described below must be set:
-
Name: PowerShellAuthenticationMechanism
-
Type: String / REG_SZ
-
Value: KERBEROS
Related Exchange configuration settings
Basic authentication on the Exchange server for Windows Remote Management (WinRM) can be enabled, for example, by running an Exchange Management Shell as administrator on the Exchange server:
To check the current authentication type:
Get-PowerShellVirtualDirectory -server msx |fl auth
To set basic authentication:
Get-PowerShellVirtualDirectory -server msx | set-PowerShellVirtualDirectory -basicauthentication $true