Exchange 2010 Management Console Initialization Failed

I encountered this problem shortly after installing a second Exchange Server 2010 server into my organization.  Initially I thought that this second server had caused the problem but on further investigation I found out the real culprit.

The initialization error I was receiving when opening the Exchange Management Console was:

Initialization Failed: Connecting to remote server failed with the following error message: Access is denied.

emcerror

The Event Log of the server had this error:

Log Name:      Application
Source:        MSExchangeSA
Date:          13/12/2009 8:22:28 PM
Event ID:      9385
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’; the error code was ’8007203a’. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.

If this computer is not a member of the group ‘/dc=local/dc=exchangeserverpro/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’, you should manually stop all Microsoft Exchange services, run the task ‘add-ExchangeServerGroupMember,’ and then restart all Microsoft Exchange services.

I double checked the “Exchange Servers” group in Active Directory and confirmed that the two servers were already in there.

exchangeserversgroup

I then found this error in the Event Log of the server:

Log Name:      Application
Source:        MSExchangeIS
Date:          13/12/2009 9:14:29 PM
Event ID:      5003
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ex1.exchangeserverpro.local
Description:
Unable to initialize the Information Store service because  the clocks on the client and server are skewed.   This may be caused by a time change either in the client or the server,  and may require a reboot of that computer.   Verify that your domain is properly configured and  is currently online.

As we know a time sync problem will cause Kerberos authentication issues.  I checked and sure enough the clocks on the Exchange servers were out by more than 5 minutes from the domain controllers.

The reason for this was that my Exchange servers were hosted on a Hyper-V server that is not synced to the same time source as the domain controllers which are hosted on a separate VMware ESX server.  Normally the Exchange servers would still sync their time with the PDC-E for their domain but the Hyper-V integration settings were overriding this.

hypervsettings

Clearing the Time Synchronisation option and then running net time /set on the two Exchange servers brought their clocks back into sync with their domain controllers.

hypervsettings2

Restarting the servers then allowed all of the Exchange services to come online properly again, and the intialization error no longer occurred when launching the Exchange Management Console.

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Find Paul on Twitter, LinkedIn or Google+, or get in touch for consulting/support engagements.

Comments

  1. I’ve had the same issue, but I couldn’t solve it by set the time synchronisation.

    Additional I had to reinstall the WinRM service. After installation type on PowerShell “winrm qucikconfig” and reboot the Server.

    This might help too.

    Regards,
    Smu

  2. Thanks. This saved my Friday afternoon. Time sync problem.

  3. I can’t find settings for EX2010.xxxxxxx.local.
    Management
    Integration Services
    Services
    Time synchronization

    Please help with the path as this looks like the closest fix to the exact same issue I’m having.
    Cheers,
    eiger3970.

    • Those settings are in Hyper-V, which I’m using to virtualize those servers. If yours are physical servers, or virtualized on another platform, then you’ll need to look for different time sync settings.

    • You will find these settings in your Hyper-V Manager if you are using MS Hyper-V. Right-Klick on the Servers in the management console and select “settings”, than you will find the Tome Synchronisation.

  4. net time /set was success

  5. Nice post paul. hoping you were gonna be able to save the day for me once again. I guess i went to the well one too many times. I know it’s way out of best practices, but i have one consolidated box. DC / Exch 2010 & Ocs 2007 R2. Unsure when it happened, but can’t authenticate to EMC or EMS due to the following error. Not a time issue, even tried resetting the computer and user account passwords.

    Did the winRM thing, no luck

    IIS seems to have a binding to port 80 on the default website too.

  6. Stephen Lloyd says:

    Nice post Paul. I’ve been racking my brain trying to find a decent post to resolve this issue. I even came close to throwing in the towel and trying a recover on Exchange box.

    Good call, and exact message error in Google – homed it in !!!

    Thanks…

  7. Paul: good post but i’ve got a different error and hoping you can point me in the right direction. “The attempt to connect to http://server/powershell using “kerberos” authentication failed: connecting to remote server failed with the following error message: The winRM client sent a request to an http server and got a response saying the requested http url was not available. This is usually returned by a http server that does not support the ws-management protocol”

    This is what i get when trying to connect emc 2010 to a 2003 server to try to add a new forest to start the mailbox migration process. any ideas would be totally apperciated

    • Hi Kevin, you can’t connect to a remote Exchange 2003 server/org with the EMC for Exchange 2010. I believe you will need to run the mailbox move requests via the Exchange Management Shell instead.

  8. It really was just a Time setting for the system. When running Exchange in a VM, if you sync the Time of the Guest OS to the ESXi host using VMtools, you need to make sure that the ESXi host time is consistent with the time on the host of the Active Directory too. Best way is to use NTP client on ESXi so they are surely synchronized. Otherwise disable time sync between the host and the guest and make sure everything is within a few minutes of each other. But NTP is really the smartest choice. Once the times are set, you might have to disable then re-enable the time sync in VMtools and all should be fine again.

  9. jabarca84 says:

    Hi Paul

    Thanks. This solved my problem. Time sync problem.

    Regards!!

  10. this was helpful.
    did a net time / set after turning off the Hyper-v time sync. It all worked.

    Sarbjit

  11. Eric Weintraub says:

    OMG thank you so much, I was using a test lab with Hyper-V and didnt think to check the time.

  12. This was helpful…Thank you very much………

  13. Hey Paul,
    I’m getting a similar error that I can’t seem to find a solution to. I was hoping you could help.
    “The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”
    Any ideas? Would the Time Sync work for this as well?

    • Hello Victor,

      Just open command line on your server and fire command:
      net time /set
      Your Exchange servers need to be in sync with AD.
      This helped me, may help you as well.

      Regards,
      Pim

      P.S. : Thanks Cunningham for this wonderfull post. It saved my lot of time to find what went wrong :-)

      • Thanks Pim. I was able to sync with the AD and it works fine. Also thanks to Paul for posting all this.

    • I have found that if this is the result of an upgrade your profile can become corrupt.

      Try to log in with a different user if you have no issue then its you profile.
      if this is the case then right click computer>properties>advanced systems settings
      under user settings click settings> and delete the corrupt profile

  14. This worked for me, Thank you guys

  15. Thanks
    This solved my issues. Thumbs up!

  16. Thanks! This solved my problems.

  17. U. P. B. Michael says:

    Hi Paul, thanks for your nice article. I am encountering the same problem and there is no issue with the time. The Domain Controller and the exchange server both using same time.

    The detail regarding the error is as follows:

    ” The following error occurred while searching for the on-premise Exchange server:

    No Exchange servers are available in any Active Directory sites. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion ‘Version 14.1 (Build 218.15) “.

    At the event viewer of Microsoft Exchange with Database availability group displays following error : MS Exchange DsAccess :

    ” All domain controller servers in use are not responding.”

    I’ve checked the active directory site and found the domain controller right there.
    I cannot understand what’s exactly causing the problem

    Any help/thought will highly be appreciated.
    Thanks more in advance.

  18. Thanks Paul.. You saved me again.

  19. I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WinRM related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support WS-Management Protocol.

    This is on an SBS2011 server. DC, Exchange SharePoint etc. When I open the Exchange Powershell console I get the same message. I’ve reset IIS and I’m also having another issue on the same machine with four Exchange services not starting automatically even though they are set to start as such. I put in a dependency for them to start after Netlogon, but still no dice.

    Thoughs?
    Joe

  20. I’m getting a similar issue as the initial screen, but not the same. Initialization Failed. But it points to a WS-Management related issue, from my interpretation.

    http://server/PowerShell using “Kerberos” authentication failed:
    Connecting to remote server failed with the following error message : The WS-Management service cannot process this request. The system load quota of 1000 requests per 2 seconds has been exceeded .

    Please help

  21. Hello Guys,

    I used iisreset command in powershell and it works, am now able to load the EMC.

    Thanks Paul

  22. Thanks! We had a disconnect from the Internet overnight due to a firewall device failure… and our main server lost time (gotta check that battery)… anyway.. the Exchange server is on a HyperV machine…. once I corrected the time issue, the console connected. Woot!

  23. themexbob says:

    Hey.

    Like to say thanks!

    I kept on getting this error for past two weeks and I am very happy to say that issue was due to TimeSync on one of my BackupDC’s. Adjust time and issue resolved. Would not be able to figure this one out on time if it wasn’t for this blog.

    Awesome keep up the great work.

  24. I started attacking the issue the complete wring way looking at access issues. Turned out to be time sync. thx!

  25. JESSICA GODOY says:

    Thanks!!!!!

    I had problems with Exchange server 2013 and this article resolved my problem!

    Thank you very much for shared this.

    Jessica Godoy

  26. Antonin BRAGAI says:

    Hi PAUL,

    Merci cet article a résolut mon problème

  27. Saurabh Damle says:

    The following error occured while attempting to connect to the specified server “yada-yada”:
    The attempt to connect to “yada-yada/Powershell” using Kerberos authentication failed. Connecting to remote server failed with the following error message : Access denied. For more info…”

    We have Active Directory In VmWare EsXi and Exchange 2010 on Physical Server. I can see that by entering “net time /set” works well but after few moments it changes the time again.

    Please help.

    Thank you so much

    • Your DC is virtualized. For some reason, sometimes a virtual DC will pick up its host machine time even if you just set it on the VM. Update the host time and see if it still has a problem.

  28. thank you, this fixed the issue….

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.