ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Error with endpoint Exchange Agentless

book

Article ID: 186473

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Connecting to remote server failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.

Cause

The error message is directly related to either bad DNS / Firewall / Misconfigured DNS within the AD Endpoint Configuration between IDM and the Domain Controller.

Environment

Release: 14.X

Component: CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Component: CA IDENTITY MANAGER (IDENTITY MANAGER)

Resolution

Troubleshooting Tips:

- Check that the winrm configurations have been implemented correctly on both servers (the Gateway server and the CCS server);

- Run NSLookup commands and confirm that the AD Endpoint Configuration DNS record is valid and matches the destination from the source machines.

- Run Telnet commands and confirm there are no ports or firewalls blocking communication.

- Check how is the Gateway server set on the ADS endpoint object 

- Check how is the Exchange server hostname is resolved from this Gateway server and from the ADS endpoint server.

- Verify that the WinRM service is started and Automatic.

- Make sure that there is no firewall in between the AD / Connector server, or if there is, there are exceptions for port 5985 for HTTP, and/or 5986 for HTTPS.


If those are verified, from an administrator command prompt run:
                     winrm quickconfig -q

This will correct any issues found automatically, such as the LocalAccountTokenFilterPolicy, and you are ready to test all the above scenarios once more.