exchange_monitor cmd-let error - Returns Impersonation error, POWERSHELL data fetch error

book

Article ID: 33916

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES CA Unified Infrastructure Management for z Systems CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

exchange_monitor probe log shows a powershell data fetch error.

The probe fails to collect data from exchange server due to security issues. Data collector process fails to execute due to errors in impersonation.

Cause

- probe configuration and exchange server access/permissions

Environment

Release:
Component: UIMEXM

exchange_monitor v5.40

Windows 2008 R2/Windows OS

Resolution

Please refer to the exchange_monitor probe release notes-> "Known Issues and Workarounds":

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/exchange-monitor-microsoft-exchange-monitoring/exchange-monitor-microsoft-exchange-monitoring-release-notes.html

Solution: Manually add permission to the directory "probe/application/exchange_monitor" for the configured user.

Impersonation errors occurs because exchange_monitor uses logon type 2 (interactive logon) to access the Exchange server. So you have to add this user to local policy 'Allow log on locally.'

When the user does not have enough rights to access the earlier mentioned directory Powershell gives an error message saying "Returns POWERSHELL data fetch error". This is solved by adding the following rights allowed to this specific user: Read & execute, List folder contents, Read and Write.

See also-> http://technet.microsoft.com/en-us/library/ff367871%28v=exchg.141%29.aspx

- "Allow log on locally" on the Exchange server
- Allow read, write, execute, list folder contents file permissions on Nimsoft folder (specifically the exchange_monitor folder)

Whenever the user does not have enough rights to access->

   Nimsoft/probes/application/exchange_monitor

on the machine where the probe itself is installed, then Powershell will throw an error message saying "Returns POWERSHELL data fetch error".

Also to execute the cmdlet on the exchange server, the user should also have 'Exchange View-Only Administrators' privilege.

Along with this, you need to add 'Exchange View-Only Administrators' group in 'Allow log on locally' policy of the exchange server.

To achieve this, open security settings and click on ‘User Rights Assignment.’ All the policies will be listed in the right pane. Double click on 'Allow log on locally' and add 'Exchange View-Only Administrators' group.

Note that in one other case, a cmd-let authentication issue was resolved by adding the cmd-let user to the Windows Administrators Group.