cancel
Showing results for 
Search instead for 
Did you mean: 

EVPM and Remote Powershell

fbrugnara
Level 2

Hi Guys I need some help understandig why EVPM fails on my remote powershell session.

When I launch the command directly on the server. It processes the mailboxes but when I launch it over a remote pssession I get:

Creating privileged MAPI session ...
Error (0x80072020) creating privileged MAPI session against Exchange Server xxx-xxx.xxx.local

This is how I create the session:

$evaultSession = New-PSSession -ConfigurationName Microsoft.PowerShell32 -ComputerName $evaultServer -Credential $evaultCredential
 
This is how I Invoke the command:
Invoke-Command -Session $evaultSession -ScriptBlock{Invoke-Expression -Command $using:evaultMailboxDisableCommand}
This is how I create the command:
$evaultMailboxDisableCommand = '& "C:\Program Files (x86)\Enterprise Vault\EVPM.EXE" -e xxx.xxx.local -m "SMTP:xxx@xxx.local" -f ' + $evaultMailboxDisableINIPath+$evaultMailboxDisableINIFileName
# & "C:\Program Files (x86)\Enterprise Vault\EVPM.EXE" -e xxx.xxx.local -m "SMTP:svc-xxx@xxxlocal" -f C:\Temp\xxx.ini

This my ini:

[Directory]
DirectoryComputerName = xxx.xxx.local
SiteName = xxxx

; Use the Distinguished Name of the mailbox to be zapped. You can get this by running the archiving task in report mode for that mailbox and viewing the resulting report.

[Mailbox]
DistinguishedName=/o=xxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=9195b4ff886c4b3186a49adaf522fa53-xxx
DistinguishedName=/o=xxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xxx4c9
DistinguishedName=/o=xxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=77fb0facca1941f99c0b93b9dfe8fbb0-xxx
DistinguishedName=/o=xxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=xxx


[Folder]
Name = MailboxRoot
Enabled = False

 

Any help is appreciated.

4 REPLIES 4

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi,

I am unable to test at the moment, but I believe this is due to incorrect credentials. Even while using the $evaultCredential, I believe that an EVPM action still has to be executed while logged on as VSA. This has to do with a check on 'logged on user' as far as I know.

If you create the ps command locally, and run it as VSA, it works. 

Can you perhaps call the PS1 from the remote server, while logged on as VSA, and see if that works?

 

Regards. Gertjan

Hi,

thanks for the reply! 

Sorry for the ignorance but what is VSA ? I create the session as the service account under which enterprise was installed, which has the highest privileges possible on that server / enterprise vault. If I run the command on the evault server locally as that user it runs as expected. It only prints that error if I create a remote ps session as that user.

BR

Florian

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

Ah, sorry Vault Service Account (= VSA). 

Because the command runs locally correct, the syntax is correct. The issue you have is with permissions. I am not 100% sure, but I believe what happens is the following: you login on server A using your admin account. You run the powershell against the remote server B (with VSA credentials in it). COmmand fails. I believe it fails because on Server B, the command is run as YOU, not VSA.

I am no powershell expert, but I would try next: Set the EVPM command in a PS1 file, and check locally if that works. then below, you will have to check how to use the -credentials on these commands to be able to have them work as VSA

From remote machine, try running the command with:

Invoke-Command -ComputerName EVSERVERNAME -ScriptBlock{ & "D:\Temp\Test.ps1"}

if setting the EVPM command in PS1 does not work, enter it in a CMD, then try

Enter-PSSession -ComputerName EVSERVERNAME
& "D:\Temp\Test.cmd"
Exit-PSSession

Regards. Gertjan

Thanks for pointing that out.

I have tried both variants:

[xxx-SRVxxx]: PS C:\Users\svc-evault\Documents> & "C:\temp\test.ps1"


Creating privileged MAPI session ...
Error (0x80072020) creating privileged MAPI session against Exc
hange Server xxx-SRVxxx.xxxx.local
[xxx-SRVxxx]: PS C:\Users\svc-evault\Documents> & "C:\temp\test.cmd"

C:\Users\svc-evault\Documents>"C:\Program Files (x86)\Enterpris
e Vault\EVPM.EXE" -e xxx-SRVxxx.immnet.local -m "SMTP:svc-evsys
temmailboxxxx@immnet.local" -f C:\Temp\EV_DisabledMB_14092022_0
40839_admin-xxx.ini


Creating privileged MAPI session ...
Error (0x80072020) creating privileged MAPI session against Exc
hange Server xxx-SRVxxx.immnet.local
[xxx-SRVxxx]: PS C:\Users\svc-evault\Documents> Exit-PSSession

Same error. I think this might be a technical limitation. Bad luck gotta do it by hand then. 

Thanks for all the effort. BR

Flo