Office365 Hybrid Configuration WinRM “Access Denied”

Upon configuring Hybrid Configuration Wizard (HCW) for a customer I received this error about WinRM: ‘Access Denied’.

The Exchange Server was fully upgraded as all operators want their servers.


This meant the server had Windows Management Framework 3.0 with WinRM and PowerShell in version 3.0.


Some bug in version 3.0 made the HCW fail and I had to uninstall 3.0 from installed updates.

Download and install 2.0, and now the HCW worked like a charm 🙂


Summary: 2 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:00

Exchange Management Shell command completed:
Set-HybridConfiguration -Features ‘MoveMailbox’,’OnlineArchive’,’FreeBusy’,’Mailtips’,’MessageTracking’,’OwaRedirection’,’SecureMail’ -Domains ‘’ -ClientAccessServers ‘EXCHANGECAS’ -TransportServers ‘EXCHANGECAS’ -ExternalIPAddresses ‘’,’′ -OnPremisesSmartHost ‘’ -SecureMailCertificateThumbprint ‘1DB0A99D010CB7F6A112A92D723398D8BA45DA26’

Elapsed Time: 00:00:00

Updating hybrid configuration failed with error ‘System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (ExchangeCAS:80) returned an ‘access denied’ error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server: For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.Runspaces.RunspacePool.Open()
at System.Management.Automation.RemoteRunspace.Open()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.Connect(PSCredential credentials, CultureInfo sessionUiCulture)
at Microsoft.Exchange.Management.Hybrid.Engine.Execute(Logger logger, String onPremPowershellHost, PSCredential onPremCredentials, PSCredential tenantCredentials, HybridConfiguration hybridConfiguration)
at Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateHybridConfiguration.InternalProcessRecord()’.

Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:Program FilesMicrosoftExchange ServerV14LoggingUpdate-HybridConfigurationHybridConfiguration_12_12_2012_10_38_7_634909054873426692.log.

Exchange Management Shell command attempted:
Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’

Elapsed Time: 00:00:00

Leave a Reply


I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts