Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Server & Application Monitor (SAM) > AppInsight for Exchange in SAM - PowerShell Exchange web site Testing Failed with the Following Error: Access Denied

AppInsight for Exchange in SAM - PowerShell Exchange web site Testing Failed with the Following Error: Access Denied

Updated November 7, 2017


When you attempt to configure or test AppInsight for Exchange, the following error is displayed:

WinRM test was successful.
PowerShell Exchange web site testing failed with the following error:
Connecting to remote server ExchangeServer failed with the following error message:
[ClientAccessServer=ExchnageServer, BackEndServer=, RequestID=12345678-a123-12a1-ab12-
ab123cd45678,TimeStamp=29-9-2017 09:10:12] Access Denied
For more information, see the about_Remote_Troubleshooting Help topic.


From the above error message, WinRM configuration is fine but the PowerShell - Exchange URL is having issues.


  • Server and Application Monitor v6.1+


The cause of this can be due to mismatches with the CN of the certificate and the endpoint that's being attempted to be used.


First, check the certificate configuration in place on the Default Web Site on the Exchange Server

  1. RDP to the Exchange Mailbox that's having the error.
  2. Run > inetmgr
  3. Expand the Server
  4. Expand Sites
  5. Right-click Default Web Site
  6. Edit Bindings
  7. Edit the HTTPS listener
  8. View the Certificate


In here, ensure the certificate is valid and check who the certificate is issued to. If it's a signed against a Fully Qualified name, such as then this will require the use of this URL in the AppInsight for Exchange configuration





The following steps should be used in the following situations:

  • A Wildcard Certificate is configured on Exchange and there's no DNS entry for the PowerShell Endpoint
  • Exchange Websites sit behind a Load Balancer


In the event of the above situations, another HTTPS binding on some random port can be assigned to the Exchange server with a Self-Signed Certificate or the Microsoft Exchange Certificate.




With the above binding created, the configuration in AppInsight for Exchange would look like the following





Last modified