Updates to EOP and SCC Powershell connection instructions

chrisda · chrisda · commit 0705903279d7 · 2018-05-09T10:49:28.000-07:00
Added troubleshooting bullet about SNAT issues per VSO:2316204
diff --git a/exchange/docs-conceptual/exchange-eop/connect-to-exchange-online-protection-powershell.md b/exchange/docs-conceptual/exchange-eop/connect-to-exchange-online-protection-powershell.md
@@ -3,7 +3,7 @@ title: "Connect to Exchange Online Protection PowerShell"
 ms.author: chrisda
 author: chrisda
 manager: serdars
-ms.date: 7/10/2017
+ms.date: 5/9/2018
 ms.audience: Admin
 ms.topic: article
 ms.service: eop
@@ -53,15 +53,15 @@ Exchange Online Protection PowerShell allows you to manage your Exchange Online
   
 ## Connect to Exchange Online Protection
 
-1. On your local computer, open Windows PowerShell and run the following command.
+1. On your local computer, open Windows PowerShell and run the following command:
     
    ```
    $UserCredential = Get-Credential
    ```
 
     In the **Windows PowerShell Credential Request** dialog box, type your work or school account and password, and then click **OK**.
     
-2. Run the following command.
+2. Run the following command:
     
     ```
     $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
@@ -73,7 +73,7 @@ Exchange Online Protection PowerShell allows you to manage your Exchange Online
     
    - For Exchange Online Protection subscriptions that are Exchange Enterprise CAL with Services (includes data loss prevention (DLP) and reporting using web services), use the  _ConnectionUri_ value: `https://outlook.office365.com/powershell-liveid/`
     
-3. Run the following command.
+3. Run the following command:
     
    ```
    Import-PSSession $Session
@@ -97,7 +97,13 @@ If you receive errors, check the following requirements:
 - To help prevent denial-of-service (DoS) attacks, you're limited to three open remote PowerShell connections to your Exchange Online Protection organization.
     
 - TCP port 80 traffic needs to be open between your local computer and Office 365. It's probably open, but it's something to consider if your organization has a restrictive Internet access policy.
-    
+
+- The **New-PSSession** command (Step 2) might fail to connect if your client IP address changes during the connection request. This can happen if your organization uses a source network address translation (SNAT) pool that contains multiple IP addresses. The connection error looks like this:
+
+   `The request for the Windows Remote Shell with ShellId <ID> failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation.`
+
+   To fix the issue, use an SNAT pool that contains a single IP address, or force the use of a specific IP address for connections to the Exchange Online Protection PowerShell endpoint.
+
 ## See also
 
 The cmdlets that you use in this topic are Windows PowerShell cmdlets. For more information about these cmdlets, see the following topics.
diff --git a/exchange/docs-conceptual/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell.md b/exchange/docs-conceptual/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell.md
@@ -3,7 +3,7 @@ title: "Connect to Office 365 Security &amp; Compliance Center PowerShell"
 ms.author: chrisda
 author: chrisda
 manager: serdars
-ms.date: 12/13/2017
+ms.date: 5/9/2018
 ms.audience: Admin
 ms.topic: article
 ms.service: o365-security-and-compliance
@@ -72,7 +72,7 @@ For more information about the Security &amp; Compliance Center, see [Office 365
 
     **Note**: For Office 365 Germany, use the _ConnectionUri_ value: `https://ps.compliance.protection.outlook.de/powershell-liveid/`
     
-3. Run the following command.
+3. Run the following command:
     
     ```
     Import-PSSession $Session
@@ -98,7 +98,13 @@ If you receive errors, check the following requirements:
 - To help prevent denial-of-service (DoS) attacks, you're limited to three open remote PowerShell connections to the Security &amp; Compliance Center.
     
 - TCP port 80 traffic needs to be open between your local computer and Office 365. It's probably open, but it's something to consider if your organization has a restrictive Internet access policy.
-    
+
+- The **New-PSSession** command (Step 2) might fail to connect if your client IP address changes during the connection request. This can happen if your organization uses a source network address translation (SNAT) pool that contains multiple IP addresses. The connection error looks like this:
+
+   `The request for the Windows Remote Shell with ShellId <ID> failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation.`
+
+   To fix the issue, use an SNAT pool that contains a single IP address, or force the use of a specific IP address for connections to the Security & Compliance PowerShell endpoint.
+ 
 ## See also
 
 The cmdlets that you use in this topic are Windows PowerShell cmdlets. For more information about these cmdlets, see the following topics.
diff --git a/exchange/docs-conceptual/office-365-scc/connect-to-scc-powershell/mfa-connect-to-scc-powershell.md b/exchange/docs-conceptual/office-365-scc/connect-to-scc-powershell/mfa-connect-to-scc-powershell.md
@@ -2,7 +2,7 @@
 title: "Connect to Office 365 Security &amp; Compliance Center PowerShell using multi-factor authentication"
 ms.author: chrisda
 author: chrisda
-ms.date: 12/13/2017
+ms.date: 5/9/2018
 ms.audience: Admin
 ms.topic: article
 ms.service: o365-security-and-compliance
@@ -106,4 +106,8 @@ If you receive errors, check the following requirements:
     
 - TCP port 80 traffic needs to be open between your local computer and Office 365. It's probably open, but it's something to consider if your organization has a restrictive Internet access policy.
     
+- The **Connect-IPPSSession** command (Step 2) might fail to connect if your client IP address changes during the connection request. This can happen if your organization uses a source network address translation (SNAT) pool that contains multiple IP addresses. The connection error looks like this:
 
+   `The request for the Windows Remote Shell with ShellId <ID> failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation.`
+
+   To fix the issue, use an SNAT pool that contains a single IP address, or force the use of a specific IP address for connections to the Security & Compliance PowerShell endpoint.
