Saturday, March 31, 2018

SharePoint 2013 Certificate Error Causes Performance Issues

Opening the Application log within Event Viewer showed the following critical error with the text
“A certificate validation operation took 30015.2428 milliseconds and has exceeded the execution time threshold.  If this continues to occur, it may represent a configuration issue.  Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details.”
to fix this run sharepoint powershell as Administrator:
$SProotCert = (Get-SPCertificateAuthority).RootCertificate
$SProotCert.Export(“Cer”) | Set-Content C:\SProotCert.cer –Encoding Byte
this command will export certificate to C:\ drive
Open the Certificates MMC by opening a Run command and type MMC.  Choose File -> Add/Remove Snap-in.  Select the Certificates Snap-in and click Add.  On the next screen select Computer account and click Next followed by Local computer and Ok.
Right-click on Trusted Root Certificates and choose All Tasks -> Import
certificate C:\SProotCert.cer
These steps fixed the error on most of our SharePoint servers, but it remained on two.  In order to fix the error on the two remaining servers I configured proxy access through Internet Explorer, then from an elevated command prompt ran “netsh winhttp import proxy source=ie”  This configures Windows to use the IE proxy configuration as a default.  The servers were then able to access the internet and verify the certificates.

Posted by at No comments:
Labels:

Monday, March 26, 2018

Password Expiry Email Notification

$smtpServer="email.yourserver.com"
#When the expirary date is less than the number below, the user will be notified
$expireindays = 10
$from = "Company Administrator <msadminis@yourserver.com>"
$logging = "Enabled" # Set to Disabled to Disable Logging
$logFile = "C:\tmp\passwordlog.csv" # ie. “c:\mylog.csv”
$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient = "administratorsmail@yourserver.com"
#############################################################
# Check Logging Settings
if (($logging) -eq "Enabled")
{
    # Test Log File Path
    $logfilePath = (Test-Path $logFile)
    if (($logFilePath) -ne "True")
    {
        # Create CSV File and Headers
        New-Item $logfile -ItemType File
        Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn,Notified"
    }

} # End Logging Check

# System Settings

$textEncoding = [System.Text.Encoding]::UTF8

$date = Get-Date -format ddMMyyyy
# End System Settings
# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired

Import-Module ActiveDirectory

$users = get-aduser -searchbase "OU=users,DC=yourserver,DC=com" -Server yourserver.com  -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
# Process Each User for Password Expiry
foreach ($user in $users)

{
    $Name = $user.Name

    $emailaddress = $user.emailaddress

    $passwordSetDate = $user.PasswordLastSet

    $PasswordPol = (Get-AduserResultantPasswordPolicy $user)

    $sent = "" # Reset Sent Flag

    # Check for Fine Grained Password

    if (($PasswordPol) -ne $null)

    {

        $maxPasswordAge = ($PasswordPol).MaxPasswordAge

    }

    else

    {

        # No FGP set to Domain Default

        $maxPasswordAge = $DefaultmaxPasswordAge

    }

    $expireson = $passwordsetdate + $maxPasswordAge

    $today = (get-date)

    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

     

    # Set Greeting based on Number of Days to Expiry.

    # Check Number of Days to Expiry

    $messageDays = $daystoexpire



    if (($messageDays) -gt "1")

    {

        $messageDays = "in " + "$daystoexpire" + " days."

    }

    else

    {

        $messageDays = "today."

    }

   # Email Subject Set Here

    $subject="Your password will expire $messageDays"
    # Email Body Set Here, Note You can use HTML, including Images.

    $body ="

    Dear $name,

    <p> Your Password will expire $messageDays<br>

    To change your password on a PC press CTRL ALT Delete and chose Change Password <br>

<p> If you are using a MAC you can now change your password via Web Mail. <br>
    Login to <a href=""https://email.yourserver.com/owa"">Web Mail</a> click on Options, then Change Password.
    <p> Don't forget to Update the password on your Mobile Devices as well!
    <p>Thanks, <br>
    </P>
    IT Support
    <a href=""mailto:support@yourserver.com""?Subject=Password Expiry Assistance"">support@yourserver.com</a> | 1818
    <p>Thanks, <br>

    </P>"

 

    # If Testing Is Enabled - Email Administrator

    if (($testing) -eq "Enabled")

    {

        $emailaddress = $testRecipient

    } # End Testing



    # If a user has no email address listed

    if (($emailaddress) -eq $null)

    {

        $emailaddress = $testRecipient 

    }# End No Valid Email



    # Send Email Message

    if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))

    {

        $sent = "Yes"

        # If Logging is Enabled Log Details

        if (($logging) -eq "Enabled")

        {

            Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson,$sent"

        }

        # Send Email Message

        Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding 



    } # End Send Message

    else # Log Non Expiring Password

    {

        $sent = "No"

        # If Logging is Enabled Log Details

        if (($logging) -eq "Enabled")

        {

            Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson,$sent"

        }     

    }

 

} # End User Processing
Posted by at No comments:
Labels:

Thursday, March 15, 2018

Service Manager 2012 service not starting after update KB2677070


After applying the recently released security update KB2677070 the System Center Data Access Service and the System Center Management Configuration Service wont start. Both services will log a "Error 1053: The service did not respond to the start or control request in a timely fashion"


Change the Group Policy settings. To do this, follow these steps:
  1. Under the Computer Configuration node in the Local Group Policy Editor, double-click Policies.
  2. Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
  3. In the details pane, double-click Certificate Path Validation Settings.
  4. Click the Network Retrieval tab, click to select the Define these policy settings check box, and then click to clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
  5. Click OK, and then close the Local Group Policy Editor.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)