Windows Administration Tips

Saturday, March 31, 2018

SharePoint 2013 Certificate Error Causes Performance Issues

Opening the Application log within Event Viewer showed the following critical error with the text

“A certificate validation operation took 30015.2428 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details.”

to fix this run sharepoint powershell as Administrator:

$SProotCert = (Get-SPCertificateAuthority).RootCertificate

$SProotCert.Export(“Cer”) | Set-Content C:\SProotCert.cer –Encoding Byte

this command will export certificate to C:\ drive

Open the Certificates MMC by opening a Run command and type MMC. Choose File -> Add/Remove Snap-in. Select the Certificates Snap-in and click Add. On the next screen select Computer account and click Next followed by Local computer and Ok.

Right-click on Trusted Root Certificates and choose All Tasks -> Import

certificate C:\SProotCert.cer

These steps fixed the error on most of our SharePoint servers, but it remained on two. In order to fix the error on the two remaining servers I configured proxy access through Internet Explorer, then from an elevated command prompt ran “netsh winhttp import proxy source=ie” This configures Windows to use the IE proxy configuration as a default. The servers were then able to access the internet and verify the certificates.

Source

Monday, March 26, 2018

Password Expiry Email Notification

$smtpServer="email.yourserver.com"
#When the expirary date is less than the number below, the user will be notified
$expireindays = 10
$from = "Company Administrator <msadminis@yourserver.com>"
$logging = "Enabled" # Set to Disabled to Disable Logging
$logFile = "C:\tmp\passwordlog.csv" # ie. “c:\mylog.csv”
$testing = "Disabled" # Set to Disabled to Email Users
$testRecipient = "administratorsmail@yourserver.com"
#############################################################
# Check Logging Settings
if (($logging) -eq "Enabled")
{
# Test Log File Path
$logfilePath = (Test-Path $logFile)
if (($logFilePath) -ne "True")
{
# Create CSV File and Headers
New-Item $logfile -ItemType File
Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn,Notified"
}

} # End Logging Check

# System Settings

$textEncoding = [System.Text.Encoding]::UTF8

$date = Get-Date -format ddMMyyyy
# End System Settings
# Get Users From AD who are Enabled, Passwords Expire and are Not Currently Expired

Import-Module ActiveDirectory

$users = get-aduser -searchbase "OU=users,DC=yourserver,DC=com" -Server yourserver.com -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }

$DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
# Process Each User for Password Expiry
foreach ($user in $users)

{
$Name = $user.Name

$emailaddress = $user.emailaddress

$passwordSetDate = $user.PasswordLastSet

$PasswordPol = (Get-AduserResultantPasswordPolicy $user)

$sent = "" # Reset Sent Flag

# Check for Fine Grained Password

if (($PasswordPol) -ne $null)

{

$maxPasswordAge = ($PasswordPol).MaxPasswordAge

}

else

{

# No FGP set to Domain Default

$maxPasswordAge = $DefaultmaxPasswordAge

}

$expireson = $passwordsetdate + $maxPasswordAge

$today = (get-date)

$daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days

# Set Greeting based on Number of Days to Expiry.

# Check Number of Days to Expiry

$messageDays = $daystoexpire

if (($messageDays) -gt "1")

{

$messageDays = "in " + "$daystoexpire" + " days."

}

else

{

$messageDays = "today."

}

# Email Subject Set Here

$subject="Your password will expire $messageDays"
# Email Body Set Here, Note You can use HTML, including Images.

$body ="

Dear $name,

 Your Password will expire $messageDays 

To change your password on a PC press CTRL ALT Delete and chose Change Password 

 If you are using a MAC you can now change your password via Web Mail. 
Login to <a href=""https://email.yourserver.com/owa"">Web Mail</a> click on Options, then Change Password.
 Don't forget to Update the password on your Mobile Devices as well!
Thanks, 

IT Support
<a href=""mailto:support@yourserver.com""?Subject=Password Expiry Assistance"">support@yourserver.com</a> | 1818
Thanks, 

"

# If Testing Is Enabled - Email Administrator

if (($testing) -eq "Enabled")

{

$emailaddress = $testRecipient

} # End Testing

# If a user has no email address listed

if (($emailaddress) -eq $null)

{

$emailaddress = $testRecipient

}# End No Valid Email

# Send Email Message

if (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays))

{

$sent = "Yes"

# If Logging is Enabled Log Details

if (($logging) -eq "Enabled")

{

Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson,$sent"

}

# Send Email Message

Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High -Encoding $textEncoding

} # End Send Message

else # Log Non Expiring Password

{

$sent = "No"

# If Logging is Enabled Log Details

if (($logging) -eq "Enabled")

{

Add-Content $logfile "$date,$Name,$emailaddress,$daystoExpire,$expireson,$sent"

}

}

} # End User Processing

Thursday, March 15, 2018

Service Manager 2012 service not starting after update KB2677070

After applying the recently released security update KB2677070 the System Center Data Access Service and the System Center Management Configuration Service wont start. Both services will log a "Error 1053: The service did not respond to the start or control request in a timely fashion"

Change the Group Policy settings. To do this, follow these steps:

Under the Computer Configuration node in the Local Group Policy Editor, double-click Policies.
Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
In the details pane, double-click Certificate Path Validation Settings.
Click the Network Retrieval tab, click to select the Define these policy settings check box, and then click to clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
Click OK, and then close the Local Group Policy Editor.

Source

Monday, February 26, 2018

Re-join Domain Without Restarting

“The trust relationship between the workstation and the primary domain failed”.

to fix this without restart

use this powershell command :

CD C:\Windows\System32\WinddowsPowershell\v1.0

Test-ComputerSecureChannel –credential Yourdoamin\Administrator –Repair

Enter admin password

to test relation ship use :

Test-ComputerSecureChannel

If True - it works !!!

Friday, February 16, 2018

You are unable to choose the OU in EAC when creating a new Mailbox, Groups or Contacts

Exchange Control Panel (ECP) can display no more than 500 OUs. When there are more than 500 OUs, a new window is generated, and this window is either blank or contains a "There are more items to show in this view" message.

On the Exchange Server 2013 (2016 ) mailbox server, go to the following folder:

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp
Add the following lines in the web.config file just above </appsettings>:
```
<add key="GetListDefaultResultSize" value="5000" /> 
```
```
Restart MSExchangeECPAppPool.
```

Monday, February 12, 2018

Enabling Disk Performance Counters in Windows Server 2012 R2 Task Manager

Ensure Task Manager is closed.
Launch the Command Prompt using the "Run as Administrator" option.
Enter the following at the Command Prompt: diskperf -Y

Friday, February 9, 2018

Get proxy settings using PowerShell

Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' `| Select-Object *Proxy*