Set processor affinity for scom agent

Problem

SCOM agent tasks are consuming 100% processor time causing a slow reaction time on servers.

Solution

Force SCOM agent processes to run on one CPU-core so other tasks get processor time.
To achieve this add a scheduled task running the following script every 5 minutes to force processes to run on one core . Here on core 2.
You have to run this job frequently as SCOM is starting new processes every now and then.

This is a simple way to reduce load after max 5 Minutes

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$processes = get-process
foreach ($process in $processes)
{
            $procid = $process.ID
            If ($process.ProcessName -eq "HealthService")
            {
                        $ScomProc = Get-Process -id $procid; $ScomProc.ProcessorAffinity=2
 
            }
            If ($process.ProcessName -eq "MonitoringHost")
            {
                        $ScomProc = Get-Process -id $procid; $ScomProc.ProcessorAffinity=2
            }
 
}
Posted in Fix IT | Tagged , | Comments Off on Set processor affinity for scom agent

Revoke certificate from Microsoft PKI

This solution is based on powershell module PSPKI . Here is a link to download it : https://www.powershellgallery.com/packages/PSPKI/3.2.7.0

Open Poweshell and run the following commands

1
2
3
4
5
6
7
8
Import-Module PSPKI
$sCAServer = "<FQDN of your CA Server"
# read certificates into a variable . This needs time
$issued = get-ca $sCAServer | get-issuedrequest
# find the certificate you like to revoke. Adjust the query so the result shows only certificates to remive
$issued | where {$_.commonname -like "Computername1"} 
# Finally run the query with Revoke command
$issued | where {$_.commonname -like "Computername1"} | Revoke-Certificate -Reason CeaseOfOperation

Here an other way using a list of certificate id’s

1
2
3
4
5
6
7
8
9
10
11
12
Import-Module PSPKI
$sCAServer = "<FQDN of your CA Server"
# read certificates into a variable . This needs time
$issued = get-ca $sCAServer | get-issuedrequest -Property CertificateTemplate,UPN,Request.CommonName 
$certids = "2766,16536,16537,16538,2848,2925"
 
foreach ($certid in $certids.split(","))
{
            write-host $certid
            # $certs  | where {$_.RequestID -like $CertId } | Revoke-Certificate -Reason "hold"
            $certs | where {$_.RequestID -like $CertId } | Revoke-Certificate -Reason "CeaseOfOperation"
}
Posted in Fix IT | Tagged , | Comments Off on Revoke certificate from Microsoft PKI

Enable access to a file system share using dns alias

Out of the box Windows is not allowing access to a file system share exept using the server name. Example  \\Server\share or \\server.domain.com\share

To access a share using a dns alias do the  following.

  • create a dns alias pointing to the server
  • change the following regkeys on the server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“DisableStrictNameChecking”=dword:00000001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“SrvAllowedServerNames”=hex(7)
Add all names in fqdn format to this multistring  including the server:
example: server.domain.com alias1.dmain.com alias2.dmain.com

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“OptionalNames”=hex(7):
Add  all names in short Netbios format to this multistring without the server name:
example: alias1 alias2
Info: Accessing a share using short names will result in password errors without this parameter.
example: dir \\server\share

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
“BackConnectionHostNames”=hex(7)
Add  all names in fqdn format to this multistring including the server:
example: server.domain.com alias1.dmain.com alias2.dmain.com

  • Restart the server (optional on a non productive server restart the service lanmanserver)

Switch to the failover or new system

  • apply all the settings above on your failover server
  • Lower DNS TTL settings of all DNS entries used as alias so a DNS change happens faster.
  •  
  • Change all dns aliases to your new server
  • Remove alias SPN on your old Server object in ADDS.
  • Add SPNs on your failover server object in ADDS
  • remove the settings above from your old server.
Posted in Fix IT | Tagged | Comments Off on Enable access to a file system share using dns alias

Kill all but own powershell process

use the following command within powershell to terminate all but your one shell.

get-process | where {$_.name -like “powershell” -and $_.ID  -notlike “$pid”} | stop-process

Posted in Information Technology | Tagged | Comments Off on Kill all but own powershell process

Synology phpMyAdmin update is ending in page error

Problem

phpMyAdmin is not starting. You get a webpage displaying the following error in red color.

The mysqli extension is missing. Please check your PHP configuration.

Solution:

Open “Web Station” GUI from the main menu of your NAS. Then proceed to “PHP Settings”  and edit your default profile. Within “Extensions” scroll down to mysqli and enable the extension. That’s it.

 

Posted in Fix IT | Tagged , | Comments Off on Synology phpMyAdmin update is ending in page error

Install Telnet Client using command line

dism /online /Enable-Feature /FeatureName:TelnetClient
Posted in Information Technology | Tagged | Comments Off on Install Telnet Client using command line

Find existing UPN in Forest

A userPrincipalName (UPN) must be unique in a Active Directory Forest. To check for an existing UPN use the following lines. The script expects that all DC’s within the Root Domain are GC enabled .

1
2
3
4
5
6
7
8
9
10
11
12
$RootDomain = "Contoso.com"
$DomainControllerRoot = (Get-ADDomainController -Filter * -server $RootDomain | select Hostname).hostname[0]
$GlobalCatalog = $DomainControllerRoot +":3268"
$UserPrincipalName = "Name@namespace.com"
if ((get-aduser -ldapfilter "(userPrincipalName=$UserPrincipalName)" -server $GlobalCatalog ).userPrincipalName.length -gt 0)
{
Write-host "UPN NOT unique in Forest : $UserPrincipalName "
}
Else
{
Write-host "UPN UNIQUE in Forest : $UserPrincipalName " 
}
Posted in Information Technology | Tagged , , | Comments Off on Find existing UPN in Forest