Thursday, November 24, 2016

WFA Powershell Commands Slow ?

Are you running WFA and are all PowerShell commands slow ?


Maybe CRL checking is enabled...

PowerShell cmdlets are sometimes "signed" and when they are run, they tend to go the the web and check the CRL (Certificate Revocation List).  Now if internet connection is not allowed or slow, this will impact the speed of the commands.

Therefor, disable CRL checking.  But remember, the WFA service might run under a specific user.  To be on the safe side, run the piece of PowerShell code below on the WFA server (run as admin !) and it will loop all the local users and disable CRL checking.

If it is still slow, even after a reboot, try this in a local powershell window
set-executionpolicy -scope localsystem bypass

If that actually speeds things up, you can add following line at the top of your wfa profile.ps1 script (PROGRAM FILES\Netapp\Wfa\PoSH)
set-execution policy -scope process bypass -force -confirm:$false


The script below will disable CRL
NOTE : the script below has the v2.0.50727 hardcoded.  I you have a different version, just search-replace with your current version.

Set-ExecutionPolicy Unrestricted


#the following statement goes on one line
set-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146944

#the following statement goes on one line also
set-ItemProperty -path "REGISTRY::\HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146944

get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -ErrorAction silentlycontinue -path ($_.Name + "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing")  -name State -value 146944}

Write-Host -ForegroundColor White "> Disabling Certificate Revocation List (CRL) check..."

ForEach($bitsize in ("","64"))
{        
  $xml = [xml](Get-Content $env:windir\Microsoft.NET\Framework$bitsize\v2.0.50727\CONFIG\Machine.config)
  If (!$xml.DocumentElement.SelectSingleNode("runtime")) {
    $runtime = $xml.CreateElement("runtime")
    $xml.DocumentElement.AppendChild($runtime) | Out-Null
  }

  If (!$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence")) {
    $gpe = $xml.CreateElement("generatePublisherEvidence")
    $xml.DocumentElement.SelectSingleNode("runtime").AppendChild($gpe)  | Out-Null
  }

  $xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence").SetAttribute("enabled","false")  | Out-Null
  $xml.Save("$env:windir\Microsoft.NET\Framework$bitsize\v2.0.50727\CONFIG\Machine.config")
}


No comments :

Post a Comment