Clean up dead node Service Registrations

To clean up dead node Service Registrations, do the following:

  1. Targeting to the local node SSDSURL (https://<Hostname of the local node>:8181/SecurityFrameworkService), the services on the remote host need to be unenrolled using <Install folder>\Shared Services\SecurityFrameworkService\NDISecTool\NDISecTool.exe:
    • Point SecurityFramework to the local node:

    $ NDISecTool.exe -ssdscert /ssdsurl https://<Hostname of the local node>:8181/SecurityFrameworkService -tofu -o

    • Unenroll the remote v1-auth, v1-service v1-ddbmanagement, service:
      • Find the exact ID of each service. You can display the service record by launching, where <ServiceName> is v1-auth, or v1-service, or v1-ddbmanagement:

        $ NDISecTool.exe -findservices -n SecurityFrameworkService -servicename <ServiceName> -endpointurl "https://<Hostname of the remote node>:8181/SecurityFrameworkService"

        Save the "Id" field of each displayed service record.

      • Run each service v1-auth, v1-service v1-ddbmanagement in order:

        $ NDISecTool.exe -unenrollservice -n SecurityFrameworkService -serviceid <the previously saved service ID>

    • Unenroll all the other services installed on the remote host in the way described above
  2. The client components on the remote host cannot be unenrolled remotely, so these records will remain in the database and they will not cause any problem.