Clean up dead node Service Registrations
To clean up dead node Service Registrations, do the following:
-
Targeting to the local node SSDSURL (https://<Hostname of the local
node>:8181/SecurityFrameworkService), the services on the remote host need to be
unenrolled using <Install folder>\Shared
Services\SecurityFrameworkService\NDISecTool\NDISecTool.exe:
- Point SecurityFramework to the local node:
$ NDISecTool.exe -ssdscert /ssdsurl https://<Hostname of the local node>:8181/SecurityFrameworkService -tofu -o
- Unenroll the remote v1-auth, v1-service v1-ddbmanagement, service:
- Find the exact ID of each service. You can display the service
record by launching, where <ServiceName> is v1-auth, or
v1-service, or v1-ddbmanagement:
$ NDISecTool.exe -findservices -n SecurityFrameworkService -servicename <ServiceName> -endpointurl "https://<Hostname of the remote node>:8181/SecurityFrameworkService"
Save the "Id" field of each displayed service record.
- Run each service v1-auth, v1-service v1-ddbmanagement in
order:
$ NDISecTool.exe -unenrollservice -n SecurityFrameworkService -serviceid <the previously saved service ID>
- Find the exact ID of each service. You can display the service
record by launching, where <ServiceName> is v1-auth, or
v1-service, or v1-ddbmanagement:
- Unenroll all the other services installed on the remote host in the way described above
- The client components on the remote host cannot be unenrolled remotely, so these records will remain in the database and they will not cause any problem.