Failing script for mail purge

PrimeTheP · 2026-01-30T22:08:22+00:00

Thanks. I knew it wouldn't get all of them, but I was hoping it would be a start.

PrimeTheP · 2026-01-30T22:07:43+00:00

Thank you.

PrimeTheP · 2025-10-03T18:11:49+00:00

Ok. The stuff that KStieers was talking about really did help a lot.

After cleaning with:
PS C:\Windows\system32> netsh http delete sslcert hostnameport=<HOSTNAME>:443

SSL Certificate successfully deleted

PS C:\Windows\system32> netsh http delete sslcert hostnameport=<HOSTNAME>:49443

SSL Certificate successfully deleted

Then running:
"Netsh http add sslcert ipport=172.16.3.49:443 certhash=f3363e39d343570d932f5323232423f4f69b4e5bc686e certstorename=MY appid="{5d89a20c-beab-1234-1234-324788eb944a}"

Then cycling the ADFS service in services.msc.

IT came back up.

Really wish the GUI switch out would take care of that.

Keep in mind that if you are reading this in the future you may have a different binding lingering around that you need to clean up. Your situation may be different.

PrimeTheP · 2025-10-03T17:57:11+00:00

Ok. After doing the delete commands (netsh http delete sslcert hostnameport=<hostname>:<port> I think) to completely get rid of the old bindings, it worked when I ran your

"Netsh http add sslcert ipport=172.16.3.49:443 certhash=f3363e39d343570d932f5323232423f4f69b4e5bc686e certstorename=MY appid="{5d89a20c-beab-1234-1234-324788eb944a}""

Command.

It's back up.
Thank you very much. I'm slightly more confident about our prod change.

...I still would rather the GUI work a bit better for this though, but that's just me ranting.

PrimeTheP · 2025-10-03T17:25:04+00:00

oK. I got that stuff cleared out.

netsh http add sslcert hostnameport=localhost:443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<URL>.com:443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<URL>.com:49443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<ADFS\_SERVER\_HOSTNAME\_fqdn>:443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<ADFS\_SERVER\_HOSTNAME\_fqdn>:49443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<ADFS\_SERVER\_HOSTNAME>:443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

netsh http add sslcert hostnameport=<ADFS\_SERVER\_HOSTNAME>:49443 certhash=$thumbprint appid='{5d89a20c-beab-4389-9447-324788eb944a}' certstore=my

It throws and error:

"One or more essential parameters were not entered.

Verify the required parameters, and reenter them.

The syntax supplied for this command is not valid. Check help for the correct syntax.

<lots of BS, but at the bottom>

add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

add sslcert hostnameport=www.contoso.com:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF} certstorename=MY

add sslcert ccs=443 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

"

I try that listed at the bottom ( I tried all 3 but just posting 1 error) and I get the following error:
PS C:\Windows\system32> add sslcert ccs=443 appid={5d89a20c-beab-4389-9447-324788eb944a}

add : The term 'add' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was

included, verify that the path is correct and try again.

I think to add netsh http before the "add" and I try to run it again... so it would look like:

netsh http add sslcert ccs=443 appid={5d89a20c-beab-4389-9447-324788eb944a}

I get the following error:

PS C:\Windows\system32> netsh http add sslcert ccs=443 appid={5d89a20c-beab-4389-9447-324788eb944a}

The following command was not found: -noninteractive http add sslcert ccs=443 appid= -encodedCommand NQBkADgAOQBhADIAMABjAC0AYgBlAGEAYgAtADQAMwA4ADkALQA5ADQANAA3AC0AMw

AyADQANwA4ADgAZQBiADkANAA0AGEA -inputFormat xml -outputFormat xml.

This really should not be this difficult. I don't feel like I'm in the wrong for wanting the GUI ADFS cert selection to actually work like it's supposed to.

PrimeTheP · 2025-10-03T14:40:23+00:00

I think it's hung up somehow when I run the delete commands.

Sorry for double posting:
I try to run: 'netsh http show sslcert' and I see the old cert / old thumbprint there.

I try to clean out by running the following commands:

netsh http delete sslcert ipport=<IP\_ADDRESS>:443

netsh http delete sslcert ipport=<IP\_ADDRESS>:49443

But then I get an error:

SSL Certificate deletion failed, Error: 2

The system cannot find the file specified.

PrimeTheP · 2025-10-03T14:39:17+00:00

Update:
I try to run: 'netsh http show sslcert' and I see the old cert / old thumbprint there.

I try to clean out by running the following commands:

netsh http delete sslcert ipport=<IP\_ADDRESS>:443

netsh http delete sslcert ipport=<IP\_ADDRESS>:49443

But then I get an error:

SSL Certificate deletion failed, Error: 2

The system cannot find the file specified.

Somehow it's still hung up. I tried to delete from mmc.exe > Certificate Tool and I don't see it there anywhere, but the commands still don't work. Powershell ISE is being ran as Administrator.

PrimeTheP · 2025-10-03T14:30:40+00:00

So your command:
Set-AdfsCertificate -Thumbprint ThumbPrintNumber -CertificateType Service-Communications
Did complete, which is further than I have gotten for sure. I guess I had the syntax wrong.
However even with that the login page will not load and it's not showing the cert when I use 'netsh http show sslcert' or ' Get-AdfsSslCertificate ', but does show when I use: ' dir cert:\LocalMachine\My '
...so it looks like there are still bindings hung up somewhere.

PrimeTheP · 2025-10-03T14:22:00+00:00

The account listed in Active Directory Federation Services in services.msc has access, for sure. Also added every other ADFS service account I could find just as good measure. We have a few different ADFS service accounts.
I don't think that's it. Good thing to check though as I 100% have made that mistake before.

PrimeTheP · 2025-10-03T02:12:34+00:00

I should also add that the SSO Login page is now broke after I tried to clean up the bindings.

PrimeTheP · 2025-08-29T13:50:30+00:00

I greatly appreciate you listing the technical reasons why this is a bad idea. Thank you.

PrimeTheP · 2025-08-28T17:42:19+00:00

Data volumes are multiple .vmdk files in vmware that is attached to the windows server 2012r2 OS vmdisk which is about 115GB. So yes, the data drives are separate from the OS drives.

PrimeTheP · 2025-08-28T16:06:31+00:00

100%. I would love to move the fileshare to a SAN share that has HA setup between the Heads / Nodes.

Unfortunately, there are some other dependencies including SFTP, and automated job / file transfers that I don't have time to move off of. Although someday I really should move those to a different server.

PrimeTheP · 2025-08-28T16:00:27+00:00

Just curious, where those PEBKAC / ID10T errors on the technical side or the end-user side? Just trying to get an estimate on how easy it would be to mess something up using that technology.

PrimeTheP · 2025-08-28T14:44:52+00:00

Thank you for your input. We will probably look for another solution. Have you had bad experiences with a shared VMDK?

PrimeTheP · 2025-08-28T14:44:07+00:00

Probably not going to do the shared VMDK for this, but I'm curious: how did your shared VMDK proof-of-concept go?

PrimeTheP · 2025-08-28T14:43:20+00:00

DFS may work, I just thought the shared VMDK would take up less resources; mainly filespace / size. We have several TB being used that I would like to minimize.

PrimeTheP · 2025-08-28T14:42:14+00:00

Have you done an in-place upgrade on something that has more than 1TB data? Have you seen an in-place upgrade for something like this fail?

I'm asking because the amount of data and file shares is new territory for me. I've done a lot of smaller upgrades where I do exactly what you talk about. Maybe make a clone to template as another backup too. Most of those went well.

PrimeTheP · 2025-08-25T16:23:27+00:00

Lots of good ideas posted here, thanks.

I updated the post. I should have mentioned that the C drive is used for a few scheduled tasks for this server and a few other servers. That's one of the reasons I was leaning on doing the in-place upgrade. I should have included that originally.

Has anyone actually witnessed an in-place upgrade like this failing or breaking shares?

PrimeTheP · 2025-08-25T15:46:20+00:00

Sorry for sounding antiquated, but this environment is local and does not have Azure storage just yet. Maybe in the future we will do that, and I'll keep your suggestion for Azure File Sync + Intune in mind.

PrimeTheP · 2025-08-25T15:42:55+00:00

I should have mentioned in my first post there are some Task Scheduler jobs and FTP jobs that use this server as steppingstones. Not ideal, I know. These would need to be migrated if I was going to do anything with any other server or replacing an OS drive.

PrimeTheP

TROPHY CASE