CPU usage is too high with Yosemite and an external monitor, kernel_task spikes to 600%+

After reading number of blog and days of internet search, the solution worked for me. The kernel will keep looping some very simple tasks, e.g. getting the date, therefore ‘consuming’ (with the highest priority) the majority of the CPU in a bid to cool the system down.

The solution mentions on other blog about removing ACPI_SMC_PlatformPlugin.kext, under /System/Library exist many kernel extensions, and the relevant one is the IOPlatformPluginFamily.kext.  There suggestion was to disable the plist for your model of computer that was located in that kext’s Contents/PlugIns/ACPI_SMC_PlatformPlugin.kext (a sub kext!).  First, My MacBook Pro didn’t have a relevant plist, and second, disabling that entire kext (simply by renaming it to something else so Mac OS X wouldn’t find and load it) did not help, this should work for earlier Macs, not for newer Mac.

I have tried many things, but this works.

  1. Disable kext by renaming it
    cd /System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/Plugins
    sudo mv X86PlatformShim.kext X86PlatformShim.kext.disabled
  2. Clear kext cache (not sure if this is needed)
    touch /System/Library/Extensions/
  3. Restart

You may get Operation not permitted error. Apple has enabled a new default security oriented featured called System Integrity Protection.

Turning Off Rootless System Integrity Protection in OS X El Capitan 10.11 +

Again, the vast majority of Mac users should not disable rootless. Disabling rootless is aimed exclusively at advanced Mac users. Do so at your own risk, this is not specifically recommended.

  1. Reboot the Mac and hold down Command + R keys simultaneously after you hear the startup chime, this will boot OS X into Recovery Mode
  2. When the “OS X Utilities” screen appears, pull down the ‘Utilities’ menu at the top of the screen instead, and choose “Terminal”
  3. Type the following command into the terminal then hit return:

csrutil disable; reboot

  1. You’ll see a message saying that System Integrity Protection has been disabled and the Mac needs to restart for changes to take effect, and the Mac will then reboot itself automatically, just let it boot up as normal

You can also issue the command by itself without the automatic reboot like so:

csrutil disable

The trust relationship between this workstation and the primary domain failed

If you know the local admin password you can login to server then user netdom.exe to reset the password if you don’t have local admin password then unplug the network login using cached credential then plug the network and use netdom.exe to reset the machine password.

netdom.exe resetpwd /s:<server> /ud:<user> /pd:*

<server> = a domain controller in the joined domain

<user> = DOMAIN\User format with rights to change the computer password

An error occurs in Microsoft Dynamics CRM using Claims Based Authentication

In ADFS Management Console update the Federation metadata URLs and do an IIS reset on CRM server. Next, restart the ADFS service.

If above steps do not resolve the issue please follow below steps:-

1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication

2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same

4. Re-configure IFD through the Microsoft Dynamics CRM Deployment Manager

5. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

6. In ADFS Management Console on the ADFS server, update the corresponding Federation Metadata URLs

a. Go to the ADFS Server and open the ADFS management Console

b. Click Relying Party Trusts to display the internal and external relying party trusts

c. Right-click each and select Update Federation Metadata

d. Go to the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

e. Next, browse to Service on the ADFS server and restart the ADFS service

This also resolved few other issue below.

High CPU Usage on Microsoft CRM 2015 and Microsoft CRM 2015 Email Router Server

When renewing Expired AD FS 2.0 Token Signing Certificates, Depending on your AD FS configuration you may have automatic certificate rollover enabled.  This can be checked via Get-ADFSProperties

To configure automatic rollover:

Set-ADFSProperties -AutoCertificateRollover $true

reboot the server.

How to recover file from Crypto locker or Ransomware using shadow copy

First list all the shadow copy you have using vssadmin list shadows command as below

C:\resources\dosdev\dosdev\x86>vssadmin list shadows

After you run the command if you have any shadow copy it will show the result as below, if you get the result similar to below then download a copy of dosdev.exe, just google ‘dosdev.exe download’ you will need that to mount the shadow copy as drive letter.

Contents of shadow copy set ID: {85e1a1e5-e6dd-4479-ab11-769930317777} Contained 1 shadow copies at creation time: 30/11/2015 7:00:04 AM Shadow Copy ID: {c152023d-6a53-46a5-ae90-eac06d7b1f0d} Original Volume: (S:)\\?\Volume{1d09abf5-50bb-4619-ae1a-582285e37e1f}\ Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy62 Originating Machine: Service Machine: Provider: ‘Microsoft Software Shadow Copy provider 1.0’ Type: ClientAccessible Attributes: Persistent, Client-accessible, No auto release, No writers, Differential Contents of shadow copy set ID: {b1ceef12-fa9a-4aae-961a-1212df929c27}

I have underlined the time of shadow copy that I want to restore then copy the path of shadow copy. Navigate to directory where dosdeve.exe is and type dosdev v: then then paste the link you copied, see example below.

C:\resources\dosdev\dosdev\x86>dosdev v: \\?\GLOBALROOT\Device\HarddiskVolumeSha dowCopy62

You should get result as below

v:: The operation completed successfully.

then change the directory to V:

C:\resources\dosdev\dosdev\x86>dir v:
Volume in drive V is Studio1
Volume Serial Number is 18FA-38CD
Directory of V:\

now I have the shadowcopy as drive I can start robocopy, there are different robocopy command you can use 2 examples below, one copy everything other copy only the changes

V:\>robocopy “SKETCHUP VERSION 8″ S:\new /S /E /COPYALL /ZB /NP /MT:20 /R:3 / W:30 /LOG:”c:\resources\HR.log”

Log File : c:\resources\HR.log

V:\Studio 1\JOBS\STUDIO\SKYIT\Skyit Rainforest\05_SRR Ede Project\CREATIVE\3D>ro bocopy “SKETCHUP” S:\new /S /E /COPYALL /ZB /NP /MT:20 /R:3 /W:30 /LOG:”c:\resou rces\HR.log”

Log File : c:\resources\HR.log

There is bit more you can do with robocopy the files from your shadow copy.

One of my client had Crypto Locker virus with extension .zepto and encrypted number of different directory in shared drive. This is what I have done to recover, first logged on to the server did a search for *.zepto on the top level drive, in my case it was D:\ then I copied the search result to text file, it sound simple to copy search result to text file, if you haven’t done this before then how do you do it. You select the first line of search scroll to last line then ->hold shift and right click -> you get drop down menu select “Copy as Path” then you can open a notepad and paste.

now you have all the path in text file. using the dosdev process as above, I mounted the shadow copy that I want to copy from then run the robocopy command as below,

robocopy /e “V:\dfs\Data\SHARED\PROJECTS” “D:\dfs\Data\SHARED\PROJECTS” /log:c:\project.txt /tee

use this if you have access denied error

robocopy /e /ZB “V:\DFS\WaysOfWorking” “D:\DFS\WaysOfWorking” /log:c:\wayofworking.txt /tee

What this does is check all files and folder copy anything missing or different. I tried going to previous version in windows and browsing the copy then copy the file I needed but for this huge amount of data 10TB, didn’t wanted to do folder by folder also when it hit long file name or path then it stop copying, robocopy is the only way I found to be accurate.

Then I gone back to my search and deleted all the files that ware highlighted.

or you can use command prompt
c:\>del *.zepto /a /s

  • c:\>del *HELP_instructions.html /a /s

Mac’s and serial TTY’s (Using usb to serial adapter with MAC)


It’s not actually necessary to download an install extra software, as you can use the Mac OS X built in Terminal and screen. Screen lacks some features, but it does include VT100/ANSI terminal emulation, and can be extremely useful.

  1. Open an OS X terminal session (window)
  2. Find the right TTY device. Type: ls /dev/cu.*

With the USB-Serial adapter plugged in, you’ll get a list, including something like this:

$ ls /dev/cu.*
/dev/cu.Bluetooth-Modem		/dev/cu.iPhone-WirelessiAP
/dev/cu.Bluetooth-PDA-Sync	/dev/cu.usbserial

The 'man screen' page

  1. Then type: screen /dev/cu.usbserial 9600 (in this example).


    The 9600 at the end is the baud rate. You can use any standard rate,


    eg, 9600, or 19200 for a Sig Server!

  1. To quit the screen app, type CTRL-A, then CTRL-.

Type man screen in Terminal for further information on screen. (use ‘enter’ or ‘space’ to scroll, and ‘q’ to quit).

Running Microsoft Security Essentials on Server 2012

What to do

Here’s what needs to be done to get things up and running on Server 2012. First go here and download Security Essentials. Once downloaded right click on the (mseinstall.exe) executable en choose properties. Locate the ‘Compatibility’ tab and go to the ‘Compatibility mode’ section (see first screenshot below). Check “Run this program in compatibility mode for:” and select Windows 7 from the dropdown menu. Next, open up a command prompt and run it with administrative privileges. And finally ‘Browse’ to where you stored SE and run the (mseinstall.exe) executable with the additional /disableoslimit parameter. Below is a screenshot of how this will look.


Command Prompt

Outlook on a Mac Keeps asking for password

I have deleted/repaired keychain but nothing has worked.

It does save password for a few hours, but then forgets it.

For Exchange I had this problem and a few others – this is how I fixed it:

Take a note of exchange server settings in Outlook->Preference, select the account click advance.

Locate your account setup file here: ~/Library/Group Containers/xxxx.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Exchange Accounts/xx/
(the file will not have any extension)

Delete the file, then go back to outlook and type the exchange server setting. This worked for me.

How do you locate my account set up file? who may not be familiar with macs, this is what you do:

  1. Open outlook
  2. Change the server
  3. Quit outlook (as the auto discover can work at any time and you may lock the file in the wrong state)
  4. Click on Spotlight Search the hour glass in the top right hand corner
  5. Type in ~/Library/Group Containers/
  6. Go through the directories until you come to the last folder indicated above.
  7. The file will not have an extension but will end in “ExchangeAccount”
  8. Right click on the file
  9. Select “get Info”
  10. check the “Locked” box
  11. Open outlook

If you are prompted for a password, even though you know it is there and correct, maybe insert the server without the “https://” proceeding it, then repeat the steps above.

RSOP – Invalid Name Space

RSOP – Invalid Name Space

Recently had an issue where an entire site was not downloading domain policies. After a thorough search and different attempts to fix the issue below batch file fixed the issue:

Windows Management Instrumentation fails due to receiving an event or error concerning missing or failure to load WMI Provider, or Invalid WMI class, or WMI Invalid Namespace.

Below are some common errors indicating issues with a WMI Provider or Class:

  • Failed to initialize all required WMI classes
  • Win32_processor: WMI: Invalid namespace
  • Win32_WMISetting: WMI: Invalid namespace
  • Win32_OperatingSystem: WMI: Invalid namespace
  • WBEM_E_NOT_FOUND 0x80041002
  • WBEM_E_INVALID_CLASS 0x80041010

Scenario 1: WMI Invalid Namespace

First we want to take any scripts or programs out of the equation by using local built in tools. The two most common tools used to check wmi functionality is the WMI console (winmgmt.msc) and Wbemtest (Windows Management Instrumentation Tester).

Ensure the Namespace in question actually exist and functional.

  1. Go to start-run and type in wmimgmt.msc
  2. Right click on Local Wmi Control (Local)and select properties
  3. On the general tab, if there is any failures noted on that box, that indicates a core WMI issue and most likely with the Cimv2namespace.
  4. Click on the Security tab and expand Root folder. This is where you will see all of the namespace listed for WMI
  5. Find the namespace referenced in the error message you are getting
  6. If you find the namespace is missing, do the following,

7. Go to start-run and type in wbemtest

8. Click on the “Connect Button

9. In the Namespace Box type in the path to the namespace for which getting invalid namespace error for. This path would have the same look and feel of a Windows Directory, so just as you see the structure in wmimgmt.msc console on the Securitytab, so is how you will type in path



10. Click on the “Connect” button

11. Now all of the buttons should no longer be greyed out on the main wbemtest console page. Click on the “Enum Classes” button

12. Leave “Enter Superclass Name” blank and select “Recursive” then click OK. If you don’t get any error messages then you can access the name successfully without issue using built in Windows Management Instrumentation Tester

13. To test further, let’s see if we can access some classes.

make the following into a batch file

net stop winmgmt
cd c:\windows\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mflfor /f %%s in (‘dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (‘dir /b *.mof’) do mofcomp %%s
for /f %%s in (‘dir /b *.mfl’) do mofcomp %%smofcomp exwmi.mof
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof

mofcomp exmgmt.mof

After running this re-run the GPUPDATE /force

Transfer Files Between Physical and Virtual Host on Hyper-V

Hyper-V users, there isn’t an easy way like what VMware is offering, however the following 5 ways should solve your problems.

Network File Sharing – Share files on a network like you usually do… 

1. On the virtual machine, create a folder on Desktop or any directory you preferred and give it a name.
2. Right click folder and select “Properties”
3. Select “Sharing” tab and click “Advanced Sharing…”
4. Tick “Share this folder” and select “Permissions”.
5. Give “Everyone” permissions like it shown on below picture.

6. Select OK to finish the sharing process.
7. Now what you need to do is, go back to your physical machine and access the shared folder by typing the “\computernameshared folder”.
8. Once you are on it and simply copy files over to the shared drive and it will start appearing on the virtual machine’s shared folder.

Remote Desktop map drive

1. Enable the Remote Desktop service on the virtual machine Server 2012 or other Windows OS, just make sure the Remote Desktop Service it is enabled so it can accept the service from client machine.
2. On Windows Server 2012 R2 to enabled Remote Desktop Service, go to “Server Manager” -> select “Local Server” from the left hand side menu.

3. Enable Remote Desktop by click on it, select “Allow remote connections to this computer” and un-tick the Recommended setting.

4. Now restart the virtual machine Server 2012.
5. Once the virtual machine Server 2012 is back and running, connect to the VM Server 2012 using Remote Desktop Connection.

6. On Remote Desktop Connection windows click “Local Resources”, under “Local devices and resources” tab click on “More”, expand “Drives” list and tick the drive you wanted to map.

7. Click OK and connect! Now see what you have on “My computer”!

8. Drag any files to the local drive on your PC and those files will appear on the Cloud VM server mapped drive.

Hyper-V USB offline

1. Make sure you have plugged the USB drive you are going to use to the computer.
2. Go to Start-> Control Panel -> Administrative Tools -> Computer Management
3. Select “Disk Management” from the left hand side menu
4. Right click the USB Drive and select “Offline”


5. Go to Hyper-V Manager and shutdown the running virtual machine
6. Right click the virtual machine and select “Settings”.
7. Select “SCSI Controller” and click “Add” a hard drive

8. Now select “Physical hard disk:” the USB drive you have just took offline on Disk Management.


9. Click “Apply” and OK to finish.
10. Start up the virtual machine and you should have the USB drive appeared on “My Computer”.

Migrating The Active Directory Certificate Service From Windows Server 2003 to 2012 R2

As you may be aware, support for both Windows Server 2003 and 2003 R2 is coming to end on July 14th 2015. With this in mind, IT professionals are in midst of planning migration. This guide will provide steps on migrating AD CS from Windows Server 2003 to Windows Server 2012 R2.

In this demonstration I am using following setup.

Server Name Operating System Server Roles
canitpro-casrv.canitpro.local Windows Server 2003 R2 Enterprise x86 AD CS ( Enterprise Certificate Authority )
CANITPRO-DC2K12.canitpro.local Windows Server 2012 R2 x64

Step 1: Backup Windows Server 2003 certificate authority database and its configuration

1. Log in to Windows 2003 Server as member of local administrator group

2. Go to Start > Administrative Tools > Certificate Authority


3. Right Click on Server Node > All Tasks > Backup CA


4. Then it will open the “Certification Authority Backup Wizard” and click “Next” to continue


5. In next window click on check boxes to select options as highlighted and click on “Browse” to provide the backup file path location where it will save the backup file. Then click on “Next” to continue


6. Then it will ask to provide a password to protect private key and CA certificate file. Once provided the password click on next to continue


7. In next window it will provide the confirmation and click on “Finish” to complete the process

Step 2: Backup CA Registry Settings

1. Click Start > Run and then type regedit and click “Ok”


2. Then expand the key in following pathHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCertSvc

3. Right click on “Configuration” key and click on “Export”


4. In next window select the path you need to save the backup file and provide a name for it. Then click on save to complete the backup


Now we have the backup of the CA and move these files to the new windows 2012 R2 server.


Step 3: Uninstall CA Service from Windows Server 2003

Now we have the backup files ready and before configure certificate services in new Windows Server 2012 r2, we can uninstall the CA services from windows 2003 server. To do that need to follow following steps.

1. Click on Start > Control Panel > Add or Remove Programs

2. Then click on “Add/Remove Windows Components” button

3. In next window remove the tick in “Certificate Services” and click on next to continue

4. Once its completed the process it will give the confirmation and click on “Finish”

With it we done with Windows Server 2003 CA services and next step to get the Windows Server 2012 CA services install and configure.

Step 4: Install Windows Server 2012 R2 Certificate Services

1. Log in to Windows Server 2012 as Domain Administrator or member of local administrator group

2. Go to Server Manager > Add roles and features

3. It will open up “Add roles and feature” wizard and click on next to continue

4. Then next window select “Role-based or Feature-based installation” and click next to continue

5. From the server selections keep the default selection and click on next to continue

6. In next window click on tick box to select “Active Directory Certificate Services” and it will pop up with window to acknowledge about required features need to be added. Click on add features to add them

7. Then in features section will let it run with default. Click next to continue

8. In next window, it will give brief description about AD CS. Click next to continue

9. Then it will give option to select roles services. I have selected Certificate Authority and Certification Authority Web Enrollment. Click next to continue

10. Since Certification Authority Web Enrollment selected it will required IIS. So next window it will give brief description about IIS

11. Then in next window it gives option to add IIS role services. I will leave it default and click next to continue

12. Next window will give confirmation about service install and click on “Install” to start the installation process

13. Once installation completes you can close the wizard.

Step 5: Configure AD CS

In this step will look in to configuration and restoring the backup we created.

1. Log in to server as Enterprise Administrator

2. Go to Server Manager > AD CS

3. In right hand panel it will show message as following screenshot and click on “More”

4. It will open up window and click on “Configure Active Directory Certificate Service ……”

5. It will open role configuration wizard, it gives option to change the credential, in here I already log in as Enterprise administrator so I will leave the default and click next to continue

6. In next window it asking which service you like to configure. Select “Certification Authority”, “Certification Authority Web Enrollment” options and click next to continue

7. It will be Enterprise CA so in next window select the Enterprise CA as the setup type and click next to continue

8. Next window select “Root CA” as the CA type and click next to continue

9. The next option is very important on the configuration. If its new installation we will only need to create new private key. But since it’s a migration process we already made a backup of private key. So in here select the options as highlighted in screenshot. Then click on next to continue

10. In next window click on “Import” button

11. In here it will give option to select the key we backup during the backup process from windows 2003 server. Brows and select the key from the backup we made and provide the password we used for protection. Then click ok

12. Then it will import the key successfully and in window select the imported certificate and click next to continue

13. Next window we can define certificate database path. In here I will leave it default and click next to continue

14. Then in next window it will provide the configuration confirmation and click on configure to proceed with the process

15. Once its completed click on close to exit from the configuration wizard

Step 6: Restore CA Backup

Now it’s comes to the most important part of the process which is to restore the CA backup we made from Windows Server 2003.

1. Go To Server Manager > Tools > Certification Authority

2. Then right click on server node > All Tasks > Restore CA

3. Then it will ask if it’s okay to stop the certificate service in order to proceed. Click ok

4. It will open up Certification Authority Restore Wizard, click next to continue

5. In next window brows the folder where we stored backup and select it. Then also select the options as I did in below. Later click next to continue

6. Next window give option to enter the password we used to protect private key during the backup process. Once its enter click next to continue

7. In next window click “Finish” to complete the import process

8. Once its completed system will ask if it’s okay to start the certificate service again. Please proceed with it to bring service back online

Step 7: Restore Registry info

During the CA backup process we also backup registry key. It’s time to restore it. To do it open the folder which contains the backup reg key. Then double click on the key.

1. Then click yes to proceed with registry key restore

2. Once completed it will give confirmation about the restore

Step 8: Reissue Certificate Templates

We have done with the migration process and now it’s time to reissue the certificates. I had template setup in windows 2003 environment called “PC Certificate” which will issue the certificates to the domain computers. Let’s see how I can reissue them.

1. Open the Certification Authority Snap-in

2. Right click on Certificate Templates Folder > New > Certificate Template to Reissue

3. From the certificate templates list click on the appropriate certificate template and click ok

Step 9: Test the CA

In here I already had certificate template setup for the PC and set it to auto enroll. For the testing purposes I have setup windows 8 pc called demo1 and added it to canitpro.local domain. Once it’s loaded first time in server I open certification authority snap in and once I expanded the “Issued Certificate” section I can clearly see the new certificate it issued for the PC.


So this confirms the migration is successful.