PKISolutions
Get-CA connec-CA very slow
Hello, Thank you for your module and the effort you've put in. I'm currently integrating it into an open-source solution. I've noticed that Get-CA (Get-certificationauthority or connect-certificationauthority) is quite slow, as many members have noted, due to DCOM and RPC requests and attempts. I've looked into this first. To avoid this, I'll check if the machine is reachable using a quick test on port 135, then I'll run it, but it's still very slow.
It takes an average of 60 seconds and does not return service state and operating system after wireshark analysis, I found that it is the following two rules of the Windows firewall that pose a problem by activating the requests and instantaneous
Virtual Machine Monitoring (RPC) and Remote Service Management (RPC)
*
You need to enable it on remote server (CA), if this can help someone
I add to automate the processing I launch the command in threads but it is not very easy to do, maybe in the function do tests of the service or remote port in the process of the command to not recover the blocked services and save time because it takes almost 2 minutes per CA out of 5 the module spends 10 minutes for a simple value the following test can help :
`Get-WmiObject -Class Win32_OperatingSystem -ComputerName RemoteServeur
if not response or wating more 2 secondes we can aborted this test on the get-ca, as a suggestion.
Hi,
To avoid this, I'll check if the machine is reachable using a quick test on port 135
this is not sufficient to ensure CA DCOM interface availability, because they run inside 135 port and may be unavailable even if TCP 135 is open.
Remote Service Management (RPC)
you are right, RPC firewall exceptions are required for PSPKI to work remotely.
Get-WmiObject -Class Win32_OperatingSystem -ComputerName RemoteServeur
it alone doesn't tell if CA DCOM interfaces are available, which would add their own delays even if this command succeeds.
