stackoom
  简体   繁体   中英

ConvertTo-SecureString - Key not valid for use in specified state After Reboot

 原文  2015-02-28 00:28:27       windows/ powershell

Question

I have a Powershell script that's been running from months using a password stored as a secure string in a file. When I went to run the script today I started receiving the "Key not valid for use in specified state". The script is invoked by a scheduled task run by an active directory domain account. The account didn't change, and the only event I'm aware of was a server reboot. What could cause this issue to happen?

Converting my data back into a secure string again resolved the issue, but I'm puzzled as to why it happened in the first place.

I create the password file via: 

Write-Host "Please enter the filename where you'd like to store the password:"
$passwordFile = Read-Host
Write-Host "Please enter the ftp password and press enter:"
read-host -AsSecureString | ConvertFrom-SecureString | Out-File $passwordFile
Write-Host "Your Password File ($passwordFile) has been created."

I retrieve the password from the file like so: 

$FTPPassword = Get-Content $FTPPasswordFilePath
$script:FTPCredObj = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $FTPUserName,($FTPPassword | ConvertTo-SecureString)

I did notice errors in the event log pertaining to the user profile:

"Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."

I did RDP in as the task user to update the file containing the secure string, and I didn't notice any profile errors after that.

1 answers

solution1
 3 ACCPTED  2015-02-28 01:09:44

If you're logged on with a temporary profile, you don't have access to resources that live in your profile. This will include the encryption key that is used to encrypt and decrypt PowerShell secure strings.

So the underlying problem is whatever is causing your profile to fail to load. (That's not a programming issue, so you should talk to your system administrators - or if that's you, you could ask over at Super User or Server Fault.)

Note that the problem will recur the next time you log out and back in, because you've now encrypted the password with a key that is only stored in the temporary profile, which will be discarded when you log out.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ConvertTo-SecureString how to use use password from file Powershell ConvertTo-SecureString ObjectNotFound Using ConvertTo-SecureString issues: Can I reset multiple ADUC passwords using powershell? Safe ways to retain an encryption key in a local service memory after a reboot? IIS Media Services publish point state after machine reboot Must reboot after changing PATH Registry entry is deleted after reboot USB Share lost after reboot How to use a Chef Windows reboot resource to reboot only once Cannot use Python's pip on Windows 8. “specified executable is not a valid application for this os platform”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM