[英]Powershell script doesn't run on first execution
我编写了一个 Powershell 脚本,它通过 SCP 将 pfx-Container 下载到 Windows 2019 服务器。 之后它将检查当前安装的服务器证书是否与下载的证书匹配。 如果不匹配,它将用下载的替换它。 这是用新证书替换过时的 Letcencrypt 证书。
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
/log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
$winscpResult = $LastExitCode
if ($winscpResult -eq 0)
{
Write-Host "Successfully downloaded file!"
}
else
{
Write-Host "Error while downloading file"
exit $winscpResult
}
$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $LastExitCode
if ($getnewThumbprintResult -eq 0)
{
Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
Write-Host "Error retrieving new thumbprint"
exit $getnewThumbprintResult
}
if ($oldThumbprint -ne $newThumbprint) {
#Executing the import of new PFX
Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
$installCertExitCode = $LastExitCode
if ($getnewThumbprintResult -eq 0) {
Write-Host "Installed new certificate"
} else {
Write-Host "An error occured while installing new certificate."
exit $installCertExitCode
}
} else {
Write-Host "File has not been changed!"
}
总而言之,这一切都很好,但是当我想创建一个执行计划时发生了奇怪的事情。 首先,无论我尝试了什么,都不会通过 Windows 调度程序执行 sript...
经过仔细检查后,我发现执行 Powershell 脚本时,有时大多数命令都会失败。 我总是在第一次执行时出现在新打开的 Powershell 终端上。
所以会发生以下情况(在同一个 PS 终端中):
#First attempt:
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password
#Second attempt:
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Successfully got Secure Password!
Successfully got old thumbprint!
[...]
Successfully downloaded file!
Successfully got new thumbprint!
Installed new certificate.
我写了一个小批处理文件,其唯一目的是重现调度程序任务的行为:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -ExecutionPolicy UnRestricted -File C:\Users\user\Desktop\install_cert.ps1
当我执行它时,脚本每次都会失败。
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password
所以我想这是必须解决的问题。
我还删除了在执行“Get-ChildItem -Path Cert:\LocalMachine\My [...]”时导致错误的第一个退出语句。
命令中没有 output,这让我很难调试。
有谁知道这里发生了什么以及如何解决它?
提前致谢!
编辑:
WinSCP 部分工作正常。 错误发生在之前的语句中:
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
正如建议的那样,我尝试替换 WinSCP-Code 并没有解决问题。
将您的 WinSCP 命令重构为此(即,如果您选择不使用 WinSCP .NET 实现):
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
'/log="C:\Users\user\Desktop\WinSCP.log"' `
'/ini=nul' `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
或这个...
$AllArgs = @(
'/log="C:\Users\user\Desktop\WinSCP.log"',
'/ini=nul',
'/command',
'open sftp://username@server/',
'get -neweronly /path/to/server.pfx C:\Users\user\Desktop\',
'exit'
)
& '$WinScpCmd' $AllArgs
看看这是否适用于第一次运行的用例。 同样,根据我上面的评论,使用Trace-Command
来观察正在发生的事情。
好的,我得到了解决方案:
我只是从互联网上找到的脚本中复制了$LastExitCode
并认为它就像$?
在 linux 中。 不幸的是,恰好这个完全相同的命令也适用于此。
因此,如果我替换它,脚本可以正常工作:
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $?
if ($getPwResult)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $?
if ($getoldThumbprintResult)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
/log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
$winscpResult = $?
if ($winscpResult)
{
Write-Host "Successfully downloaded file!"
}
else
{
Write-Host "Error while downloading file"
exit $winscpResult
}
$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $?
if ($getnewThumbprintResult)
{
Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
Write-Host "Error retrieving new thumbprint"
exit $getnewThumbprintResult
}
if ($oldThumbprint -ne $newThumbprint) {
#Executing the import of new PFX
Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
$installCertExitCode = $?
if ($installCertExitCode) {
Write-Host "Installed new certificate"
} else {
Write-Host "An error occured while installing new certificate."
exit $installCertExitCode
}
} else {
Write-Host "File has not been changed!"
}
这可以以某种方式解释为什么该脚本会在第二次尝试中运行,因为该变量的设置类似于上面评论中所述的postanote 。
谢谢您的帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.