Powershell 脚本在第一次执行时不运行

Question

我编写了一个 Powershell 脚本，它通过 SCP 将 pfx-Container 下载到 Windows 2019 服务器。 之后它将检查当前安装的服务器证书是否与下载的证书匹配。 如果不匹配，它将用下载的替换它。 这是用新证书替换过时的 Letcencrypt 证书。

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
  /log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
  /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

$winscpResult = $LastExitCode
if ($winscpResult -eq 0)
{
  Write-Host "Successfully downloaded file!"
}
else
{
  Write-Host "Error while downloading file"
  exit $winscpResult
}

$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $LastExitCode
if ($getnewThumbprintResult -eq 0)
{
  Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
  Write-Host "Error retrieving new thumbprint"
  exit $getnewThumbprintResult
}


if ($oldThumbprint -ne $newThumbprint) {
  #Executing the import of new PFX
  Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
  $installCertExitCode = $LastExitCode

  if ($getnewThumbprintResult -eq 0) {
    Write-Host "Installed new certificate"
  } else {
    Write-Host "An error occured while installing new certificate."
    exit $installCertExitCode
  }

} else {
    Write-Host "File has not been changed!"
}

总而言之，这一切都很好，但是当我想创建一个执行计划时发生了奇怪的事情。 首先，无论我尝试了什么，都不会通过 Windows 调度程序执行 sript...

经过仔细检查后，我发现执行 Powershell 脚本时，有时大多数命令都会失败。 我总是在第一次执行时出现在新打开的 Powershell 终端上。

所以会发生以下情况（在同一个 PS 终端中）：

#First attempt:

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password


#Second attempt:

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Successfully got Secure Password!
Successfully got old thumbprint! 
[...]
Successfully downloaded file!
Successfully got new thumbprint! 
Installed new certificate.

我写了一个小批处理文件，其唯一目的是重现调度程序任务的行为：

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -ExecutionPolicy UnRestricted -File C:\Users\user\Desktop\install_cert.ps1

当我执行它时，脚本每次都会失败。

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password

所以我想这是必须解决的问题。

我还删除了在执行“Get-ChildItem -Path Cert:\LocalMachine\My [...]”时导致错误的第一个退出语句。

命令中没有 output，这让我很难调试。

有谁知道这里发生了什么以及如何解决它？

提前致谢！

编辑：

WinSCP 部分工作正常。 错误发生在之前的语句中：

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

正如建议的那样，我尝试替换 WinSCP-Code 并没有解决问题。

Answer 1

将您的 WinSCP 命令重构为此（即，如果您选择不使用 WinSCP .NET 实现）：

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
    '/log="C:\Users\user\Desktop\WinSCP.log"' `
    '/ini=nul' `
    /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

或这个...

$AllArgs = @(
    '/log="C:\Users\user\Desktop\WinSCP.log"',
    '/ini=nul',
    '/command',
    'open sftp://username@server/',
    'get -neweronly /path/to/server.pfx C:\Users\user\Desktop\',
    'exit'
)
 & '$WinScpCmd' $AllArgs

看看这是否适用于第一次运行的用例。 同样，根据我上面的评论，使用Trace-Command来观察正在发生的事情。

Answer 2

好的，我得到了解决方案：

我只是从互联网上找到的脚本中复制了$LastExitCode并认为它就像$? 在 linux 中。 不幸的是，恰好这个完全相同的命令也适用于此。

因此，如果我替换它，脚本可以正常工作：

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $?
if ($getPwResult)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $?
if ($getoldThumbprintResult)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
  /log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
  /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

$winscpResult = $?
if ($winscpResult)
{
  Write-Host "Successfully downloaded file!"
}
else
{
  Write-Host "Error while downloading file"
  exit $winscpResult
}

$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $?
if ($getnewThumbprintResult)
{
  Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
  Write-Host "Error retrieving new thumbprint"
  exit $getnewThumbprintResult
}


if ($oldThumbprint -ne $newThumbprint) {
  #Executing the import of new PFX
  Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
  $installCertExitCode = $?

  if ($installCertExitCode) {
    Write-Host "Installed new certificate"
  } else {
    Write-Host "An error occured while installing new certificate."
    exit $installCertExitCode
  }

} else {
    Write-Host "File has not been changed!"
}

这可以以某种方式解释为什么该脚本会在第二次尝试中运行，因为该变量的设置类似于上面评论中所述的postanote 。

谢谢您的帮助！