Powershell 腳本在第一次執行時不運行

Question

我編寫了一個 Powershell 腳本，它通過 SCP 將 pfx-Container 下載到 Windows 2019 服務器。 之后它將檢查當前安裝的服務器證書是否與下載的證書匹配。 如果不匹配，它將用下載的替換它。 這是用新證書替換過時的 Letcencrypt 證書。

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
  /log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
  /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

$winscpResult = $LastExitCode
if ($winscpResult -eq 0)
{
  Write-Host "Successfully downloaded file!"
}
else
{
  Write-Host "Error while downloading file"
  exit $winscpResult
}

$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $LastExitCode
if ($getnewThumbprintResult -eq 0)
{
  Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
  Write-Host "Error retrieving new thumbprint"
  exit $getnewThumbprintResult
}


if ($oldThumbprint -ne $newThumbprint) {
  #Executing the import of new PFX
  Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
  $installCertExitCode = $LastExitCode

  if ($getnewThumbprintResult -eq 0) {
    Write-Host "Installed new certificate"
  } else {
    Write-Host "An error occured while installing new certificate."
    exit $installCertExitCode
  }

} else {
    Write-Host "File has not been changed!"
}

總而言之，這一切都很好，但是當我想創建一個執行計划時發生了奇怪的事情。 首先，無論我嘗試了什么，都不會通過 Windows 調度程序執行 sript...

經過仔細檢查后，我發現執行 Powershell 腳本時，有時大多數命令都會失敗。 我總是在第一次執行時出現在新打開的 Powershell 終端上。

所以會發生以下情況（在同一個 PS 終端中）：

#First attempt:

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password


#Second attempt:

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Successfully got Secure Password!
Successfully got old thumbprint! 
[...]
Successfully downloaded file!
Successfully got new thumbprint! 
Installed new certificate.

我寫了一個小批處理文件，其唯一目的是重現調度程序任務的行為：

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -ExecutionPolicy UnRestricted -File C:\Users\user\Desktop\install_cert.ps1

當我執行它時，腳本每次都會失敗。

PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password

所以我想這是必須解決的問題。

我還刪除了在執行“Get-ChildItem -Path Cert:\LocalMachine\My [...]”時導致錯誤的第一個退出語句。

命令中沒有 output，這讓我很難調試。

有誰知道這里發生了什么以及如何解決它？

提前致謝！

編輯：

WinSCP 部分工作正常。 錯誤發生在之前的語句中：

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

正如建議的那樣，我嘗試替換 WinSCP-Code 並沒有解決問題。

Answer 1

將您的 WinSCP 命令重構為此（即，如果您選擇不使用 WinSCP .NET 實現）：

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
    '/log="C:\Users\user\Desktop\WinSCP.log"' `
    '/ini=nul' `
    /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

或這個...

$AllArgs = @(
    '/log="C:\Users\user\Desktop\WinSCP.log"',
    '/ini=nul',
    '/command',
    'open sftp://username@server/',
    'get -neweronly /path/to/server.pfx C:\Users\user\Desktop\',
    'exit'
)
 & '$WinScpCmd' $AllArgs

看看這是否適用於第一次運行的用例。 同樣，根據我上面的評論，使用Trace-Command來觀察正在發生的事情。

Answer 2

好的，我得到了解決方案：

我只是從互聯網上找到的腳本中復制了$LastExitCode並認為它就像$? 在 linux 中。 不幸的是，恰好這個完全相同的命令也適用於此。

因此，如果我替換它，腳本可以正常工作：

#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16) 

$getPwResult = $?
if ($getPwResult)
{
  Write-Host "Successfully got Secure Password!"
}
else
{
  Write-Host "Error retrieving password"
  Write-Host $getPwResult
  exit $getPwResult
}



$oldThumbprint = Get-ChildItem  -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint 

$getoldThumbprintResult = $?
if ($getoldThumbprintResult)
{
 
  Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
  Write-Host "Error retrieving old thumbprint"
  exit $getoldThumbprintResult
}

#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
  /log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
  /command `
    "open sftp://username@server/" `
    "get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
    "exit"

$winscpResult = $?
if ($winscpResult)
{
  Write-Host "Successfully downloaded file!"
}
else
{
  Write-Host "Error while downloading file"
  exit $winscpResult
}

$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $?
if ($getnewThumbprintResult)
{
  Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
  Write-Host "Error retrieving new thumbprint"
  exit $getnewThumbprintResult
}


if ($oldThumbprint -ne $newThumbprint) {
  #Executing the import of new PFX
  Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
  $installCertExitCode = $?

  if ($installCertExitCode) {
    Write-Host "Installed new certificate"
  } else {
    Write-Host "An error occured while installing new certificate."
    exit $installCertExitCode
  }

} else {
    Write-Host "File has not been changed!"
}

這可以以某種方式解釋為什么該腳本會在第二次嘗試中運行，因為該變量的設置類似於上面評論中所述的postanote 。

謝謝您的幫助！