[英]Powershell script doesn't run on first execution
我編寫了一個 Powershell 腳本,它通過 SCP 將 pfx-Container 下載到 Windows 2019 服務器。 之后它將檢查當前安裝的服務器證書是否與下載的證書匹配。 如果不匹配,它將用下載的替換它。 這是用新證書替換過時的 Letcencrypt 證書。
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
/log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
$winscpResult = $LastExitCode
if ($winscpResult -eq 0)
{
Write-Host "Successfully downloaded file!"
}
else
{
Write-Host "Error while downloading file"
exit $winscpResult
}
$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $LastExitCode
if ($getnewThumbprintResult -eq 0)
{
Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
Write-Host "Error retrieving new thumbprint"
exit $getnewThumbprintResult
}
if ($oldThumbprint -ne $newThumbprint) {
#Executing the import of new PFX
Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
$installCertExitCode = $LastExitCode
if ($getnewThumbprintResult -eq 0) {
Write-Host "Installed new certificate"
} else {
Write-Host "An error occured while installing new certificate."
exit $installCertExitCode
}
} else {
Write-Host "File has not been changed!"
}
總而言之,這一切都很好,但是當我想創建一個執行計划時發生了奇怪的事情。 首先,無論我嘗試了什么,都不會通過 Windows 調度程序執行 sript...
經過仔細檢查后,我發現執行 Powershell 腳本時,有時大多數命令都會失敗。 我總是在第一次執行時出現在新打開的 Powershell 終端上。
所以會發生以下情況(在同一個 PS 終端中):
#First attempt:
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password
#Second attempt:
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Successfully got Secure Password!
Successfully got old thumbprint!
[...]
Successfully downloaded file!
Successfully got new thumbprint!
Installed new certificate.
我寫了一個小批處理文件,其唯一目的是重現調度程序任務的行為:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -ExecutionPolicy UnRestricted -File C:\Users\user\Desktop\install_cert.ps1
當我執行它時,腳本每次都會失敗。
PS C:\Users\user\Desktop> C:\Users\user\Desktop\install_cert.ps1
Error retrieving password
所以我想這是必須解決的問題。
我還刪除了在執行“Get-ChildItem -Path Cert:\LocalMachine\My [...]”時導致錯誤的第一個退出語句。
命令中沒有 output,這讓我很難調試。
有誰知道這里發生了什么以及如何解決它?
提前致謝!
編輯:
WinSCP 部分工作正常。 錯誤發生在之前的語句中:
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $LastExitCode
if ($getPwResult -eq 0)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $LastExitCode
if ($getoldThumbprintResult -eq 0)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
正如建議的那樣,我嘗試替換 WinSCP-Code 並沒有解決問題。
將您的 WinSCP 命令重構為此(即,如果您選擇不使用 WinSCP .NET 實現):
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
'/log="C:\Users\user\Desktop\WinSCP.log"' `
'/ini=nul' `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
或這個...
$AllArgs = @(
'/log="C:\Users\user\Desktop\WinSCP.log"',
'/ini=nul',
'/command',
'open sftp://username@server/',
'get -neweronly /path/to/server.pfx C:\Users\user\Desktop\',
'exit'
)
& '$WinScpCmd' $AllArgs
看看這是否適用於第一次運行的用例。 同樣,根據我上面的評論,使用Trace-Command
來觀察正在發生的事情。
好的,我得到了解決方案:
我只是從互聯網上找到的腳本中復制了$LastExitCode
並認為它就像$?
在 linux 中。 不幸的是,恰好這個完全相同的命令也適用於此。
因此,如果我替換它,腳本可以正常工作:
#Retrieving SecureString Instance of PFX-Password
$pw = Get-Content "C:\Users\user\Desktop\example_password.txt" | ConvertTo-SecureString -Key (1..16)
$getPwResult = $?
if ($getPwResult)
{
Write-Host "Successfully got Secure Password!"
}
else
{
Write-Host "Error retrieving password"
Write-Host $getPwResult
exit $getPwResult
}
$oldThumbprint = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match "server.example.org"} | Select Name -ExpandProperty Thumbprint
$getoldThumbprintResult = $?
if ($getoldThumbprintResult)
{
Write-Host "Successfully got old thumbprint! $oldThumbprint"
}
else
{
Write-Host "Error retrieving old thumbprint"
exit $getoldThumbprintResult
}
#Downloading current file via WinSCP
& "C:\Program Files (x86)\WinSCP\WinSCP.com" `
/log="C:\Users\user\Desktop\WinSCP.log" /ini=nul `
/command `
"open sftp://username@server/" `
"get -neweronly /path/to/server.pfx C:\Users\user\Desktop\" `
"exit"
$winscpResult = $?
if ($winscpResult)
{
Write-Host "Successfully downloaded file!"
}
else
{
Write-Host "Error while downloading file"
exit $winscpResult
}
$newThumbprint = (Get-PfxData -Password $pw -FilePath C:\Users\user\Desktop\server.pfx).EndEntityCertificates.Thumbprint
$getnewThumbprintResult = $?
if ($getnewThumbprintResult)
{
Write-Host "Successfully got new thumbprint! $newThumbprint"
}
else
{
Write-Host "Error retrieving new thumbprint"
exit $getnewThumbprintResult
}
if ($oldThumbprint -ne $newThumbprint) {
#Executing the import of new PFX
Import-PfxCertificate -FilePath "C:\Users\user\Desktop\server.pfx" -Password $pw -CertStoreLocation Cert:\LocalMachine\My
$installCertExitCode = $?
if ($installCertExitCode) {
Write-Host "Installed new certificate"
} else {
Write-Host "An error occured while installing new certificate."
exit $installCertExitCode
}
} else {
Write-Host "File has not been changed!"
}
這可以以某種方式解釋為什么該腳本會在第二次嘗試中運行,因為該變量的設置類似於上面評論中所述的postanote 。
謝謝您的幫助!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.