When I use my custom PowerShell option with static names it produces the results that I need (3 certificates expiring and by how many days), when I change the script to use $args[0] and $args[1] it partially fails (only returns 2 certificates and their days expiring).
Initial Problem:
Need to monitor certificates in local store that are about to expire. Certificate is not necessarily assigned to IIS, i.e. Exchange SMTP, RADIUS certs, etc.
Resolution:
SAM template - Custom PowerShell Lines 01 - 62 are a function, line 65 runs the function with $args[0] (${nodes.caption} or ${IP} either one) and selects the certs that are expiring in less than or equal to $args[1] days (which I set to 14)
Results:
In PowerShell, this works as expected and I see 3 certificates expiring.
If I comment out line 63 and remove the comment from line 64 against a server that has 3 certificates expiring, it correctly shows 3 certificates expiring.
If I comment out line 63 and remove the comment from line 65, it only shows 2 of the certificates expiring.
It is dropping the 3rd output if I use $args[1], instead of statically putting 14 in the code.
(sorry formatting looks weird)
function Get-StoreCertificates{[CmdletBinding()]param([Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][Alias('Name')]$ComputerName = 'localhost')Begin{$output = @()$date = get-date}Process{foreach ($Computer in $ComputerName){Try{Write-Verbose "Starting on $Computer"$Certs = Invoke-Command -ErrorAction Stop -ComputerName $ComputerName -ScriptBlock `{Get-ChildItem -Path "cert:\localmachine\my"}foreach ($Cert in $Certs){$Days = (New-TimeSpan -start $date -End $Cert.notafter | Select-Object -expand days)Write-Verbose "Days $Days"$PSObject = [pscustomobject]@{'ServerName' = $ComputerName'Name' = ($Cert.subject -split "=" -split ",")[1]'DaysRemaining' = $Days'Expires' = $Cert.NotAfter'CertIssuer' = $Cert.Issuer'CertSubject' = $Cert.subject'Thumbprint' = $Cert.thumbprint'Status' = 0}$Output += $PSObject}}Catch{Write-Verbose "$Computer Cannot be accessed via invoke-command"$PSObject = [pscustomobject]@{'ServerName' = $Computer'Name' = 'inaccessible via invoke-command''Status' = 1}$Output += $PSObject}}$Output}End{}}$Output = Get-StoreCertificates -ComputerName Server01 | where { $_.daysremaining -le 14 } | sort daysremaining, name #$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le 14 } | sort daysremaining, name#$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le $args[1] } | sort daysremaining, nameif ($Output.count -eq 0){Write-Output "Message.0 : No Site Certs expiring"Write-Output "Statistic.0 : 0"exit 0;}else{[int]$M = 0foreach ($Line in $Output){if ($Line.status > 0){exit $Line.status;}else{$n = $Line.name$d = $Line.DaysRemainingWrite-Output "Message.$M : $n"Write-Output "Statistic.$M : $d"}$M++}exit 3;}This is just one example of things that I want to use the same type of processing on. It truly looks like it is an issue with SAM itself.
Thanks in advance.
