When I use my custom PowerShell option with static names it produces the results that I need (3 certificates expiring and by how many days), when I change the script to use $args[0] and $args[1] it partially fails (only returns 2 certificates and their days expiring).
Initial Problem:
Need to monitor certificates in local store that are about to expire. Certificate is not necessarily assigned to IIS, i.e. Exchange SMTP, RADIUS certs, etc.
Resolution:
SAM template - Custom PowerShell Lines 01 - 62 are a function, line 65 runs the function with $args[0] (${nodes.caption} or ${IP} either one) and selects the certs that are expiring in less than or equal to $args[1] days (which I set to 14)
Results:
In PowerShell, this works as expected and I see 3 certificates expiring.
If I comment out line 63 and remove the comment from line 64 against a server that has 3 certificates expiring, it correctly shows 3 certificates expiring.
If I comment out line 63 and remove the comment from line 65, it only shows 2 of the certificates expiring.
It is dropping the 3rd output if I use $args[1], instead of statically putting 14 in the code.
(sorry formatting looks weird)
function Get-StoreCertificates
{
[CmdletBinding()]
param
(
[Parameter(ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 0)]
[Alias('Name')]
$ComputerName = 'localhost'
)
Begin
{
$output = @()
$date = get-date
}
Process
{
foreach ($Computer in $ComputerName)
{
Try
{
Write-Verbose "Starting on $Computer"
$Certs = Invoke-Command -ErrorAction Stop -ComputerName $ComputerName -ScriptBlock `
{
Get-ChildItem -Path "cert:\localmachine\my"
}
foreach ($Cert in $Certs)
{
$Days = (New-TimeSpan -start $date -End $Cert.notafter | Select-Object -expand days)
Write-Verbose "Days $Days"
$PSObject = [pscustomobject]@{
'ServerName' = $ComputerName
'Name' = ($Cert.subject -split "=" -split ",")[1]
'DaysRemaining' = $Days
'Expires' = $Cert.NotAfter
'CertIssuer' = $Cert.Issuer
'CertSubject' = $Cert.subject
'Thumbprint' = $Cert.thumbprint
'Status' = 0
}
$Output += $PSObject
}
}
Catch
{
Write-Verbose "$Computer Cannot be accessed via invoke-command"
$PSObject = [pscustomobject]@{
'ServerName' = $Computer
'Name' = 'inaccessible via invoke-command'
'Status' = 1
}
$Output += $PSObject
}
}
$Output
}
End
{
}
}
$Output = Get-StoreCertificates -ComputerName Server01 | where { $_.daysremaining -le 14 } | sort daysremaining, name
#$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le 14 } | sort daysremaining, name
#$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le $args[1] } | sort daysremaining, name
if ($Output.count -eq 0)
{
Write-Output "Message.0 : No Site Certs expiring"
Write-Output "Statistic.0 : 0"
exit 0;
}
else
{
[int]$M = 0
foreach ($Line in $Output)
{
if ($Line.status > 0)
{
exit $Line.status;
}
else
{
$n = $Line.name
$d = $Line.DaysRemaining
Write-Output "Message.$M : $n"
Write-Output "Statistic.$M : $d"
}
$M++
}
exit 3;
}
This is just one example of things that I want to use the same type of processing on. It truly looks like it is an issue with SAM itself.
Thanks in advance.