• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 32 subscribers
  • Views 588 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SAM PowerShell and $args[1], something isn't right... (Certificate Monitoring example)

crwdawg

When I use my custom PowerShell option with static names it produces the results that I need (3 certificates expiring and by how many days), when I change the script to use $args[0] and $args[1] it partially fails (only returns 2 certificates and their days expiring).

Initial Problem:

Need to monitor certificates in local store that are about to expire.  Certificate is not necessarily assigned to IIS, i.e.  Exchange SMTP, RADIUS certs, etc.

Resolution: 

SAM template - Custom PowerShell Lines 01 - 62 are a function, line 65 runs the function with $args[0] (${nodes.caption} or ${IP} either one) and selects the certs that are expiring in less than or equal to $args[1] days (which I set to 14)

Results:

In PowerShell, this works as expected and I see 3 certificates expiring.

If I comment out line 63 and remove the comment from line 64 against a server that has 3 certificates expiring, it correctly shows 3 certificates expiring. 

If I comment out line 63 and remove the comment from line 65, it only shows 2 of the certificates expiring. 

It is dropping the 3rd output if I use $args[1], instead of statically putting 14 in the code.

(sorry formatting looks weird)

function Get-StoreCertificates
{
[CmdletBinding()]
param
(
[Parameter(ValueFromPipeline = $true,
   ValueFromPipelineByPropertyName = $true,
   Position = 0)]
[Alias('Name')]
$ComputerName = 'localhost'
)
Begin
{
$output = @()
$date = get-date
}
Process
{
foreach ($Computer in $ComputerName)
{
Try
{
Write-Verbose "Starting on $Computer"
$Certs = Invoke-Command -ErrorAction Stop -ComputerName $ComputerName -ScriptBlock `
{
Get-ChildItem -Path "cert:\localmachine\my"
}
foreach ($Cert in $Certs)
{
$Days = (New-TimeSpan -start $date -End $Cert.notafter | Select-Object -expand days)
Write-Verbose "Days $Days"
$PSObject = [pscustomobject]@{
'ServerName' = $ComputerName
'Name'      = ($Cert.subject -split "=" -split ",")[1]
'DaysRemaining' = $Days
'Expires'    = $Cert.NotAfter
'CertIssuer' = $Cert.Issuer
'CertSubject' = $Cert.subject
'Thumbprint' = $Cert.thumbprint
'Status' = 0
}
$Output += $PSObject
}
}
Catch
{
Write-Verbose "$Computer Cannot be accessed via invoke-command"
$PSObject = [pscustomobject]@{
'ServerName' = $Computer
'Name'      = 'inaccessible via invoke-command'
'Status' = 1
}
$Output += $PSObject
}
}
$Output
}
End
{
}
}
$Output = Get-StoreCertificates -ComputerName Server01 | where { $_.daysremaining -le 14 } | sort daysremaining, name 
#$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le 14 } | sort daysremaining, name
#$Output = Get-StoreCertificates -ComputerName $args[0] | where { $_.daysremaining -le $args[1] } | sort daysremaining, name
if ($Output.count -eq 0)
{
Write-Output "Message.0 :  No Site Certs expiring"
Write-Output "Statistic.0 :  0"
exit 0;
}
else
{
[int]$M = 0
foreach ($Line in $Output)
{
if ($Line.status > 0)
{
exit $Line.status;
}
else
{
$n = $Line.name
$d = $Line.DaysRemaining
Write-Output "Message.$M :  $n"
Write-Output "Statistic.$M : $d"
}
$M++
}
exit 3;
}

This is just one example of things that I want to use the same type of processing on.  It truly looks like it is an issue with SAM itself.

Thanks in advance.

  • 0

    I ran into an issue recently where doing this fixed it - change $args[1] to [int]$args[1]
    It may be trying to compare it to a string vs. an integer.

  • 0

    Really annoyed that it worked that way, but really glad that the fix was this simple.  I was going to try that but it didn't make sense that it was putting out 2, but not the 3rd.  I guess 6 is not less than 14 if it is a string.  If anyone is familiar with more documentation on using the '10 pairs of statistic and message' besides the SAM user guide (which doesn't address it), or the page that comes up on 'how to use this component' ( Windows PowerShell monitor ) that would be handy to have.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.