如何:使用 Power Shell(Azure 经典发布管道)删除旧证书 Windows 服务器
尝试了这段代码,我得到:
2024-05-07T02:43:20.4279860Z ##[error]Atleast one remote job failed. Consult logs
for more details. ErrorCodes(s):
'RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroEx
itCode***RemoteDeployer_NonZeroExitCode'
param(
$servers = "$(deploy-Hostesses)"
)
#
foreach ($server in $servers) {
Write-Host "Processing server: $server"
Invoke-Command -ComputerName $server -ScriptBlock {
# Retrieve all certificates from the certificate store
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
# Define the date threshold (current date minus expiration days)
$thresholdDate = (Get-Date).AddDays(-120)
foreach ($cert in $certs) {
# Check if the certificate is expired
if ($cert.NotAfter -lt $thresholdDate) {
Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
# Delete the expired certificate
Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
Write-Host "Certificate $($cert.Thumbprint) deleted."
}
}
}
}
关于我缺少什么的想法? Windows Server 2019 Psremoteing 已启用
稍微改变一下脚本,如下所示,它在我这边有效。
function ProcessServers {
param(
$servers = "wadeVM1,wadeVM2" # the server list
)
# Split the servers string into an array
$servers = $servers.Split(',')
#
foreach ($server in $servers) {
Write-Host "Processing server: $server"
Invoke-Command -ComputerName $server -ScriptBlock {
# Retrieve all certificates from the certificate store
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
# Define the date threshold (current date minus expiration days)
$thresholdDate = (Get-Date).AddDays(-120)
foreach ($cert in $certs) {
# Check if the certificate is expired
if ($cert.NotAfter -lt $thresholdDate) {
Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
# Delete the expired certificate
Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
Write-Host "Certificate $($cert.Thumbprint) deleted."
}
}
}
}
}
ProcessServers # run the function
我在经典管道中为
inline
使用了powershell task
脚本类型:
请按照以下项目进行检查:
代理服务器列表
can be reached
中的服务器。只需在代理机器上 ping servername
即可进行验证。如果达不到,请在hosts中添加map并刷新dns(ipconfig /flushdns)。
在每台服务器上,运行
winrm quickconfig
以配置服务。运行 winrm set winrm/config/client '@{TrustedHosts="*"}'
以信任主机。
如果您遇到如下消息:
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
运行命令:
New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1
和Restart-Service WinRM
。
whoami
进行确认,确保用户具有管理员权限,以便可以删除证书。如果没有,请使用管理员用户重新配置代理。希望有帮助。