如何:使用 Powershell(Azure 经典发布管道)删除旧证书 Windows 服务器

问题描述 投票:0回答:1

如何:使用 Power Shell(Azure 经典发布管道)删除旧证书 Windows 服务器

尝试了这段代码,我得到:

2024-05-07T02:43:20.4279860Z ##[error]Atleast one remote job failed. Consult logs 
for more details. ErrorCodes(s): 
'RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroExitCode***RemoteDeployer_NonZeroEx 
      itCode***RemoteDeployer_NonZeroExitCode' 

param(
    $servers = "$(deploy-Hostesses)"
)

# 
  foreach ($server in $servers) {
    Write-Host "Processing server: $server"

    
    Invoke-Command -ComputerName $server -ScriptBlock {
        # Retrieve all certificates from the certificate store
        $certs = Get-ChildItem -Path Cert:\LocalMachine\My
        
        # Define the date threshold (current date minus expiration days)
        $thresholdDate = (Get-Date).AddDays(-120)  
        
        
        foreach ($cert in $certs) {
            # Check if the certificate is expired
            if ($cert.NotAfter -lt $thresholdDate) {
                Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
                # Delete the expired certificate
                Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
                Write-Host "Certificate $($cert.Thumbprint) deleted."
            }
        }
    }
}

关于我缺少什么的想法? Windows Server 2019 Psremoteing 已启用

azure-devops ssl-certificate certificate powershell-remoting
1个回答
0
投票

稍微改变一下脚本,如下所示,它在我这边有效。

function ProcessServers {
param(
    $servers = "wadeVM1,wadeVM2"    # the server list
)

# Split the servers string into an array
$servers = $servers.Split(',')

# 
  foreach ($server in $servers) {
    Write-Host "Processing server: $server"

    
    Invoke-Command -ComputerName $server -ScriptBlock {
        # Retrieve all certificates from the certificate store
        $certs = Get-ChildItem -Path Cert:\LocalMachine\My
        
        # Define the date threshold (current date minus expiration days)
        $thresholdDate = (Get-Date).AddDays(-120)  
        
        
        foreach ($cert in $certs) {
            # Check if the certificate is expired
            if ($cert.NotAfter -lt $thresholdDate) {
                Write-Host "Certificate $($cert.Thumbprint) is expired. Deleting..."
                # Delete the expired certificate
                Remove-Item -Path "Cert:\LocalMachine\My\$($cert.Thumbprint)" -Force
                Write-Host "Certificate $($cert.Thumbprint) deleted."
            }
        }
    }
}
}
ProcessServers             # run the function

我在经典管道中为

inline
使用了
powershell task
脚本类型:

enter image description here

请按照以下项目进行检查:

  1. 代理服务器列表

    can be reached
    中的服务器。只需在代理机器上 
    ping servername
    即可进行验证。如果达不到,请在hosts中添加map并刷新dns(ipconfig /flushdns)。

  2. 在每台服务器上,运行 

    winrm quickconfig
    以配置服务。运行 
    winrm set winrm/config/client '@{TrustedHosts="*"}'
    以信任主机。

如果您遇到如下消息:

Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

运行命令:

New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1
Restart-Service WinRM

  1. 检查用于运行devops代理的用户,可以在管道中添加
    whoami
    进行确认,确保用户具有管理员权限,以便可以删除证书。如果没有,请使用管理员用户重新配置代理。

希望有帮助。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.