我正在尝试编写一个脚本以检索跨域的任何过期的IIS证书。我可以在与服务器列表相同的域上运行脚本,而没有任何错误,但是即使我使用的用户在所有域中都具有admin访问,我也无法跨域。
我已经尝试使用新的pssesiion并将其传递到Invoke-command中,并且我发现了错误:Windrm无法处理请求。
cd C:DeployCerts
Enable-PSRemoting –force
#set up path and user variables
$AESKeyFilePath = “aeskey.txt” # location of the AESKey
$SecurePwdFilePath = “credpassword.txt” # location of the file that hosts the encrypted password
$user = "DOMAINUsername" # User account login
#use key and password to create local secure password
$AESKey = Get-Content -Path $AESKeyFilePath
$pwdTxt = Get-Content -Path $SecurePwdFilePath
$securePass = $pwdTxt | ConvertTo-SecureString -Key $AESKey
#crete a new psCredential object with required username and password
$adminCreds = New-Object System.Management.Automation.PSCredential($user, $securePass)
$ServerList=Get-Content .componentshosts.txt
foreach ( $Server in $ServerList ) {
Write-Host "Checking $Server is up"
if ( ( Test-Connection $Server -Quiet ) -eq $True ) {
# Open remote session:
#$session = New-PSSession -ComputerName $Server -Credential $adminCreds -ThrottleLimit 16
Invoke-Command -ComputerName $Server -ScriptBlock {
Import-Module -Name WebAdministration
Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process `
{
if ($_.Sites)
{
$certificate = Get-ChildItem -Path CERT:LocalMachine/My |
Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint
[PsCustomObject]@{
HostName = $Env:COMPUTERNAME
Sites = $_.Sites.Value
CertificateFriendlyName = $certificate.FriendlyName
CertificateDnsNameList = $certificate.DnsNameList
CertificateExpiration = $certificate.NotAfter
CertificateIssuer = $certificate.Issuer
}
}
}
}| Out-File .expired_Certs.txt -append #-NoTypeInformation
}
}
错误消息:
WinRM无法处理请求。以下错误代码 0x80090311使用Kerberos身份验证时发生:我们无法签名 您使用此凭证,因为您的域没有。制作 确保您的设备已连接到组织的网络并尝试 再次。如果您以前在此设备上登录了另一台设备 凭据,您可以使用该凭据登录。
解决!我阅读了故障排除帮助,并运行以下命令将服务器添加到受信任的主机:
:Set-Item wsman:localhostclienttrustedhosts *.domain.name