我正在尝试编写一个脚本来检索跨域的所有过期的IIS证书。我可以在与服务器列表相同的域中运行脚本而没有任何错误,但是即使我使用的用户在所有域中都具有管理员访问权限,我也无法跨域运行。
我尝试使用New-PSSesiion并将其传递到Invoke-Command中,但出现错误:WindRM无法处理该请求。
cd C:\Deploy\Certs
Enable-PSRemoting –force
#set up path and user variables
$AESKeyFilePath = “aeskey.txt” # location of the AESKey
$SecurePwdFilePath = “credpassword.txt” # location of the file that hosts the encrypted password
$user = "DOMAIN\Username" # User account login
#use key and password to create local secure password
$AESKey = Get-Content -Path $AESKeyFilePath
$pwdTxt = Get-Content -Path $SecurePwdFilePath
$securePass = $pwdTxt | ConvertTo-SecureString -Key $AESKey
#crete a new psCredential object with required username and password
$adminCreds = New-Object System.Management.Automation.PSCredential($user, $securePass)
$ServerList=Get-Content .\components\hosts.txt
foreach ( $Server in $ServerList ) {
Write-Host "Checking $Server is up"
if ( ( Test-Connection $Server -Quiet ) -eq $True ) {
# Open remote session:
#$session = New-PSSession -ComputerName $Server -Credential $adminCreds -ThrottleLimit 16
Invoke-Command -ComputerName $Server -ScriptBlock {
Import-Module -Name WebAdministration
Get-ChildItem -Path IIS:SSLBindings | ForEach-Object -Process `
{
if ($_.Sites)
{
$certificate = Get-ChildItem -Path CERT:LocalMachine/My |
Where-Object -Property Thumbprint -EQ -Value $_.Thumbprint
[PsCustomObject]@{
HostName = $Env:COMPUTERNAME
Sites = $_.Sites.Value
CertificateFriendlyName = $certificate.FriendlyName
CertificateDnsNameList = $certificate.DnsNameList
CertificateExpiration = $certificate.NotAfter
CertificateIssuer = $certificate.Issuer
}
}
}
}| Out-File .\expired_Certs.txt -append #-NoTypeInformation
}
}
错误消息:
WinRM无法处理该请求。错误代码如下 使用Kerberos身份验证时发生0x80090311:我们无法签名 您拥有此凭据,因为您的域不可用。使 确保您的设备已连接到组织的网络,然后尝试 再次。如果您以前使用其他设备登录过此设备 凭据,您可以使用该凭据登录。
答案 0 :(得分:0)
已解决!我阅读了故障排除帮助,并运行以下命令将服务器添加到受信任的主机:
Set-Item wsman:localhost\client\trustedhosts *.domain.name