当服务中断时,Powershell代码不会发送警报

时间:2019-08-03 18:41:35

标签: powershell

我们有与金雅拓HSM集成的Active Directory证书服务(ADCS)。 ADCS使用HSM上的密钥执行加密操作。 HSM跨VPN

与HSM保持会话的库存在一个已知问题 因此,我们想出了一个发布CRL的脚本,如果无法发布CRL,则暗示该服务未运行/正在工作,重新启动该服务会协商一个新会话,并且该问题可能已得到解决。因此,这些脚本会发送警报电子邮件(如果尚未发送),则在脚本结束并将所有事务记录到一个文件之前,尝试最多重启ADCS服务3次。

我面临的问题是,当CRL无法发布时,我永远不会收到警报电子邮件,但是当服务成功备份时,我确实会收到电子邮件。我认为问题出在PowerShell中的程序代码是什么,有人可以看一下代码并让我知道问题出在哪里,以及是否可以更好地解决这一问题。谢谢。

    function publishcrl
    {
    $command = 'certutil -crl'
    Invoke-Expression $command
        if($LASTEXITCODE -eq '0')
         {
           return '111'
         }
        else 
        {
           return '-111'
        }
    }
    $result = publishcrl
    if($result -eq '111')
    {
        write-host "$(get-timestamp) CRL published successfully"
        Write-output "$(get-timestamp)CRL Published Successfully" | out-file $path\$date.log -Append ascii
        if($status -eq 'DOWN') 
        {
           send-email -body "$(get-timestamp) CA  service UP ; CRL Publishing successful on Production  CA server"
        }
        set-content -path E:\status.txt -Value "UP" 
        set-content -path E:\Alertsent.txt -value '0'
        write-output 'End script' | out-file $path\$date.log -Append ascii
        exit 0 
     } 
    else 
    {
       if($result -eq '-111')
       {
            write-output 'Lastexitcode:'$LASTEXITCODE[0] | out-file $path\$date.log -Append ascii
            write-host 'entering else main loop'
            set-content -path E:\status.txt -Value "DOWN" 
                if (($script:alertsent -eq '0') -and ($script:status -eq 'DOWN'))
                   {
                       write-host $script:alertsent
                        write-output 'entering 2nd loop' | out-file $path\$date.log -Append ascii
                        send-email -body "$(get-timestamp)CRL Publishing failed on Production Server"
                        write-host 'email sent'
                        Write-output "$(get-timestamp)Email sent: CRL Publishing Failed on $env:computername" |  out-file $path\$date.log -Append ascii
                        Write-output "$(get-timestamp)CA STATUS IS DOWN" |  out-file $path\$date.log -Append ascii
                        set-content -path E:\Alertsent.txt -Value '1' 
             } 
         }
    ##Restart service 
    $Service = (get-service -name CertSvc)
    $retry = 4
    for($i = 1 ; $i -lt $retry ; $i++)
    {
        Restart-Service -name CertSvc -Force 
        write-host 'Restarting service'
        write-output "$(get-timestamp)Trying to start service $i time(s) " | out-file $path\$date.log -Append ascii
        Start-Sleep -seconds 50 -Verbose
        $result2 = publishcrl
        Write-output $result2 | out-file $path\$date.log -Append ascii
            if((Get-service -name CertSvc).status -eq 'Running' -and $result2 -eq '111')
            {  
                   set-content -path E:\status.txt -Value "UP" 
                   $status = get-content -Path E:\status.txt 
                   send-email -body "$(get-timestamp) CA  service restarted ; CRL Publishing successful on Production secure boot CA server"
                   set-content -Path E:\Alertsent.txt -Value '0'
                   break
            }
           else 
             {
                write-host 'CA server cannot be restarted successfully'
                write-output "$(get-timestamp) CA server cannot be restarted successfully " | out-file $path\$date.log -Append ascii
             }
    } }# outer for loop. 
    write-output 'end Script' | out-file $path\$date.log -Append ascii

0 个答案:

没有答案
相关问题
最新问题