0

I have used the DOMAIN\Administrator account is used for the credentials to run the below PowerShell script to scan for Expired SSL certificate:

$ScriptBlock = {
    Get-ChildItem Cert:\*\My -Recurse |
        Select-Object Subject, 
        DnsNameList, 
        NotAfter, 
        NotBefore, 
        Thumbprint, 
        Issuer,
        @{n = "SAN"; e = {Try {($_.Extensions | Where-Object {$_.Oid.Value -eq '2.5.29.17'}).Format(0)} Catch {} }},
        @{n = "IsValid"; e = {$today = Get-Date; If ( $_.NotBefore -lt $today -and $_.NotAfter -gt $today ) { $true } Else {$false} } } }

$computers = Get-ADComputer -Filter {Enabled -eq $True -and OperatingSystem -like "*Server*"} -SearchBase "OU=Servers,OU=Production Site 1,DC=Domain,DC=com" | 
                Where-Object {Test-Connection $_.Name -Count 1 -Quiet} | 
                Select-Object -expandProperty DnsHostName | 
                Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

$adCred = Get-Credential Invoke-Command -ComputerName $computers
-ScriptBlock $ScriptBlock -Credential $adCred

But, then I got the error:

[Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData] Connecting to remote server Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (Microsoft.Power...FormatEntryData:String) [], PSRemotingTransportException + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken

How to fix it so I can get the CSV result?

The updated error code is now:

Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At line:19 char:30 + Invoke-Command -ComputerName $computers -ScriptBlock $ScriptBlock -Cr ... + ~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

halfer
  • 19,824
  • 17
  • 99
  • 186
Senior Systems Engineer
  • 1,061
  • 2
  • 27
  • 63
  • 1
    `Cannot find the computer ` = looks like you're trying to connect to a computer which does not exist, is offline or otherwise not reachable – TobyU Nov 21 '18 at 13:29
  • 1
    Your code suggest you have $erroractionpreference set to silent or ignore, which is horrible for developing code. You have repeating expand statements here which will error out: $computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | Select-Object -expandProperty DnsHostName | Select-Object -expandProperty DnsHostName | Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation – Scepticalist Nov 21 '18 at 13:34
  • 1
    As an aside: It's best to [avoid the use of script blocks (`{ ... }`) as `-Filter` arguments](https://stackoverflow.com/a/44184818/45375). – mklement0 Nov 21 '18 at 13:49
  • I have already updated the code with the formatting, it is now complaining for the same error. – Senior Systems Engineer Nov 21 '18 at 22:20
  • 1
    Note we prefer a technical style of writing here. We gently discourage greetings, hope-you-can-helps, thanks, advance thanks, notes of appreciation, regards, kind regards, signatures, please-can-you-helps, chatty material and abbreviated txtspk, pleading, how long you've been stuck, voting advice, meta commentary, etc. Just explain your problem, and show what you've tried, what you expected, and what actually happened. – halfer Dec 01 '18 at 09:31

1 Answers1

3

This line is incorrect for a start

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
       Select-Object -expandProperty DnsHostName | #bad line
          Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation

Should be 

$computers = Get-ADComputer -Filter {Enabled -eq $True} -SearchBase "OU=Servers,OU=Production,DC=Domain,DC=com" | 
    Select-Object -expandProperty DnsHostName | 
        Export-Csv -Path C:\Logs\SSL.csv -NoTypeInformation
Justin
  • 1,303
  • 15
  • 30
Scepticalist
  • 3,737
  • 1
  • 13
  • 30
  • 3
    To spell it out: Pipeline segment `Select-Object -expandProperty DnsHostName` was accidentally _duplicated_ in the original command, and you removed the duplicate (it would help to add that description, and to spread the command across multiple lines). As an aside: It's best to [avoid the use of script blocks (`{ ... }`) as `-Filter` arguments](https://stackoverflow.com/a/44184818/45375). – mklement0 Nov 21 '18 at 13:52