我正在使用 PowerShell 的 MDT 任务序列,它使用如下脚本
%SCRIPTROOT%\ConfigureWinRMwithCertificate_https.ps1
该脚本完美地使用 https 配置了 winrm,但每次此任务都会在 LOG 中创建异常消息,而不是我在脚本中写入的输出。
错误消息总是说无法从网络驱动器执行脚本(以下错误中屏蔽了 IP 地址详细信息):
!><time="19:02:08.000+000" date="xx-xx-xxxx" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[NotSpecified: ('\\1.2.3.4\D$\Scripts':String) [], RemoteException]LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG**[CMD.EXE was started with the above path as the current directory.]**LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[At line:1 char:1
+ winrm create winrm/config/Listener?Address=+Transport=HTTPS '@{Hostn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[NotSpecified: (CMD.EXE was sta...rent directory.:String) [], RemoteException]LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[**UNC paths are not supported. Defaulting to Windows directory.]**LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[At line:1 char:1
+ winrm create winrm/config/Listener?Address=+Transport=HTTPS '@{Hostn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[NotSpecified: (UNC paths are n...dows directory.:String) [], RemoteException]LOG]!><time="19:02:08.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="3" thread="" file="TaskSequencePSHost">
<![LOG[TSHOST: Script completed with return code 0]LOG]!><time="19:02:12.000+000" date="xx-xx-2022" component="TaskSequencePSHost" context="" type="1" thread="" file="TaskSequencePSHost">
还有其他方法可以克服这个错误吗?
实际的 powershell 脚本代码是:
Function CheckWinRMHTTPSConfiguration{
[CmdletBinding()]
param(
[Parameter(Mandatory=$False)][System.Boolean]$isWinrmHttpsConfigured = $false
)
$state_of_WinrmHttps = Get-childItem -Path WSMan:\localhost\Listener | Select-Object -ExpandProperty Keys | where {$_ -match 'https'}
if($state_of_WinrmHttps){ $isWinrmHttpsConfigured = $true}
else { $isWinrmHttpsConfigured = $false}
return $isWinrmHttpsConfigured
}
Function ConfigureWinRMwithPROJECTAACertificate_https{
$Cert_output = Get-ChildItem Cert:\LocalMachine\My | Select @{N="Template";Expression={($_.Extensions |where-object {$_.oid.Friendlyname -match "Certificate Template Information"}).Format(0) -replace "(.+)?=(.+)\((.+)?", '$2'}},@{N="Subject";Expression={$_.SubjectName.name}},Thumbprint
$Thumbprint_of_PROJECTAA_Certificate = $($Cert_output.Thumbprint)
$FQDN_of_LocalMachine = ([System.Net.Dns]::GetHostByName($env:computerName).Hostname)
if(-not $Cert_output){
Write-Host "No certificate avaialable in $FQDN_of_LocalMachine"
}
elseif($Cert_output -is [System.Array]){
Write-Host "Multiple certificates are available in $FQDN_of_LocalMachine.Skipping…”
}
elseif ($Cert_output -isnot [System.Array] -and $($Cert_output.Template) -eq "ORGANIZATIONTEMPLATENAMEHERE"){
$command_construct = 'winrm create winrm/config/Listener?Address=*+Transport=HTTPS '+''''+ '@{Hostname=' +'"'+$FQDN_of_LocalMachine+'"'+';'+' CertificateThumbprint='+'"'+$Thumbprint_of_PROJECTAA_Certificate+'"'+'}'+''''
Invoke-expression -Command $command_construct
}
else{
Write-Host "nothing done"
}
}
Function ConfigureWINRM {
$state_of_WinRM_https = CheckWinRMHTTPSConfiguration
if($state_of_WinRM_https -eq $true){
Write-Host "Deleteing existing winrm https"
Invoke-Expression -Command 'winrm delete winrm/config/listener?Address=*+Transport=HTTPS';
ConfigureWinRMwithPROJECTAACertificate_https
}
else
{
Write-Host "configuring https listener for winrm"
ConfigureWinRMwithPROJECTAACertificate_https
}
}
Function Update_grouppolicy{
invoke-expression -Command 'gpupdate /force /wait:-1 /target:computer' -OutVariable gpupdate_output
Start-Sleep -Seconds 300
}
$output_Update_grouppolicy = Update_grouppolicy
if ($output_Update_grouppolicy -match "Computer Policy update has completed successfully"){
Write-Host "Computer Policy update has completed successfully"
Write-Host "Configuring winrm with https..."
ConfigureWINRM}
else { Write-Host "Group policy did not updated successfully. Thus winrm configuration with https is skipped."}
答案1
根据添加的脚本进行编辑:
winrm在 powershell (aka ) 中运行%windir%\system32\winrm.cmd将使用 powershell 的当前工作目录启动 cmd 进程。如果 powershell 的当前目录是 UNC 路径,您将看到该错误。您可以在本地 powershell 中重新创建此目录:
PS C:\> cd \\server\share\
PS Microsoft.PowerShell.Core\FileSystem::\\server\share> winrm help
winrm : '\\server\share'
At line:1 char:1
+ winrm help
+ ~~~~~~~~
+ CategoryInfo : NotSpecified: ('\\mifp-fspr01\SharedFiles':String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.
[...]
您可以通过将 powershell 脚本设置为在运行命令之前更改为本地路径来停止生成错误winrm。cd X:\或者cd C:\,取决于命令运行的步骤
检查Start in:任务序列的部分。CMD(MDT 从其启动 powershell)不支持 UNC 路径(例如\\1.2.3.4\当前目录)。以下是来自 dell 的屏幕截图示例:
该错误只是警告您 CMD 默认从 windows 文件夹启动。这没关系,因为该命令使用完整路径,而不是相对路径,例如./myScript.ps1
如果您不想看到错误,只需将位置设置Start in:为本地路径,如X:\或C:\