我注意到许多域名由于其网站上的通配符证书无效而在 Exchange 2013 上失败。
我怎样才能(至少)扫描并测试此类故障?
下面是我的脚本的开头,但我对 Powershell 真的很生疏。有人认为这是一个有效的解决方案,或者有更好的解决方案吗?
$ErrorActionPreference = "Stop";
$domains = get-accepteddomain
foreach ($d in $domains)
{
Try
{
$url = "https://$d"
$wc = New-Object System.Net.WebClient
$wc.DownloadString($url)
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
Send-MailMessage -From [email protected] -To [email protected] -Subject "Invalid SSL Certificate" -SmtpServer internalsmtp.nfp.com -Body "We failed to read file $FailedItem. The error message was $ErrorMessage for domain $url"
Break
}
}
答案1
这是我编写的脚本。我仍然需要一种方法来轻松获取所有活动的主 SMTP 地址,但这只是一个开始。
#This script tests the naked domain and autodiscover record for issues.
#often times a wildcard cert will cause a name mismatch, or the cert is invalid, expired, or revoked
$ErrorActionPreference = "Stop";
#todo, don't use accepted domains, only use the addresses listed as a primary on
# a user, because that is the only domain that counts for Autodiscover.
$domains = "a.com”, “b.com”, “b.com"
$errors = @{}
foreach ($d2 in $domains)
{
Try
{
$url = "https://$d2"
$url
$wc = New-Object System.Net.WebClient
$wc.DownloadString($url)
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
$errors.Add($url, $_.Exception.Message)
}
Try
{
$url = "https://autodiscover.$d2"
$url
$wc = New-Object System.Net.WebClient
$wc.DownloadString($url)
}
Catch
{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
$errors.Add($url, $errormessage)
}
}
$sb = New-Object -TypeName "System.Text.StringBuilder";
foreach ($e in $errors.keys) {
$e2 = $errors.$e
#The remote name could not be resolved
#Could not establish trust relationship
$sb.AppendLine("$e had error @ $e2 " );
}
Send-MailMessage -From [email protected] -To [email protected] -Subject "Invalid SSL Certificate Report" -SmtpServer internalsmtp.company.com -Body $sb.tostring()