当我尝试在我们的其中一台服务器中启用跟踪时出现错误。
使用的命令:
Add-PSSnapin Microsoft.Crm.PowerShell
Get-CrmSetting TraceSettings
错误:
Get-CrmSetting : The underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.
At line:1 char:1
+ Get-CrmSetting TraceSettings
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Microsoft.Crm.P...rmSettingCmdlet:GetCrmSettingCmdlet) [Get-
CrmSetting], WebException
+ FullyQualifiedErrorId : CRM Deployment Cmdlet Error,Microsoft.Crm.PowerShell.GetCrmSettingCmdlet
这是一个多服务器环境,其中 Web 和应用程序是分离的。
答案1
该错误表明您尝试连接的端点上使用的证书是不受信任的证书。
我建议确保在端点上使用有效且可信的证书。
但是,如果这不可能的话,您可以使用此功能将 PowerShell 设置为每个会话允许一次不受信任的证书。
然而警告:运行此功能将禁用全部PowerShell 通常会执行的证书检查以及仅有的重置的方法是关闭并重新打开 PowerShell。
function Disable-SSLValidation
{
<#
.SYNOPSIS
Disables SSL certificate validation
.DESCRIPTION
Disable-SSLValidation disables SSL certificate validation by using reflection to implement the System.Net.ICertificatePolicy class.
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
.NOTES
Reflection is ideal in situations when a script executes in an environment in which you cannot call csc.ese to compile source code. If compiling code is an option, then implementing System.Net.ICertificatePolicy in C# and Add-Type is trivial.
.LINK
http://www.exploit-monday.com
#>
Set-StrictMode -Version 2
# You have already run this function
if ([System.Net.ServicePointManager]::CertificatePolicy.ToString() -eq 'IgnoreCerts') { Return }
$Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('IgnoreCerts')
$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('IgnoreCerts', $false)
$TypeBuilder = $ModuleBuilder.DefineType('IgnoreCerts', 'AutoLayout, AnsiClass, Class, Public, BeforeFieldInit', [System.Object], [System.Net.ICertificatePolicy])
$TypeBuilder.DefineDefaultConstructor('PrivateScope, Public, HideBySig, SpecialName, RTSpecialName') | Out-Null
$MethodInfo = [System.Net.ICertificatePolicy].GetMethod('CheckValidationResult')
$MethodBuilder = $TypeBuilder.DefineMethod($MethodInfo.Name, 'PrivateScope, Public, Virtual, HideBySig, VtableLayoutMask', $MethodInfo.CallingConvention, $MethodInfo.ReturnType, ([Type[]] ($MethodInfo.GetParameters() | % {$_.ParameterType})))
$ILGen = $MethodBuilder.GetILGenerator()
$ILGen.Emit([Reflection.Emit.Opcodes]::Ldc_I4_1)
$ILGen.Emit([Reflection.Emit.Opcodes]::Ret)
$TypeBuilder.CreateType() | Out-Null
# Disable SSL certificate validation
[System.Net.ServicePointManager]::CertificatePolicy = New-Object IgnoreCerts
}
特别感谢马特·格雷伯用于编写代码。