Powershell script not working through Task Scheduler for automating ssl bindings in Azure VM.

Question

When I run the above script from my laptop through PowerShell console it works fine and change the bindings but the script does not run through the Task Scheduler. In the Scheduler I found that the Task starts and finishes but the script does not run.

#Define the full path to appcmd.exe
$appcmdPath = "C:\Windows\System32\inetsrv\appcmd.exe"  

Function to retrieve the thumbprint of the latest certificate matching the CN

function Get-LatestCertificateThumbprint {
    # Get the common name (CN) of the old certificate from IIS bindings
    $oldCertCommonName = Get-OldCertificateCommonName       # Retrieve the thumbprint of the latest certificate from MMC matching the CN
    $latestCertificate = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object { $_.Subject -match "CN=$oldCertCommonName" } | Sort-Object NotAfter -Descending | Select-Object -First 1       # Check if the latest certificate was found
    if ($latestCertificate -ne $null) {
        return $latestCertificate.Thumbprint
    } else {
        return $null
    }
}  

Function to retrieve the common name (CN) of the old certificate from existing IIS bindings

function Get-OldCertificateCommonName {
    # Retrieve SSL bindings from the IIS configuration
    $bindings = Get-WebConfiguration -Filter "system.applicationHost/sites/site/bindings/binding" | Where-Object { $.protocol -eq "https" }       # Extract the thumbprint and common name (CN) from the bindings
    foreach ($binding in $bindings) {
        if ($binding.Attributes["certificateHash"]) {
            $oldThumbprint = $binding.Attributes["certificateHash"].Value
            $oldCert = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object { $.Thumbprint -eq $oldThumbprint }
            if ($oldCert -ne $null) {
                $oldCertCommonName = $oldCert.Subject.Split("=")[1]
                return $oldCertCommonName
            }
        }
    }       # Return null if the old certificate common name is not found
    return $null
}  

Main function to update certificate binding

function Update-CertificateBinding {
    param (
        [string]$oldThumbprint,
        [string]$newThumbprint
    )       # Construct the appcmd.exe command with the updated thumbprints
    $appcmdCommand = "& $appcmdPath renew BINDING /oldcert:"$oldThumbprint" /newcert:"$newThumbprint""
    Write-Host "Executing command: $appcmdCommand"       # Execute the appcmd.exe command
    try {
        Invoke-Expression -Command $appcmdCommand -ErrorAction Stop
        Write-Host "Certificate binding updated successfully."
    } catch {
        Write-Error "Failed to update certificate binding: $_"
        exit 1
    }
}  

Retrieve the thumbprint of the latest certificate matching the CN

$newCertThumbprint = Get-LatestCertificateThumbprint  

Check if the new certificate thumbprint is retrieved successfully

if ($newCertThumbprint -ne $null) {
    # Retrieve the thumbprint of the old certificate from IIS bindings
    $oldCertThumbprint = Get-OldCertificateThumbprint       # Check if the old certificate thumbprint is retrieved successfully
    if ($oldCertThumbprint -ne $null) {
        # Call the function to update certificate binding
        Update-CertificateBinding -oldThumbprint $oldCertThumbprint -newThumbprint $newCertThumbprint
    } else {
        Write-Error "Failed to retrieve the thumbprint of the old certificate."
        exit 1
    }
} else {
    Write-Error "Failed to retrieve the thumbprint of the new certificate."
    exit 1
}

Program : powershell.exe Arguments : -ExecutionPolicy Bypass -File "C:\Users\kpmgadmin\Desktop\UpdateCertificateBinding.ps1"

How can this be resolved.

Answer 1

Hi Sahana A E,

Please add Start-Transcript / Stop-Transcript to the script and see if there are any errors in the transcript files.

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.host/start-transcript?view=powershell-7.4

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.