public/ZBXWinRMConfig
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First version of the fix

Browse Source
This commit is contained in:
Horák Michal
2025-07-23 10:56:29 +02:00
parent 4b81918850
commit 2e64fb124f
2 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.vscode/launch.json vendored Normal file
View File

@@ -0,0 +1,15 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "PowerShell: Launch Current File",
"type": "PowerShell",
"request": "launch",
"script": "${file}",
"args": []
}
]
}

30
ConfigWinRM.ps1
View File

@@ -3,7 +3,7 @@
<#PSScriptInfo
.VERSION 1.00
.VERSION 1.01
.GUID 14e0e777-6ba8-4f3f-b914-53c62e0a72aa
@@ -39,6 +39,8 @@
Updated by Jordan Borean <jborean93@gmail.com>
Updated by Erwan Quélin <erwan.quelin@gmail.com>
Updated by David Norman <david@dkn.email>
Version 1.01 - Fixed issue with HTTPS when certificate in HTTPS listener doesn't match the cert in local store
Updated by Michal Horák
#>
<#
@@ -595,7 +597,31 @@ Function Run
Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Skipping changes in registry for LocalAccountTokenFilterPolicy.")
}
#--------------------------------------------------------------------------------------------------
if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" } ) -and $CFG.WINRMHTTPS.ToLower() -eq "enable" -and $CFG.SelfCertForce.ToLower() -eq "enable" )
# Get WinRM HTTPS listener thumbprint
$winrmOutput = winrm e winrm/config/listener
$winrmThumbprint = ($winrmOutput | Where-Object { $_ -match 'CertificateThumbprint' }) -replace '.*CertificateThumbprint\s*=\s*', ''
# Get local self-signed certificate thumbprint (adjust subject name as needed)
$DN = $env:COMPUTERNAME
$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {
$_.Subject -like "*CN=$DN*" -and $_.Issuer -eq $_.Subject
}
$localThumbprint = $cert.Thumbprint
# Compare the thumbprints
if ($localThumbprint -contains $winrmThumbprint)
{
$certisinwinrm = "yes"
Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Self-Signed certificate is used in WinRM HTTPS listener.")
}
else
{$certisinwinrm = "no"
Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Self-Signed certificate is not used in WinRM HTTPS listener.")
}
if (-not $MyError -and ($RunningConfig.WinRMListeners | Where-Object { $_.Transport -eq "HTTPS" } ) -and $CFG.WINRMHTTPS.ToLower() -eq "enable" -and $CFG.SelfCertForce.ToLower() -eq "enable" -or $certisinwinrm -eq "no" )
{
Write-MyLog -LOGSeverity "INFO" -LOGMessage ("Forcing SSL Self-Certificate reissuing, and recreating WinRM HTTPS listener.")
try