Added additional tracing information

CHANGELOG.md

@@ -1,3 +1,7 @@
+2.4.2
+* Identified an error that was not being trapped correctly and indicating a false positive when completing an IIS inventory job.
+* Had to go back to specifying the version of PowerShell to use when establishing a local PowerShell Runspace.
+
 2.4.1
 * Modified the CertUtil logic to use the -addstore argument when no password is sent with the certificate information.
 * Added additional error trapping and trace logs

IISU/ClientPSCertStoreInventory.cs

@@ -64,6 +64,8 @@ public List<Certificate> GetCertificatesFromStore(Runspace runSpace, string stor
 
                 ps.AddScript(certStoreScript);
 
+                _logger.LogTrace($"Executing the following script:\n{certStoreScript}");
+
                 var certs = ps.Invoke();
 
                 foreach (var c in certs)
@@ -77,11 +79,13 @@ public List<Certificate> GetCertificatesFromStore(Runspace runSpace, string stor
                         SAN = Certificate.Utilities.FormatSAN($"{c.Properties["san"]?.Value}")  
                     });
                 }
-
+                _logger.LogTrace($"found: {myCertificates.Count} certificate(s), exiting GetCertificatesFromStore()");
                 return myCertificates;
             }
             catch (Exception ex)
             {
+                _logger.LogTrace($"An error occurred in the WinCert GetCertificatesFromStore method:\n{ex.Message}");
+
                 throw new CertificateStoreException(
                     $"Error listing certificate in {storePath} store on {runSpace.ConnectionInfo.ComputerName}: {ex.Message}");
             }

IISU/ImplementedStoreTypes/Win/WinInventory.cs

@@ -23,12 +23,15 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert
 {
     internal class WinInventory : ClientPSCertStoreInventory
     {
+        private ILogger _logger;
         public WinInventory(ILogger logger) : base(logger)
         {
+            _logger = logger;
         }
 
         public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string storePath)
         {
+            _logger.LogTrace("Entering WinCert GetInventoryItems.");
             List<CurrentInventoryItem> inventoryItems = new List<CurrentInventoryItem>();
 
             foreach (Certificate cert in base.GetCertificatesFromStore(runSpace, storePath))
@@ -50,6 +53,7 @@ public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string st
                 });
             }
 
+            _logger.LogTrace($"Found {inventoryItems.Count} certificates.  Exiting WinCert GetInventoryItems.");
             return inventoryItems;
         }
     }

IISU/ImplementedStoreTypes/WinIIS/Inventory.cs

@@ -75,13 +75,13 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
                     WinIISInventory IISInventory = new WinIISInventory(_logger);
                     inventoryItems = IISInventory.GetInventoryItems(myRunspace, storePath);
 
-                    _logger.LogTrace($"A total of {inventoryItems.Count} were found");
+                    _logger.LogTrace($"A total of {inventoryItems.Count} bound certificate(s) were found");
                     _logger.LogTrace("Closing runspace...");
                     myRunspace.Close();
 
-                    _logger.LogTrace("Invoking Inventory..");
+                    _logger.LogTrace("Invoking submitInventory..");
                     submitInventory.Invoke(inventoryItems);
-                    _logger.LogTrace($"Inventory Invoked... {inventoryItems.Count} Items");
+                    _logger.LogTrace($"submitInventory Invoked... {inventoryItems.Count} Items");
 
                     return new JobResult
                     {

IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs

@@ -27,12 +27,15 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU
 {
     internal class WinIISInventory : ClientPSCertStoreInventory
     {
+        private ILogger _logger;
         public WinIISInventory(ILogger logger) : base(logger)
         {
+            _logger = logger;
         }
 
         public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string storePath)
         {
+            _logger.LogTrace("Entering IISU GetInventoryItems");
             // Get the raw certificate inventory from cert store
             List<Certificate> certificates = base.GetCertificatesFromStore(runSpace, storePath);
 
@@ -51,22 +54,36 @@ public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string st
                 }
                 else
                 {
-                    ps2.AddScript("Set-ExecutionPolicy RemoteSigned");
+                    ps2.AddScript("Set-ExecutionPolicy RemoteSigned -Scope Process -Force");
                     ps2.AddScript("Import-Module WebAdministration");
-                    //var result = ps.Invoke();
                 }
 
                 var searchScript = "Foreach($Site in get-website) { Foreach ($Bind in $Site.bindings.collection) {[pscustomobject]@{name=$Site.name;Protocol=$Bind.Protocol;Bindings=$Bind.BindingInformation;thumbprint=$Bind.certificateHash;sniFlg=$Bind.sslFlags}}}";
                 ps2.AddScript(searchScript);
-                var iisBindings = ps2.Invoke();  // Responsible for getting all bound certificates for each website
+
+                _logger.LogTrace($"Attempting to initiate the following script:\n{searchScript}");
+
+                var iisBindings = ps2.Invoke();
 
                 if (ps2.HadErrors)
                 {
-                    var psError = ps2.Streams.Error.ReadAll().Aggregate(String.Empty, (current, error) => current + error.ErrorDetails.Message);
+                    _logger.LogTrace("The previous script encountered errors.  See below for more info.");
+                    string psError = string.Empty;
+                    try
+                    {
+                        psError = ps2.Streams.Error.ReadAll().Aggregate(String.Empty, (current, error) => current + (error.ErrorDetails?.Message ?? error.Exception.ToString()));
+                    }
+                    catch
+                    {
+                    }
+
+                    if (psError != null) { throw new Exception(psError); }
+
                 }
 
                 if (iisBindings.Count == 0)
                 {
+                    _logger.LogTrace("No binding certificates were found.  Exiting IISU GetInventoryItems.");
                     return myBoundCerts;
                 }
 
@@ -123,6 +140,7 @@ public List<CurrentInventoryItem> GetInventoryItems(Runspace runSpace, string st
                 }
             }
 
+            _logger.LogTrace($"Found {myBoundCerts.Count} bound certificates.  Exiting IISU GetInventoryItems.");
             return myBoundCerts;
         }
     }

IISU/PSHelper.cs

@@ -50,7 +50,11 @@ public static Runspace GetClientPsRunspace(string winRmProtocol, string clientMa
 
             if (isLocal)
             {
-                return RunspaceFactory.CreateRunspace();
+                //return RunspaceFactory.CreateRunspace();
+                PowerShellProcessInstance instance = new PowerShellProcessInstance(new Version(5, 1), null, null, false);
+                Runspace rs = RunspaceFactory.CreateOutOfProcessRunspace(new TypeTable(Array.Empty<string>()), instance);
+
+                return rs;
             }
             else
             {

IISU/WindowsCertStore.csproj

@@ -31,7 +31,7 @@
   <ItemGroup>
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
-    <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.2.12" />
+    <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.2.19" />
 
   </ItemGroup>