0
I don't expect an answer, but I'm hoping for a direction.
Sometimes, PowerShell ISE seems to just act, well, weird. The weirdness seems to come out of nowhere. I haven't found a way to reproduce the behavior.
Three days ago, I was writing code that operated on the CERT:\ drive, and Intellisense showed me the parameters for the filesystem provider (-File and -Directory) instead of the certificate provider (-ExpiringInDays).
Today, this code raised an exception.
Invoke-Command -ComputerName OneServer -Credential $admin `
-ScriptBlock {Get-ChildItem -Path CERT:\ -Recurse -ExpiringInDays 366}
The system cannot open the device or file specified
+ CategoryInfo : NotSpecified: (:) [Get-ChildItem], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.GetChildItemCommand
+ PSComputerName : oneserver
Running this snippet of it on my local machine in the same PowerShell session raised the same exception.
Get-ChildItem -Path CERT:\ -Recurse -ExpiringInDays 366
Same exception for CERT:, CERT:\, and CERT:\*.
If I went one directory deeper, using -Path CERT:\LocalMachine, it ran without raising an exception, but it returned certificates that expire several years (more than 366 days) from now.
I switched to a different PowerShell session, pasted in both those snippets, and both ran fine. The variable $admin is set correctly in both sessions. To me, this seems to point at something going wrong in the execution environment. But just above, Invoke-Command and a local command raised the same error. I don't understand that.
The PowerShell event logs (under Microsoft/Windows/PowerShell/Operational) don't show an error for that exception, but they do show an "Access is denied" error related to Invoke-Command.
WSMan reported an error with error code: 5. Error message: Connecting to remote server oneserver failed with the following error message : Access is denied.
I think this is related to the execution environment. Running identical code in a different PowerShell session worked fine.
Other things that might be relevant
- I shutdown, logout, or restart only when Windows forces me to.
- I usually have more than one PowerShell ISE window open. They might stay open for days. During that time, they appear to work fine. (But, would I really know?)
- Sometimes, code with no variables will fail or produce strange output in one window, but will work as expected in another. I don't always notice that the output is strange. (PowerShell tells me that no certificates will expire before 2020. Is that right, or is it strange? I don't always know.)
- Weird IntelliSense behavior (above).
- Pester unit tests run against all my production code every time I open the ISE. Once in a great while, a bunch of them will fail. If I run them again manually, they succeed. Open a new ISE window, and they succeed.
How do I isolate this kind of problem?
PS > $PSVersionTable
Name Value
---- -----
PSVersion 5.1.15063.413
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.15063.413
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.
Remote servers are similar: automated jobs run Invoke-Command scripts against all our production servers every day without error. Probably. Maybe.
Mike Sherrill 'Cat Recall'
Posted 2017-07-31T18:32:04.803
Reputation: 136
What are the results when running Powershell as an administrator? Are your client and the remote machine in the same domain? Thinking of a possible Kerberos double hop issue. – root – 2017-07-31T18:42:57.670
@root: I usually don't run PowerShell as administrator, so I don't have an answer. Client and all servers are in the same domain. Good thought about a double-hop issue, but that's not happening here. Very similar code runs against all our servers every day without error. (I guess.) – Mike Sherrill 'Cat Recall' – 2017-07-31T18:51:58.553
Start with
chkdskandsfc /scannowand if no results continue to reinstalling PowerShell. – harrymc – 2017-07-31T19:16:28.860Beginning in Windows PowerShell 3.0, the
Microsoft.PowerShell.Securitymodule that contains theCert:drive is not imported automatically into every session. To use theCert:drive, use theImport-Modulecmdlet to import the module, or run a command that uses theCert:drive, such as a "Set-Location Cert:" command. – JosefZ – 2017-08-02T07:43:55.867@JosefZ: Thanks for that reminder. But "gci -Path Cert:" failed at one point, and "gci -Path Cert:\LocalMachine" returned certificates. It returned too many certificates, but still returned certificates. – Mike Sherrill 'Cat Recall' – 2017-08-02T11:04:46.920
@harrymc: No errors apart from some "duplicate owners for directory...". I ended yesterday at work with a full backup, in preparation for reinstalling PowerShell. – Mike Sherrill 'Cat Recall' – 2017-08-02T11:08:08.600
I suggest to first fix all disk errors. – harrymc – 2017-08-02T11:13:30.880