Back in August 2014 I’ve published a script that y0avb and I wrote for retrieving Lync Servers Certificate information and creating HTML based report that can be sent via email.
One of the main feedback we got is to add the EDGE Servers information to the script as well so users can get a full picture of the assigned certificates in their environment.
We’ve did some research and tests a couple of alternatives and we finally were able to pull the EDGE certificates information using PSRemoting.
Prerequisites:
In order to retrieve the Certificates information from the EDGE servers we need to use PSRemoting and Windows Remote Management for access.
This requires two major modifications:
1) On the Front End servers – Enabling TrustedHosts configurations:
Set-Item WSMan:localhostClientTrustedHosts -Value “*” -Force
2) On the EDGE servers – Enabling HTTP Compatibility Listener for Remote access:
Set-Item WSMan:localhostServiceEnableCompatibilityHttpListener -Value True
Once enabled, you need to make sure port 80 is enabled from the computer where the script run to the EDGE internal IP.
Another options is to open the default PSRemoting Port as well (5895) and make sure to change the Parameter in the script ($PSRemoteConnectionPort).
To view existing listeners, you can use the following command:
winrm enumerate winrm/config/listener
Download:
Script Usage:
1) Retrieving all Lync Front End Pools Certificates information
.LyncCertReport-v0.47.ps1
2) Retrieving all Lync Front End Pool Certificates information in addition to the EDGE Servers and OWAS Servers
.LyncCertReport-v0.47.ps1 -EdgeCertificates -OWASCertificates
3) Retrieving all Lync Front End Pool Certificates information in addition to the EDGE Servers
.LyncCertReport-v0.47.ps1 -EdgeCertificates
4) Retrieving all Lync Front End Pool Certificates information in addition to the OWAS Servers
.LyncCertReport-v0.47.ps1 -OWASCertificates
5) Retrieving a spesific Front End Pool Certificates information
.LyncCertReport-v0.47.ps1 -FEPool
Please provide any feedback if you have any (@GuyBachar & @y0avb)
Pingback: Skype for Business and Lync Servers certificate report | y0av. With a zero.
Cross-comment from Yoav blog:
Would it be impossible to include at least some rudimentary info about the certificates of TLS-based PSTNgateways?
Hey,
I’m not sure if there is a PowerShell API for the PSTNgateway which will allow us to pull that information.
I’ll try to search for .NET options for pulling certificate information based on ports.
Guy
Yes I can imagine if its a non-Windows OS, connection and data gathering may be incredibly difficult… we are talking about MS anyway.
Are you familiar with the Remote UC troubleshooter (RUCT) from insidelync.com? That one has a great certificate checker component, the only problem it cannot be automatized as its a GUI tool instead of PS.
Hi,
Is it possible to schedule this run with system account and send it with mail to specific mail address?. Did check that script contained mail functions but did not see settings to define smtp address. And edge certificate check did not have possibles to enter password in advance.
Hey Mikael,
The last lines in the script contains email function which you can edit – just remove the # sign and put the right attributes.
### Configuring Email Parameters
#sendEmail [email protected] [email protected] “Services State Report – $Date” SMTP_SERVER $ServicesFileName
As for the EDGE, did you provided with the EDGE parameter, meanining -EdgeCertificates?
Great work – FYI the onedrive link is down, technet link still fine
Hi ..The script is awesome to explore and work with!!! We are running powershell 2.0 on the Lync 2010 edge server(DMZ). Is there away to get the edge certificate from domain machine?
Cheers!
Priya