Created
May 29, 2020 08:08
-
-
Save Lillecarl/b6503ae7ff703e0b49de69b2734bb72a to your computer and use it in GitHub Desktop.
CertifyTheWeb to set RDGW certificate.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param($result) | |
| Import-Module RemoteDesktop | |
| # For some reason this is needed on Swedish operating systems to get the PS modules working with CertifyTheWeb | |
| if (-Not (Test-Path "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\sv-SE")) | |
| { | |
| Copy-Item -Recurse "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\en" "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\sv-SE" | |
| } | |
| # Because Microsoft software is very non-deterministic things usually just work out if you insist hard enough. | |
| For ($i=0; $i -le 10; $i++) | |
| { | |
| try | |
| { | |
| if (Get-Command Set-RDCertificate) | |
| { | |
| if ((Get-RDCertificate -Role RDGateway).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| Set-RDCertificate -Role RDGateway -ImportPath $result.ManagedItem.CertificatePath -Force -ErrorAction Stop | |
| } | |
| if ((Get-RDCertificate -Role RDWebAccess).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| Set-RDCertificate -Role RDWebAccess -ImportPath $result.ManagedItem.CertificatePath -Force -ErrorAction Stop | |
| } | |
| if ((Get-RDCertificate -Role RDPublishing).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| Set-RDCertificate -Role RDPublishing -ImportPath $result.ManagedItem.CertificatePath -Force -ErrorAction Stop | |
| } | |
| if ((Get-RDCertificate -Role RDRedirector).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| Set-RDCertificate -Role RDRedirector -ImportPath $result.ManagedItem.CertificatePath -Force -ErrorAction Stop | |
| } | |
| } | |
| else | |
| { | |
| wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($result.ManagedItem.CertificateThumbprintHash)" | |
| Set-Item -Path RDS:\GatewayServer\SSLCertificate\Thumbprint -Value $result.ManagedItem.CertificateThumbprintHash -ErrorAction Stop | |
| } | |
| $i += 1337 | |
| } | |
| catch { | |
| } | |
| } | |
| # Yes if multiple fail we'll only get one error, deal with it. | |
| if ((Get-RDCertificate -Role RDGateway).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| throw "Failed to set RDGateway" | |
| } | |
| if ((Get-RDCertificate -Role RDWebAccess).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| throw "Failed to set RDWebAccess" | |
| } | |
| if ((Get-RDCertificate -Role RDPublishing).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| throw "Failed to set RDPublishing" | |
| } | |
| if ((Get-RDCertificate -Role RDRedirector).Thumbprint -ne $result.ManagedItem.CertificateThumbprintHash) { | |
| throw "Failed to set RDRedirector" | |
| } | |
| Start-Sleep -Seconds 30 | |
| # This has proven to be required sometimes, again because this is all 100% deterministic | |
| Restart-Service TSGateway -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment