PSSession Credential Timeout

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of phatpuckz phatpuckz 10 months, 4 weeks ago.

  • Author
    Posts
  • #33947
    Profile photo of phatpuckz
    phatpuckz
    Participant

    Hello,

    I have a script that is running and working. It monitors an inbox every min and then creates a folder structure. The issue I am seeing is the credentials timeout and stop the process until I run it again. Is there any way to initiate the script without it requiring a credential refresh? Code below, thanks for any help:

    Set-ExecutionPolicy Unrestricted
    $user = "emailaddress@domain.com"
    $password = get-content c:\securestring.txt | convertto-securestring
    $cred = New-Object -typename System.Management.Automation.PSCredential -ArgumentList $user,$password
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
    Import-PSSession $Session
    
    
    
    for (;;) {
    
    try {
    
    Set-Location "S:\inetpub\path" 
    Get-Messagetrace -Recipientaddress:emailaddress@domain.com  -Start(get-date).Addminutes(-5) -End (get-date) | where-object -Property subject -like "XTS*" | select -expand subject | Select @{ N = 'Company'; E = { ($_.Split(' '))[0] } }, @{ N = 'Account'; E = { ($_.Split(' '))[-3] } }, @{ N = 'Case'; E = { ($_.Split(' '))[-2] } },  @{ N = 'Ref'; E = { ($_.Split(' '))[-1] } } | export-csv c:\scripts\import.csv 
    $Folders = Import-Csv c:\scripts\Import.csv
     
    ForEach ($Folder in $Folders) { 
    
    $account = $folder.account
    $case = $folder.case 
    $ref = " - " + $folder.ref
    
    $path = "$account\$case" + "$ref" 
     
    New-Item $path -itemtype directory 
    
         
       
    } 
    }
    catch {
    
    write-host "failed"
    
    }
    
    start-sleep 60
    
    }
    
  • #33948
    Profile photo of Don Jones
    Don Jones
    Keymaster

    I'm not sure PowerShell's a great use case for continual monitoring like that, but if it's basically work for you... sure!

    How are you determining that this is a "credential timeout?" And how long does it take before that becomes a problem?

  • #33949
    Profile photo of phatpuckz
    phatpuckz
    Participant

    Yes, it does work. Is there a concern monitoring something this way?

    It seems every 12 to 24 hours. I allow the script to run and when I come back the next day it has stopped and is prompting me for creds. (Running in ISE)

  • #33950
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, it's just not what PowerShell was really designed for. It's not a background service. If this is something I needed in production, I'd very probably write it in C# and compile it as a service to be installed on the Exchange machine, or on another machine somewhere.

    And what you're very probably running into is expiration. Credentials created in the way you have (and there's no other way in this scenario) can't auto-renew like an interactive logon ticket does. This isn't something you can change; it's in the design of the authentication system in Windows. Credentials don't "time out" per se, they expire (I know that's hair-splitting), so that a credential that is compromised won't be valid forever.

    And that's the trick with services. They use an ordinary logon, and interact more directly with the authentication system, so their credentials don't expire.

    Now, I don't -know- that it's the credential that's actually expiring – without knowing a lot more about your environment and checking some stuff, it's hard to really pin something on a credential. It could also be that the Exchange server is miffed you've left a PSSession connected for so long, and it's squashing the connection. Those sessions have a max life as well, and PSSessions weren't really designed to be an always-connected kind of thing. There's a memory and processor cost on the server to maintain these connections.

  • #33952
    Profile photo of phatpuckz
    phatpuckz
    Participant

    Ah, ok, thanks for the explanation. Don't know much about C# so i might need to find another solution. I suppose i could just remove the start-sleep and the session and just have a task run it every 60 sec for now until i can find another solution.

You must be logged in to reply to this topic.