Showing posts with label Azure. Show all posts
Showing posts with label Azure. Show all posts

Wednesday, February 12, 2025

In , by // February 12, 2025 // Leave a Comment

Solved- How to find certificates in IIS that are expiring within the next 30 days

 

To find certificates in IIS that are expiring within the next 30 days, you can use PowerShell to automate the process. Run the following command in an elevated PowerShell window.

 

This script retrieves all certificates stored in the Local Machine's "My" store and filters those expiring within the next 30 days. It displays the certificate subject and expiration date, helping administrators take proactive renewal actions. Regularly running this check can prevent service disruptions due to expired SSL certificates.

 

 

function Get-IISSiteCertificates {
    $iisSites = Get-WebSite
    $assignedCerts = @()

    foreach ($site in $iisSites) {
        $bindings = Get-WebBinding -Name $site.Name
        foreach ($binding in $bindings) {
            if ($binding.Protocol -eq "https") {
                $certThumbprint = $binding.CertificateThumbprint
                $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
                if ($cert) {
                    $assignedCerts += [PSCustomObject]@{
                        SiteName        = $site.Name
                        CertificateName = $cert.FriendlyName
                        ExpirationDate  = $cert.NotAfter
                        CertificateThumbprint = $cert.Thumbprint
                    }
                }
            }
        }
    }

    $assignedCerts | Format-Table
}

# Example usage:
Get-IISSiteCertificates 


OR

You can also try below script

 

function Get-IISSiteCertificates {
    $httpsBindings = Get-WebBinding | Where-Object {$_.Protocol -eq "https"}
    
    foreach ($binding in $httpsBindings) {
        $siteName = (Get-WebSite -Name $binding.Name).Name
        $certThumbprint = $binding.CertificateThumbprint
        
        Write-Host "Certificate for site: $siteName"
        Write-Host "Certificate Thumbprint: $certThumbprint"
        
        $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
        if ($cert) {
            Write-Host "Certificate Name: $($cert.FriendlyName)"
            Write-Host "Expiration Date: $($cert.NotAfter)"
        }
        
        Write-Host "----------------------------------------"
    }
}

# Example usage:
Get-IISSiteCertificates

 


Read More

Wednesday, October 11, 2023

In , , , by // October 11, 2023 // 6 comments

Step by Step Guide How to find the user Account Lockout Source Computer and Application

 In Today's post, I will discuss an easy way to find the source Computer and Application for your Account lockouts. Many End Users save their password somewhere in the Services, Applications, and Batch file and forget to update it after password changes. This is not a good practice to keep passwords in applications, scheduled tasks, and Windows services. It is always recommended to use GMSA accounts for Windows services or to use a dedicated service account for Windows services.


There are many reasons behind your Account Lockouts.


1. Services using your old login credentials
2. Applications using old login credentials
3. Network drives Mapped using expired Windows login credentials
4. Windows Scheduled Tasks using expired login password.

1. How to find source Computer Name from Domain Controller Security Events.

 
When the Administrator configures the domain controller, they configure the Account lockout threshold, which helps to lock the user account in case anyone tries to use/hack your account. This is very helpful to secure your login account and company Infrastructure. The account Threshold can be set to specify the number of times a user can attempt to log in using the wrong credentials before it locks out. Whenever your account gets locked out, it generates Event ID 4740. To find out the source of the Account lockout, login to the domain controller. Open Event Viewer-> Security Events     

                                                                                  

                                                    

The on Right side Pane click on Filter Current Logs-> In All Event ID's type 4740 and click on OK to search for Event ID 4740.

 

  

 

A user account was locked out.

Subject:
    Security ID:        SYSTEM
    Account Name:        MY-AD$
    Account Domain:        AzureHowTos
    Logon ID:        0x007

Account That Was Locked Out:
    Security ID:        AzureHowTos\Azure
    Account Name:        Azure

Additional Information:
    Caller Computer Name:    PC-01 

As you can see above my user account is locked out and the source is PC-01. So I need to check PC-01 and what's is going on there.

2. How to Find the Application which is locking out my user Account.

Its easy to find the source computer, but event ID 4740 does not show the application which is locking out your computer account. There is one easy way to find the Application which is locking out your computer.

1. Login to the end users computer and Open PowerShell ISE as an Administrator.

2. Copy and Paste below script in it and run. Note - Replace Computer-Name with source/your computer name.

$filter = @{LogName = "Security"; Id = 4625; StartTime = (Get-Date).AddDays(-5)}

$lockouts = Get-WinEvent -ComputerName PC-01 -FilterHashTable $filter -MaxEvents 1 -ErrorAction 0

$lockouts| Select @{Name = "LockedUserName"; Expression = {$_.Properties[5].Value}}, `
@{Name = "LogonType"; Expression = {$_.Properties[10].Value}}, `
@{Name = "LogonProcessName"; Expression = {$_.Properties[11].Value}}, `
@{Name = "ProcessName"; Expression = {$_.Properties[18].Value}}


3. Here you can see that my user account locked out by Windows Service. This will help you to narrow down the issue and find the source application which is locking out your user account.


Read More

© 2023 Azure How to Guides