Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's English Pages


Comments: Script to fix it on all domain-joined servers

Engineering and troubleshooting by Directory Master!
MCM: Directory

Sorry comments are disable due to the constant load of spam



Script to fix it on all domain-joined servers


Peter Grungi


Thank you! We had this problem and didn't notice for about a month, so needless to say we had a lot of certificates to clean up across a lot of servers. Here's a script I put together based on your work that fixed the issue on all Windows servers in our AD domain, in case anyone else needs it. I filtered the certificates a little differently than you did in because I couldn't use the -Eku parameter on some of our older servers.

# Remove all archived certs in the LocalMachine store across domain servers where the subject is CN=servername...
$Servers = Get-ADComputer -Properties * -Filter {enabled -eq $true -and operatingsystem -like "*server*"}
$ServerNum = 1
    " 1/3 Removing archived certs from local machine store..."
    Invoke-Command -ComputerName $_.Name {gci -Recurse 'Cert:\LocalMachine\My' -force | where {$_.archived -eq $true} | where {$_.subject -like "CN=$($_.Name)*"} | Remove-Item -force }
    " 2/3 Stopping SessionEnv..."
    Invoke-Command -ComputerName $_.Name {sc.exe stop sessionenv}
    " 3/3 Restarting SessionEnv..."
    Invoke-Command -ComputerName $_.Name {sc.exe start sessionenv}


Created at 18/07/2015 01:03 by  
Last modified at 18/07/2015 01:03 by