Certify post request PS script. Error when called by Certify


My problem is I have made a script which starts a Exchange shell PSsession.
The scrips runs fine if I execute it line by line in PowerShell, or if I right click on it in explorer and run.
However, when it is called via certify after a new certificate is produced it fails.

Having just got into powershell I am not 100% that it is not an error in my script, however it seems odd that I can run it on its own and there are no errors. Yet when it is called by Certify there is an error.

Here is the section of the script causing the issues:

$password = Get-Content -Path 'c:\Certificate_Update\securepassword.txt'
$pw = ConvertTo-SecureString -String $password

$cred = New-Object System.Management.Automation.PSCredential ("Wookies-Domain\Administrator", $pw)
$uri = 'http://Exchange-Server/PowerShell/'
## Starts remote Exchange shell session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $uri -Authentication Kerberos -Credential $Cred

## Imports remote Exchange shell session to this Machine
Import-PSSession $Session

The error I get is:

ConvertTo-SecureString : The system cannot find the path specified.

At C:\Certificate_Update\Update_Old_Cert.ps1:40 char:7
+ $pw = ConvertTo-SecureString -String $password
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
    + FullyQualifiedErrorId :  ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

TerminatingError(New-Object): "Exception calling ".ctor" with "2" argument(s):
"Cannot process argument because the value of argument "password" is null.
Change the value of argument "password" to a non-null value.""

New-Object : Exception calling ".ctor" with "2" argument(s): "Cannot process
argument because the value of argument "password" is null. Change the value of
argument "password" to a non-null value."

It is saying $password is null, due to not being able to find the path for the text file with the encrypted standard string.
Can’t work out what I have done wrong. Is it maybe some permissions thing as the script is being run by certify?
Or maybe its just a simple newbe error in my script?
Just seems odd that I only get the error when the script is called by Certify.

Thanks for any help Dave


My script was calling an file with a encrypted standard string used as a password.
This was encrypted as Admin.
Certify runs as a service set to Local system. So when the script tried to access the password file it failed due to wrong privileges.
Setting the service to run as admin cured the problem.


Hi Dave,
Our scripting docs do now say that the background service runs as Local System, so hopefully others will see that.

The alternative would be to use psexec to run as local system when encrypting your file.

The current disadvantages of changing the sevice account user are:

  • updating the app will revert the service to local system, so you need to remember to set the account back.
  • weirdness can happen with private keys. Windows has a user specific store for private keys and this can affect whether IIS is able to access the key or not. Admin is ok, but obviously the password changes frequently :wink: