Follow

Info: Venafi Version Checkup

Summary:

Sometimes when doing an upgrade with an incorrect user or permissions, one or more of the DLL's and Executable files may be on the old version.

This can cause a variety of issues, to search for these types of errors you can use the function below to generate a report of these files.

It will also list all of the files that are not signed by the appropriate certificate and save them by default in the "C:\VedVersionReport.txt"

More Info:

The script will generally return results that can then be checked to ensure that the DLL's and EXE's returned the same version as the registry. If they do not they will show up in the report.

```

function VersionCheckup(){
param(
[string]$OutFile="C:\VedVersionReport.txt"
)
if(Test-Path $OutFile){
"" > $OutFile
}
$Directories=@("C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.Core",
"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.Core.Bootstrap",
"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.MSBuild.AssemblyInfo",
"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.Permissions",
"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.ProductLogic.Ssh",
"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Venafi.RTF",
'C:\Program Files\Venafi')
$VedReg="HKLM:\SOFTWARE\Venafi"
$ThumbPrints=@('B44994C905B4D411D1FB4F202E15857141200CCF')
$RegVersion=Get-ChildItem -Recurse $VedReg | % { $_.GetValue("Version") -replace "\.0",""}
$FileVersion=Get-ChildItem -Recurse $Directories -File | Where-Object {$_.Extension -match "(.dll|.exe)" -and ($_.FullName -notmatch "C:\\Program Files\\Venafi\\Utilities\\" -and $_.FullName -notmatch "C:\\Program Files\\Venafi\\SDK")}
$FileList=@()
$SigMismatch=@()
foreach($File in $FileVersion){
$DllThumbprint=(Get-AuthenticodeSignature $File.FullName).SignerCertificate
if($ThumbPrint -match $DllThumbprint){
$FileList+=$File | select -ExpandProperty VersionInfo -Property FullName
} else {
$SigMismatch+=@{"Signature"=$DllThumbprint.Thumbprint;
"File"=$File.FullName}
}
}
foreach($V in $FileList){
$FVersion=$V.FileVersion -split "\."
$FV=$FVersion[0]+"."+$FVersion[1]+"."+$FVersion[2]
if($FV -notmatch $RegVersion){
$V >> $OutFile
}
}
$SigMismatch >> $OutFile
}

```

Here is an example of the commands to use with this

```

VersionCheckup -OutFile C:\DirectoryHere

```

And an example of output is attached. The returned values can be checked and evaluated to determine quickly if there are any files that should be on the same version but are not.

False positives should be looked at to see if it is a Venafi DLL or if it is a third party, the versions will rarely match here.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk