Script to fix issues of Event ID 4107 and Event ID 11 (PowerShell)

Introduction

This sample can help the enterprise administrator to bulk fix the issue “Event ID 4107 or Event ID 11 is logged in the Application log in Windows and in Windows Server “ on all the client computers which have these issues in the enterprise’s  domain.

Scenario

Event ID 4107 and Event ID 11 error occurs because the Microsoft Certificate Trust List Publisher certificate expired. A copy of the CTL with an expired signing certificate exists in the CryptnetUrlCache folder. To bulk resolve these issues, you can use this script to list all the expired certificates in the specific computer and remove all the files in the CryptnetUrlCache folder.

Script

This script contains the following advanced functions:
You can use this script in the following ways:
Method 1:

     1. Download the script and copy it to your computer.
     2. Open the script file by using Notepad or any other script editors.
     3. Scroll down to the end of the script file, and then add the code to call the functions.
     4. Save the file and then run the script on the computer.

Method 2:
  1. Rename scriptname.ps1 to scriptname.psm1 (PowerShell Module file)
  2. Run the Import-Module cmdlet to import this module file in PowerShell Console.
    Import-Module filepath\scriptname.psm1
Notes:
To run script:You need to prepare a CSV file with the first column named “ComputerName” and list the client computers which need fix issues, in the following format:
You must make sure that all the client computers allow remote desktop connection.
  1. Open the powershell Console and run as administrator.
  2. Run the “Enable-PSRemoting”  command on all the client computers.

Examples

Example 1: Bulk fix issues of Event ID 4107 and Event ID 11 for a batch of computers provided by the .csv file.
Command:  Repair-OSCBulkFixIssuesOfEventID4107AndEventID11
–Path “D:\ remote.csv”  –UserId  “domain\userId”
Screenshot:
 
Example 2:Display help about Repair-OSCBulkFixIssuesOfEventID4107AndEventID11
Command:  Get-Help Repair-OSCBulkFixIssuesOfEventID4107AndEventID11
Screenshot:
Example 3: Fix issues of Event ID 4107
and Event ID 11 for a specified computer.
Command:  Repair-OSCFixIssuesOfEventID4107AndEventID11
–ComputerName
“computername”
–UserId  “domain\userId”
Screenshot:
 
Example 4: Display help about Repair-OSCFixIssuesOfEventID4107AndEventID11
Command:  Get-Help Repair-OSCFixIssuesOfEventID4107AndEventID11
Screenshot:
Example 5: List all the expired certificates on a specified computer.
Command:  Show-OSCExpiredCertificateForComputer
–ComputerName
“computername”
–UserId  “domain\userId”
Screenshot:
Example 6: Display help about Show-OSCExpiredCertificateForComputer
Command:  Get-Help Show-OSCExpiredCertificateForComputer
Screenshot:
Example 7: List all the expired certificates on the specified computers provided by the .csv file.
Command:  Show-OSCExpiredCertificateForComputers –Path “D:\ remote.csv”  –UserId  “domain\userId”
Screenshot:
Example 8:Display help about Show-OSCExpiredCertificateForComputers
Command:  Get-Help Show-OSCExpiredCertificateForComputers
Screenshot:
 
Here are some code snippets for your references. To get the complete script sample, please click the download button at the beginning of this page.
Function: Get-OSCExpiredCertificate
PowerShell
Edit|Remove
$OSCStore = New-Object Security.Cryptography.X509Certificates.X509Store $StoreName,$StoreLocation$OSCExpiredCerts = @() 
  
# Get the certificates from the specific storeIf($OSCStore-ne $null){ 
    Try{ 
        $OSCStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly) 
         
        $OSCCertificates = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection           
        $OSCCertificates = $OSCStore.Certificates 
         
        $OSCCurrentDateTime = Get-Date$OSCCertificates|Foreach-Object { 
            If($_.NotAfter -lt $OSCCurrentDateTime){ 
                $OSCExpiredCerts+$_ 
            } 
        } 
         
        return$OSCExpiredCerts 
    } 
    Catch{ 
        Write-Error$($_.Exception.Message) 
        return$null 
    } 
    Finally{ 
        $OSCStore.Close() 
    }
Function: Repair-OSCBulkFixIssuesOfEventID4107AndEventID11
PowerShell
Edit|Remove
$Credential = Get-Credential-Credential $UserId$LocalMachineName = $Env:COMPUTERNAME 
     
#Bulk fix the issueImport-Csv-Path $Path|ForEach-Object{ 
    If($LocalMachineName-eq $_.ComputerName){ 
        $ExecutionContext.InvokeCommand.InvokeScript($scriptblock) 
        Write-Host (-join($_.ComputerName, " has been fixed! ")) 
    }Else{ 
        Invoke-Command -ComputerName $_.ComputerName -Credential $Credential-ScriptBlock $scriptblock-ArgumentList $_.ComputerName 
        Write-Host (-join($_.ComputerName, " has been fixed! ")) 
    }

Prerequisites

Windows PowerShell 2.0
 

Additional Resources

Technical Resource:
Microsoft Knowledge Base
http://support.microsoft.com/kb/2328240