Hi all,

First of all a little context. We are using PowerShell scripts leveraging PowerCLI cmdlets for platform data collection. These scripts run on a scheduled basis anywhere between once every few minutes to once an hour. Lately we noticed that PowerCLI seems to be (responsible for) creating certain temporary files in %appdata%MicrosoftCryptoRSA<SID of user account> (named 2a19205cf6d24b217fe6e503a19edc77_8b23ac42-2529-472e-be1b-e2636e868b3a and the like) which are not cleaned up afterwards. As you can imagine, this adds up rather quickly to the point where we are at over 1 million ‘forgotten’ files in said directory on specific servers.

Environment:

• Windows Server 2016
• PowerShell 5.1.14393.3866 (x64)
• PowerCLI version 12.0.0.15947286
• All tested vCenters are at 6.7 level.

I did some digging and it appears that:

• One file is created for every succesfully made connection to a vCenter server.
• The Connect-VIServer cmdlet triggers this directly, regardless of method of authentication (Windows authentication, explicit credentials, PSCredential).
• Failed connection attempts (ie invalid credentials) do not create a temporary file so it looks like it is only happening after/during a session is established.
• These temporary files are created regardless of user account, other than a different location of course. Tested with both personal account and LocalSystem account using Task Scheduler and PSExec.
• Occurs from both ‘raw’ PowerShell and ISE.
• When connecting directly to an individual host this does not occur.

According to a blog post I found at https://snede.net/the-most-dangerous-constructor-in-net/ this appears to be related to X509Certificate2 .NET class, which apparently is not disposed of properly after use.

For now our course of action would be scheduling a forfiles task to clean up after PowerCLI on a regular basis but this should not be necessary. Does anyone else experience this issue as well or is this isolated to our environment?