PowerCLI / Connect-VIServer fills up CryptoRSASID directory

This post was originally published on this site

Hi all,

 

First of all a little context. We are using PowerShell scripts leveraging PowerCLI cmdlets for platform data collection. These scripts run on a scheduled basis anywhere between once every few minutes to once an hour. Lately we noticed that PowerCLI seems to be (responsible for) creating certain temporary files in %appdata%MicrosoftCryptoRSA<SID of user account> (named 2a19205cf6d24b217fe6e503a19edc77_8b23ac42-2529-472e-be1b-e2636e868b3a and the like) which are not cleaned up afterwards. As you can imagine, this adds up rather quickly to the point where we are at over 1 million ‘forgotten’ files in said directory on specific servers.

 

Environment:

  • Windows Server 2016
  • PowerShell 5.1.14393.3866 (x64)
  • PowerCLI version 12.0.0.15947286
  • All tested vCenters are at 6.7 level.

 

I did some digging and it appears that:

  • One file is created for every succesfully made connection to a vCenter server.
  • The Connect-VIServer cmdlet triggers this directly, regardless of method of authentication (Windows authentication, explicit credentials, PSCredential).
  • Failed connection attempts (ie invalid credentials) do not create a temporary file so it looks like it is only happening after/during a session is established.
  • These temporary files are created regardless of user account, other than a different location of course. Tested with both personal account and LocalSystem account using Task Scheduler and PSExec.
  • Occurs from both ‘raw’ PowerShell and ISE.
  • When connecting directly to an individual host this does not occur.

 

According to a blog post I found at https://snede.net/the-most-dangerous-constructor-in-net/ this appears to be related to X509Certificate2 .NET class, which apparently is not disposed of properly after use.

 

For now our course of action would be scheduling a forfiles task to clean up after PowerCLI on a regular basis but this should not be necessary. Does anyone else experience this issue as well or is this isolated to our environment?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.