First of all a little context. We are using PowerShell scripts leveraging PowerCLI cmdlets for platform data collection. These scripts run on a scheduled basis anywhere between once every few minutes to once an hour. Lately we noticed that PowerCLI seems to be (responsible for) creating certain temporary files in %appdata%MicrosoftCryptoRSA<SID of user account> (named 2a19205cf6d24b217fe6e503a19edc77_8b23ac42-2529-472e-be1b-e2636e868b3a and the like) which are not cleaned up afterwards. As you can imagine, this adds up rather quickly to the point where we are at over 1 million ‘forgotten’ files in said directory on specific servers.
- Windows Server 2016
- PowerShell 5.1.14393.3866 (x64)
- PowerCLI version 22.214.171.12447286
- All tested vCenters are at 6.7 level.
I did some digging and it appears that:
- One file is created for every succesfully made connection to a vCenter server.
- The Connect-VIServer cmdlet triggers this directly, regardless of method of authentication (Windows authentication, explicit credentials, PSCredential).
- Failed connection attempts (ie invalid credentials) do not create a temporary file so it looks like it is only happening after/during a session is established.
- These temporary files are created regardless of user account, other than a different location of course. Tested with both personal account and LocalSystem account using Task Scheduler and PSExec.
- Occurs from both ‘raw’ PowerShell and ISE.
- When connecting directly to an individual host this does not occur.
According to a blog post I found at https://snede.net/the-most-dangerous-constructor-in-net/ this appears to be related to X509Certificate2 .NET class, which apparently is not disposed of properly after use.
For now our course of action would be scheduling a forfiles task to clean up after PowerCLI on a regular basis but this should not be necessary. Does anyone else experience this issue as well or is this isolated to our environment?