PSSession Credential Timeout

Hello,

I have a script that is running and working. It monitors an inbox every min and then creates a folder structure. The issue I am seeing is the credentials timeout and stop the process until I run it again. Is there any way to initiate the script without it requiring a credential refresh? Code below, thanks for any help:

Set-ExecutionPolicy Unrestricted
$user = "emailaddress@domain.com"
$password = get-content c:\securestring.txt | convertto-securestring
$cred = New-Object -typename System.Management.Automation.PSCredential -ArgumentList $user,$password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
Import-PSSession $Session



for (;;) {

try {

Set-Location "S:\inetpub\path" 
Get-Messagetrace -Recipientaddress:emailaddress@domain.com  -Start(get-date).Addminutes(-5) -End (get-date) | where-object -Property subject -like "XTS*" | select -expand subject | Select @{ N = 'Company'; E = { ($_.Split(' '))[0] } }, @{ N = 'Account'; E = { ($_.Split(' '))[-3] } }, @{ N = 'Case'; E = { ($_.Split(' '))[-2] } },  @{ N = 'Ref'; E = { ($_.Split(' '))[-1] } } | export-csv c:\scripts\import.csv 
$Folders = Import-Csv c:\scripts\Import.csv
 
ForEach ($Folder in $Folders) { 

$account = $folder.account
$case = $folder.case 
$ref = " - " + $folder.ref

$path = "$account\$case" + "$ref" 
 
New-Item $path -itemtype directory 

     
   
} 
}
catch {

write-host "failed"

}

start-sleep 60

}

I’m not sure PowerShell’s a great use case for continual monitoring like that, but if it’s basically work for you… sure!

How are you determining that this is a “credential timeout?” And how long does it take before that becomes a problem?

Yes, it does work. Is there a concern monitoring something this way?

It seems every 12 to 24 hours. I allow the script to run and when I come back the next day it has stopped and is prompting me for creds. (Running in ISE)

Well, it’s just not what PowerShell was really designed for. It’s not a background service. If this is something I needed in production, I’d very probably write it in C# and compile it as a service to be installed on the Exchange machine, or on another machine somewhere.

And what you’re very probably running into is expiration. Credentials created in the way you have (and there’s no other way in this scenario) can’t auto-renew like an interactive logon ticket does. This isn’t something you can change; it’s in the design of the authentication system in Windows. Credentials don’t “time out” per se, they expire (I know that’s hair-splitting), so that a credential that is compromised won’t be valid forever.

And that’s the trick with services. They use an ordinary logon, and interact more directly with the authentication system, so their credentials don’t expire.

Now, I don’t -know- that it’s the credential that’s actually expiring - without knowing a lot more about your environment and checking some stuff, it’s hard to really pin something on a credential. It could also be that the Exchange server is miffed you’ve left a PSSession connected for so long, and it’s squashing the connection. Those sessions have a max life as well, and PSSessions weren’t really designed to be an always-connected kind of thing. There’s a memory and processor cost on the server to maintain these connections.

Ah, ok, thanks for the explanation. Don’t know much about C# so i might need to find another solution. I suppose i could just remove the start-sleep and the session and just have a task run it every 60 sec for now until i can find another solution.