Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CrossForest PKI Connect-CertificationAuthority doesn't show displayname #177

Open
DanTheMan-NL opened this issue Aug 18, 2022 · 2 comments
Open

CrossForest PKI Connect-CertificationAuthority doesn't show displayname #177

DanTheMan-NL opened this issue Aug 18, 2022 · 2 comments
Labels
Research Requires additional research or specification clarification

Comments

@DanTheMan-NL
Copy link

DanTheMan-NL commented Aug 18, 2022
edited

Whenever I use Connect-CertificationAuthority -ComputerName {FQDN} to a CA in a different forest I receive an output without the displayname:

DisplayName                              ComputerName              IsAccessible ServiceStatus Type
-----------                              ------------              ------------ ------------- ----
                                         FQDN.example.com     True         Running       Enterprise Subordinate CA

Appearently the displayname is necessary for other commands to function properly because when I use this command output with another command I receive this error:

PS C:\windows\system32> Connect-CertificationAuthority -ComputerName {FQDN} | Get-PendingRequest
Get-AdcsDatabaseRow : Exception calling "GetDbReader" with "1" argument(s): "CCertView::OpenConnection: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)"
At C:\Program Files\WindowsPowerShell\Modules\pspki\3.7.2\Server\Get-PendingRequest.ps1:23 char:13
+             Get-AdcsDatabaseRow `
+             ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-AdcsDatabaseRow

I have not synced the CA objects with the forest where this management server is stationed and I'm not willing to do that because of security- and operational reasons.

In this issue I read this should be possible without syncing the objects: #26

Is there anyway to do this? I really want to use PSPKI on a management server in a different forest without having to sync the CA objects to this forest.
@Crypt32
Copy link
Collaborator

Crypt32 commented Aug 18, 2022

Can you show all properties from CA object? E.g. Connect-CertificationAuthority -ComputerName {FQDN} | format-list *. And confirm what version of PSPKI you are using.

@DanTheMan-NL
Copy link
Author

DanTheMan-NL commented Aug 19, 2022
edited

This is the output I get. I only changed the real FQDN with {FQDN} the rest is the same with the blank output:

PS C:\windows\system32> Connect-CertificationAuthority -ComputerName {FQDN} | format-list *

Name :
DisplayName :
ComputerName : {FQDN}
ConfigString : {FQDN}
DistinguishedName :
Type : Enterprise Subordinate CA
IsEnterprise : True
IsRoot : False
OperatingSystem : Microsoft Windows Server 2019 Standard
IsAccessible : True
RegistryOnline : True
ServiceStatus : Running
SetupStatus : ServerInstall, SecurityUpgraded, ServerIsUptoDate
Certificate : System.Security.Cryptography.X509Certificates.X509Certificate2
BaseCRL :
DeltaCRL :
EnrollmentServiceURI :
EnrollmentEndpoints : {}

I use latest PSPKI v3.7.2 from https://www.powershellgallery.com/packages/PSPKI/3.7.2

@Crypt32 Crypt32 added the Research Requires additional research or specification clarification label Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Research Requires additional research or specification clarification
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Crypt32 @DanTheMan-NL