Locksmith icon indicating copy to clipboard operation
Locksmith copied to clipboard

Published 20 hours ago verified publisher icon TrimarcJake

Unable to scan Forest with child domains

Open rebelinux opened this issue 9 months ago • 0 comments

I have the following Ca servers in my environment:

Image

When i try to scan the forest "pharmax.local" the script can't find the "acade-dc-01v.acad.pharmax.local" server

Displayed error

PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith> 
[acade-dc-01v] Connecting to remote server acade-dc-01v failed with the following error message : The WinRM client cannot process the request because the server name cannot be 
resolved. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (acade-dc-01v:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : ComputerNotFound,PSSessionStateBroken
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith>

Looking into the code i found the "Set-AdditionalCAProperty" cmdlet use the variable "$CAHostname" wich split the server name from the FQDN. Because of this the "Invoke-Command -ComputerName " can't resolve the hostname. I changed the code to use the "$CAHostFQDN" variable and the problem get resolved.

Troubleshooting

PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith> $CAHostName
acade-dc-01v
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith> $CAHostFQDN 
acade-dc-01v.acad.pharmax.local
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith> Invoke-Command -ComputerName $CAHostname -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName 
-getreg CA\AuditFilter }
[acade-dc-01v] Connecting to remote server acade-dc-01v failed with the following error message : The WinRM client cannot process the request because the server name cannot be 
resolved. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (acade-dc-01v:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : ComputerNotFound,PSSessionStateBroken
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith> Invoke-Command -ComputerName $CAHostFQDN -Credential $Credential -ScriptBlock { certutil -config $using:CAFullName 
-getreg CA\AuditFilter }
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\acad-ACADE-DC-01V-CA\AuditFilter:

  AuditFilter REG_DWORD = 7f (127)
CertUtil: -getreg command completed successfully.
PS C:\Users\jocolon\Documents\WindowsPowerShell\Modules\Locksmith>

rebelinux avatar Feb 24 '25 03:02 rebelinux