PSPKIAudit icon indicating copy to clipboard operation
PSPKIAudit copied to clipboard

Published 20 hours ago verified publisher icon GhostPack

ExtendedTypeSystemException, "Unknown error (0x80005000)"

Open ghost opened this issue 3 years ago • 7 comments

Hello!

First of all, many thanks for your hard work!

I am getting this wierd error when running Invoke-PKIAudit:

=== Certificate Authority ===
ComputerName            : ca.contoso.com
CAName                  : CA One
ConfigString            : ca.contoso.com\CA One
IsRoot                  : False
AllowsUserSuppliedSans  :
VulnerableACL           : False
EnrollmentPrincipals    :
EnrollmentEndpoints     :
NTLMEnrollmentEndpoints :
DACL                    :
Misconfigurations       :

ExtendedTypeSystemException: C:\Users\trespassing-potato\Dokument\gitlab\research\PSPKIAudit\PSPKI\3.7.2\Server\Get-CertificateTemplate.ps1:19
Line |
  19 |      $ldap.psbase.children | ForEach-Object {
     |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | The following exception occurred while trying to enumerate the collection: "Unknown error (0x80005000)".


[*] No vulnerable certificate templates found for this CA.

Also getting some warnings:

WARNING: Error enumerating ACL information for CA 'ca.contoso.com\CA One' : Exception calling "GetSecurityDescriptor" with "0" argument(s): "Specified Certification Authority 'CA One' is unavailable."

ghost avatar Aug 06 '21 07:08 ghost

I tried to evaluate the "offending code" in my shell and there I'm not getting the error:

> $Domain = ([ADSI]"LDAP://RootDSE").ConfigurationNamingContext
> $PkiConfigContext = "CN=Public Key Services,CN=Services,$Domain"
> ([ADSI]"LDAP://CN=Certificate Templates,$pkiConfigContext").psbase.children | measure

Count             : 132

trespassing-potato avatar Aug 06 '21 07:08 trespassing-potato

Hmm, going to ping @Crypt32 since he's the maintainer of PSPKI and might have some insights here.

We call Get-CertificateTemplate here: https://github.com/GhostPack/PSPKIAudit/blob/0bd5f26e182892f8e407449170dbfbe4555d5a3e/Code/Invoke-PKIAudit.ps1#L395

In the version of PSPKI we're using, the error originates from here: https://github.com/GhostPack/PSPKIAudit/blob/0bd5f26e182892f8e407449170dbfbe4555d5a3e/PSPKI/3.7.2/Server/Get-CertificateTemplate.ps1#L18-L25

leechristensen avatar Aug 17 '21 20:08 leechristensen

I cloned the repo today and am also seeing this error. I can reproduce the error manually with:

$ldap = [ADSI]"LDAP://CN=Certificate Templates,$PkiConfigContext" $ldap

image

bill-e-ghote avatar May 27 '22 17:05 bill-e-ghote

Are you running these commands on domain-joined machines?

Crypt32 avatar Jul 27 '22 14:07 Crypt32

My apologies for the delayed response. I've missed the notifications from Github.

Yes, these were run on a domain-joined machine.

bill-e-ghote avatar Aug 15 '22 20:08 bill-e-ghote

Can you confirm if your LDAP URL is resolved properly? I mean, it looks like this:

LDAP://CN=Certificate Templates, CN=Public Key Services, CN=Services, CN=Configuration, {ForestNamingContext}

that {ForestNamingContext} is a sequence of DC=XYZ attributes.

Crypt32 avatar Aug 16 '22 07:08 Crypt32