PSPKI
PSPKI copied to clipboard
CrossForest PKI Connect-CertificationAuthority doesn't show displayname
Whenever I use Connect-CertificationAuthority -ComputerName {FQDN}
to a CA in a different forest I receive an output without the displayname:
DisplayName ComputerName IsAccessible ServiceStatus Type
----------- ------------ ------------ ------------- ----
FQDN.example.com True Running Enterprise Subordinate CA
Appearently the displayname is necessary for other commands to function properly because when I use this command output with another command I receive this error:
PS C:\windows\system32> Connect-CertificationAuthority -ComputerName {FQDN} | Get-PendingRequest
Get-AdcsDatabaseRow : Exception calling "GetDbReader" with "1" argument(s): "CCertView::OpenConnection: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)"
At C:\Program Files\WindowsPowerShell\Modules\pspki\3.7.2\Server\Get-PendingRequest.ps1:23 char:13
+ Get-AdcsDatabaseRow `
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-AdcsDatabaseRow
I have not synced the CA objects with the forest where this management server is stationed and I'm not willing to do that because of security- and operational reasons.
In this issue I read this should be possible without syncing the objects: https://github.com/PKISolutions/PSPKI/issues/26
Is there anyway to do this? I really want to use PSPKI on a management server in a different forest without having to sync the CA objects to this forest.
Can you show all properties from CA object? E.g. Connect-CertificationAuthority -ComputerName {FQDN} | format-list *
. And confirm what version of PSPKI you are using.
This is the output I get. I only changed the real FQDN with {FQDN} the rest is the same with the blank output:
PS C:\windows\system32> Connect-CertificationAuthority -ComputerName {FQDN} | format-list *
Name :
DisplayName :
ComputerName : {FQDN}
ConfigString : {FQDN}
DistinguishedName :
Type : Enterprise Subordinate CA
IsEnterprise : True
IsRoot : False
OperatingSystem : Microsoft Windows Server 2019 Standard
IsAccessible : True
RegistryOnline : True
ServiceStatus : Running
SetupStatus : ServerInstall, SecurityUpgraded, ServerIsUptoDate
Certificate : System.Security.Cryptography.X509Certificates.X509Certificate2
BaseCRL :
DeltaCRL :
EnrollmentServiceURI :
EnrollmentEndpoints : {}
I use latest PSPKI v3.7.2 from https://www.powershellgallery.com/packages/PSPKI/3.7.2