vcert icon indicating copy to clipboard operation
vcert copied to clipboard
verified publisher icon Venafi

Fail to provision to CAPI store on machine w/o admin permissions

Open tall27 opened this issue 5 months ago • 1 comments

PROBLEM SUMMARY

using CAPI format on windows machine w/o admin fails even to a user personal store. the frailer reproduce PS1 code instead of providing a meaningful error.

STEPS TO REPRODUCE

use vcert run with following code on win machine w/o Admin permissions:

EXPECTED RESULTS

meaningful error : Install denied - no permission

ACTUAL RESULTS

PS C:\Users\tkushnirsky\OneDrive - CyberArk Ltd\_DriveC\VCert Labs\vaas playbooks> C:\Users\tkushnirsky\Downloads\vcert.exe  run -f .\6days.yaml -force-renew --debug
2025-07-11T09:38:26.276-0500    INFO    vcert/playbook.go:103   running playbook file   {"file": ".\\6days.yaml"}
2025-07-11T09:38:26.277-0500    DEBUG   vcert/playbook.go:104   debug is enabled
2025-07-11T09:38:26.277-0500    DEBUG   parser/reader.go:90     reading from local file system
2025-07-11T09:38:26.278-0500    INFO    parser/reader.go:59     playbook successfully parsed
2025-07-11T09:38:26.278-0500    INFO    vcert/playbook.go:133   using Venafi Platform   {"platform": "VAAS"}
2025-07-11T09:38:26.278-0500    INFO    vcert/playbook.go:146   running playbook task   {"task": "myCertificate"}
2025-07-11T09:38:26.278-0500    INFO    service/service.go:114  Flag [force-renew] is set. All certificates will be requested/renewed regardless of status
2025-07-11T09:38:26.278-0500    INFO    service/service.go:60   certificate needs action        {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:26.278-0500    INFO    service/service.go:65   csr option is 'service'. Generating random password for certificate request
2025-07-11T09:38:27.006-0500    DEBUG   vcertutil/vcertutil.go:57       successfully read zone config   {"zone": "Internal Certs\\Default"}
2025-07-11T09:38:27.007-0500    DEBUG   vcertutil/vcertutil.go:63       successfully updated Request with zone config values
vCert: 2025/07/11 09:38:27 Getting CIT
vCert: 2025/07/11 09:38:27 Building policy
2025-07-11T09:38:30.125-0500    DEBUG   vcertutil/vcertutil.go:74       successfully requested certificate      {"requestID": "b540d1b0-5e64-11f0-bce5-a14acfab7ca5"}
2025-07-11T09:38:30.764-0500    DEBUG   vcertutil/vcertutil.go:84       successfully retrieved certificate      {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:30.764-0500    INFO    service/service.go:74   successfully enrolled certificate       {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:30.766-0500    DEBUG   installer/crypto.go:124 successfully decrypted Private Key
2025-07-11T09:38:30.766-0500    INFO    service/service.go:91   successfully prepared certificate for installation
2025-07-11T09:38:30.766-0500    INFO    service/service.go:141  running Installer       {"installer": "CAPI", "location": "CurrentUser\\MY"}
2025-07-11T09:38:30.766-0500    DEBUG   installer/capi.go:110   installing certificate  {"location": "CurrentUser\\MY"}
2025-07-11T09:38:34.987-0500    ERROR   capistore/powershell.go:185     failed to run script file       {"stderr": "Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.runScript
        /vcert/pkg/playbook/util/capistore/powershell.go:185
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.executeScript
        /vcert/pkg/playbook/util/capistore/powershell.go:156
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
        /vcert/pkg/playbook/util/capistore/powershell.go:91
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
        /vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
        /vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
        /vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.988-0500    ERROR   capistore/powershell.go:159     failed to run script function   {"functionName": "install-cert", "stdout": "", "error": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.executeScript
        /vcert/pkg/playbook/util/capistore/powershell.go:159
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
        /vcert/pkg/playbook/util/capistore/powershell.go:91
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
        /vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
        /vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
        /vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.989-0500    ERROR   capistore/powershell.go:94      failed to install certificate into CAPI {"stdout": "", "error": "failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\""}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
        /vcert/pkg/playbook/util/capistore/powershell.go:94
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
        /vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
        /vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
        /vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.991-0500    ERROR   installer/capi.go:155   failed to install certificate in CAPI store     {"error": "failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\"\nfailed to install certificate into CAPI, stdout: ''"}
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
        /vcert/pkg/playbook/app/installer/capi.go:155
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
        /vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
        /vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.991-0500    ERROR   service/service.go:160  error installing certificate    {"location": "CurrentUser\\MY", "error": "failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\"\nfailed to install certificate into CAPI, stdout: ''"}
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
        /vcert/pkg/playbook/app/service/service.go:160
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
        /vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272
        /usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.992-0500    ERROR   vcert/playbook.go:151   error running task      {"task": "myCertificate", "error": "error installing certificate at location CurrentUser\\MY: failed to install c2025-07-11T09:38:34.992-0500    ERROR   vcert/playbook.go:151   error running task      {"task": "myCertificate", "error": "error installing certificate at location CurrentUser\\MY: failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\vertificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+         $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+         $capi.Open(\"ReadWrite\")\r\n+         ~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+         $capi.Add($cert)\r\n+         ~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+         $capi.Close()\r\n+         ~~~~~~~~~~~~~\r\n    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException\r\n    + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ...             throw \"Failed to install chain certificate on target syst ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n    + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
main.doRunPlaybook
        /vcert/cmd/vcert/playbook.go:151
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:274
github.com/urfave/cli/v2.(*Command).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:332
github.com/urfave/cli/v2.(*App).Run
        /go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:309
main.main
        /vcert/cmd/vcert/main.go:163
runtime.main
        /usr/local/go/src/runtime/proc.go:272

ENVIRONMENT DETAILS

latest vcert , windows 11 local user no admin rights. COMMENTS/WORKAROUNDS

tall27 avatar Jul 11 '25 14:07 tall27