PSPKI icon indicating copy to clipboard operation
PSPKI copied to clipboard

Published 20 hours ago verified publisher icon PKISolutions

Revoke-Certificate - Throwing exception Cannot find an appropriate constructor

Open PsCustomObject opened this issue 1 year ago • 5 comments

Hello,

I've tried to find something but could not find anything close to what I'm experiencing when trying to use the Revoke-Certificate cmdlet the following exception is being thrown:

New-Object : A constructor was not found. Cannot find an appropriate constructor for type 
SysadminsLV.PKI.Utils.ServiceOperationResult.
At C:\Program Files\WindowsPowerShell\Modules\PSPKI\4.2.0\Server\Revoke-Certificate.ps1:52 char:13
+             New-Object SysadminsLV.PKI.Utils.ServiceOperationResult $ ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [New-Object], PSArgumentException
    + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand

As it is stated in the exception message module version in use is 4.2.0, I did not have the time to properly debug the whole thing but exception is being thrown at line 49 of the Revoke-Certificate function where code reads:

            $CertAdmin.RevokeCertificate($Request.ConfigString,$Request.SerialNumber,$Reasons[$Reason],$RevocationDate.ToUniversalTime())
            New-Object SysadminsLV.PKI.Utils.ServiceOperationResult 0,
                "Successfully revoked certificate with ID=$($Request.RequestID) and reason: '$Reason'"
        } catch {
            New-Object SysadminsLV.PKI.Utils.ServiceOperationResult $($_.Exception.InnerException.InnerException.HResult)
        }

I will try to find some time to further troubleshoot this but if someone experienced this issue or has any pointer I would really appreciate it.

PsCustomObject avatar Mar 11 '24 10:03 PsCustomObject

Adding to my own report I've tried running the same script using module version 3.7.2 and it woks as intended.

I have an interim fix and that is perfect but still I would like to troubleshoot this in 4.2.0 at least to isolate what is causing it.

PsCustomObject avatar Mar 11 '24 10:03 PsCustomObject

You can try this script if you like: https://github.com/hmiller10/PowerShell-Tidbits/blob/main/PKI/OperationsScripts/Revoke-APkiCertificate.ps1

hmiller10 avatar Mar 12 '24 03:03 hmiller10

Thanks but the logic to revoke cert is already in place it is just the cmdlet throwing the exception I've reported, I've now been able to fix the issue so I?m kind of set but still would like to go to the bottom of this to understamd

PsCustomObject avatar Mar 13 '24 18:03 PsCustomObject

I've tried to repro the issue by attempting to generate both, successful and unsuccessful responses and it works fine for me in 4.2.0:

PS C:\> $req = connect-ca | get-issuedrequest -RequestID 1006744
PS C:\> $req | Revoke-Certificate

HResult      StatusMessage
-------      -------------
-2147023174  The RPC server is unavailable.


PS C:\> $req | Revoke-Certificate

HResult      StatusMessage
-------      -------------
0            Successfully revoked certificate with ID=1006744 and reason: 'Unspecified'


PS C:\>

Crypt32 avatar May 13 '24 08:05 Crypt32

I faced the same issue and found that when I ran the script on the certification authority without adminrights it will show this error. When running the script with adminrights, everything runs fine.

That totally makes sense, the resulting error is just quite confusing.

chrizzlibaer avatar Jul 01 '24 12:07 chrizzlibaer