Get-CertificationAuthority doesn't work in remote session

Oct 9, 2015 at 10:58 AM
Hi.

Fresh install of Windows 2012 R2 (domain joined) and PSPKI v3.1.0.

When I'm logged in locally I can run Get-CertificationAuthority and see my three CAs. If I instead do an Enter-PSSession from my workstation to the server and do the same thing I get no result at all. No error message either. Same result if I add -ComputerName, I just don't get anything back.

Connect-CertificationAuthority throws an error: "Specified Certification Authority is unavailable." Obviously, if I do the same thing locally it works.

Any ideas?

Thanks,

Fredrik
Coordinator
Oct 9, 2015 at 5:12 PM
This issue is caused due to credential delegation. By default, when you authenticate to remote server (via Enter-PSSession), these credentials can be used only on that server. Server is not allowed to authenticate you anywhere else, while Get-CertificationAuthority cmdlet does some remote requests to LDAP and CA server. You have either, to use CredSSP or enable this server trusted for delegation.

As aside note: the server part of the module is not designed to run in remoting session, instead each command in server cmdlets has parameters to work with remote CAs.
Marked as answer by frtnbach on 10/10/2015 at 1:10 AM
Oct 10, 2015 at 8:09 AM
That explains that. Thanks!