Connect-CertificationAuthority Error

Dec 15, 2015 at 8:39 PM
Hi,

I am using PSPKI Version 3.1. When running the following command, I get an error.

Command:
Connect-CertificationAuthority -ComputerName <servername>.<domain1>.com

Error:

New-Object : Exception calling ".ctor" with "1" argument(s): "CCertConfig::GetField: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)"
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\pspki\Server\Connect-CertificationAuthority.ps1:13 char:4
  • New-Object PKI.CertificateServices.CertificateAuthority $CName
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
    • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
We have two domains. There is two way trust connection in both the domains. The server is on Domain 1.

What I have observed so far is:
If I log in with Domain 1, it's working fine.
However, If I am logged in Domain 2, I am getting the above error.

I believe the reason of the error is, when I log in with Domain 2 by default my ADForest is of Domain 2.

I can't find a way to switch the ADForest to Domain 1. I can't find any switch with 'Connect-CertificationAuthority' similar to Get-ADUser that can specify which domain it should refer.

Any help with this would be appreciated.

Thanks!!
Coordinator
Dec 16, 2015 at 5:38 PM
Are these domains in different forests?
Dec 16, 2015 at 5:41 PM
Yes.
Coordinator
Dec 16, 2015 at 5:50 PM
Currently cross-forest ADCS management in PSPKI is not supported. And I'm not sure if there are practical use cases to support this.