Cannot convert value "ca.example.com" to type "PKI.CertificateServices.CertificateAuthority"

Apr 2, 2016 at 11:16 PM
PS PKI 3.1.0

I managed to get some code working beautifully on my Windows 7 SP1 workstation, but it throws an error when I try to run it locally on my Windows Server 2012 R2 standalone root certificate authority. I think I've narrowed it down to the one line below. I'm so close...so close!

It throws an error on server ca.example.com: Windows Server 2012 R2 (domain-joined standalone root CA)
Import-Module PsPKI
$CertificateRequestResponse = Submit-CertificateRequest -CertificationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certificates\CertReq.csr"
Submit-CertificateRequest : Cannot process argument transformation on parameter 'CertificationAuthority'. Cannot convert value "ca.example.com" to type 
"PKI.CertificateServices.CertificateAuthority". Error: "There is no such object on the server.
"
At line:2 char:81
+ ... ationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certi ...
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Submit-CertificateRequest], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Submit-CertificateRequest

$CertificateRequestResponse
It works fine on workstation wx.example.com: Windows 7 SP1 (domain-joined workstation with RSAT)
Import-Module PsPKI
$CertificateRequestResponse = Submit-CertificateRequest -CertificationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certificates\CertReq.csr"
$CertificateRequestResponse


CertificationAuthority : PKI.CertificateServices.CertificateAuthority
RequestID              : 22
Status                 : UnderSubmission
Certificate            : 
ErrorInformation       : Taken Under Submission
Coordinator
Apr 4, 2016 at 9:52 AM
can you post $PSVersionTable contents from failing and working machines?

What does say Connect-CA command without parameters when you run it on CA server itself?
Apr 4, 2016 at 1:41 PM
Edited Apr 4, 2016 at 1:41 PM
Camelot wrote:
can you post $PSVersionTable contents from failing and working machines?

What does say Connect-CA command without parameters when you run it on CA server itself?
Thanks for taking this on, Camelot! I really appreciate it!

Windows Server 2012 R2 (Failing)
Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.

PS > Import-Module PsPKI
PS > $PSVersionTable

Name                           Value
----                           -----
PSVersion                      4.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.34209
BuildVersion                   6.3.9600.17400
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion      2.2


PS > Connect-CertificationAuthority
New-Object : Exception calling ".ctor" with "1" argument(s): "There is no such object on the server.
"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PsPKI\Server\Connect-CertificationAuthority.ps1:13 char:4
+             New-Object PKI.CertificateServices.CertificateAuthority $CName
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

PS > Connect-CertificationAuthority -ComputerName ca.example.com
New-Object : Exception calling ".ctor" with "1" argument(s): "There is no such object on the server.
"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PsPKI\Server\Connect-CertificationAuthority.ps1:13 char:4
+             New-Object PKI.CertificateServices.CertificateAuthority $CName
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

PS >
Windows 7 SP1 (Working)
Windows PowerShell
Copyright (C) 2012 Microsoft Corporation. All rights reserved.

PS > Import-Module PsPKI
PS > $PSVersionTable

Name                           Value
----                           -----
PSVersion                      3.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.18444
BuildVersion                   6.2.9200.16481
PSCompatibleVersions           {1.0, 2.0, 3.0}
PSRemotingProtocolVersion      2.2


PS > Connect-CertificationAuthority
New-Object : Exception calling ".ctor" with "1" argument(s): "The system cannot find the file specified"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PsPKI\Server\Connect-CertificationAuthority.ps1:13 char:4
+             New-Object PKI.CertificateServices.CertificateAuthority $CName
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

PS > Connect-CertificationAuthority -ComputerName ca.example.com

DisplayName                              ComputerName   IsAccessible ServiceStatus Type
-----------                              ------------   ------------ ------------- ----
ORG                                      ca.example.com True         Running       Standalone Root CA


PS >
Coordinator
Apr 4, 2016 at 4:04 PM
thanks for information. I will investigate this issue. I will copy this thread to issue tracker and will post updated information there.
Coordinator
Apr 4, 2016 at 4:04 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Coordinator
Apr 4, 2016 at 7:52 PM
I just tried to repro the issue and was unsuccessful. I joined to domain Windows Server 2012 R2 machine and installed Standalone Root CA role. Connect-CA command works as expected.

Can you, please, provide a stacktrace on the error? Run the Connect-CA command and immediately call: $error[0].Exception.InnerException.StackTrace. Post here trace information.
Apr 4, 2016 at 8:03 PM
Connect-CA
$error[0].Exception.InnerException.StackTrace

New-Object : Exception calling ".ctor" with "1" argument(s): "There is no such object on the server.
"
At C:\windows\system32\windowspowershell\v1.0\Modules\PSPKI\Server\Connect-CertificationAuthority.ps1:13 char:4
+             New-Object PKI.CertificateServices.CertificateAuthority $CName
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
 
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at PKI.CertificateServices.CertificateAuthority.get_ds()
   at PKI.CertificateServices.CertificateAuthority..ctor(String computerName)
Coordinator
Apr 4, 2016 at 8:18 PM
I got it and found what is wrong here. It is the problem with ICertConfig interface. I will look what I can do with this.
Coordinator
Apr 4, 2016 at 8:42 PM
Please, download an updated DLL from the issue page and let me know if it works for you now: https://pspki.codeplex.com/workitem/93