Connect-CertificationAuthority Error



I am using PSPKI Version 3.1. When running the following command, I get an error.

Connect-CertificationAuthority -ComputerName <servername>.<domain1>.com


New-Object : Exception calling ".ctor" with "1" argument(s): "CCertConfig::GetField: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)"
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\pspki\Server\Connect-CertificationAuthority.ps1:13 char:4
New-Object PKI.CertificateServices.CertificateAuthority $CName
CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
We have two domains. There is two way trust connection in both the domains. The server is on Domain 1.

What I have observed so far is:
If I log in with Domain 1, it's working fine.
However, If I am logged in Domain 2, I am getting the above error.

I believe the reason of the error is, when I log in with Domain 2 by default my ADForest is of Domain 2.

I can't find a way to switch the ADForest to Domain 1. I can't find any switch with 'Connect-CertificationAuthority' similar to Get-ADUser that can specify which domain it should refer.

Any help with this would be appreciated.



Camelot wrote Mar 21, 2016 at 5:10 PM

Are these domains members of the same forest? Or they belong to different forests?

jescombe wrote Jun 21 at 10:04 AM

Hi, I can also recreate this issue on 3.2.6

I have only tried with CA's in different forests so far. The user account has permissions to manage the CA's in both forests, but with PSPKI I can only connect to the CA's in the same domain.

Let me know if there is anything I can do to assist with troubleshooting? Thanks in advance..