AllowCSPInteraction not triggering

Jun 21, 2012 at 11:45 PM

First of all - great script - this is making my life significantly more happy!

I'm trying to install using the following command (using PSPKI v1.8) :

Install-CertificationAuthority -CAName "RootCA" -CADNSuffix "OU=Test,C=US" -CAType "Standalone Root" -CSP "RSA#nCipher Security World Key Storage Provider" -KeyLength 2048 -HashAlgorithm SHA256 -ValidForYears 10 -DBDirectory "C:\CA\CertDB" -LogDirectory "C:\CA\CertLog" -AllowCSPInteraction

CAPolicy.inf is pretty basic (thanks to your script) - pretty much just defining the critical values & legal notice.  OS is 2008 R2 Enterprise SP1 with current patches.

The nCipher middleware is installed & Operator Card Set is created.  If I do this using the standard GUI everything works fine.  If I just use the default MS CSP then everything works fine with the script.

I get an error similar to the following (copied from a note - might not be exactly verbatim):

"Exception call Installl with '0' argument(s)

CCertSrvSetup::Install Provider could not perform action since context was acquired as silent.

0x80090022"

This seems to be an issue with the CSP, so I found the -AllowCSPInteraction switch and that did not help.  Basically, it should prompt for the user to enter their operator card & enter the pin via the secure Desktop0 (I didn't think until now to check to see if restarting UI0Detect would help any, but I doubt it) - however Desktop 0 never appears, nor does any kind of prompt for a card.  I tried adding "Silent=FALSE" in the capolicy.inf under the certsrv_server section and that did not help.  I tried taking a quick look through the code, but I'm not really seeing where it comes into play like -force does.

Am I missing something?  Thanks in advance!

Coordinator
Jun 22, 2012 at 4:08 PM
Edited Jun 22, 2012 at 4:09 PM

This release: http://pspki.codeplex.com/releases/view/89299 has updated Install-CertificationAuthority command with fixed AllowCSPInteraction parameter handling.

I've reviewed the code and found that the parameter -AllowCSPInteration is added, but is never used (not handled) by the code. I've added the parameter handling and it now should work.

Jun 22, 2012 at 7:44 PM

Thanks for the super fast response!

I had a minor issue installing with the 1.8.1 update, but was able to find the issue due to the error message.

On line 122:

{$CASetup.SetCAProperty(0x2,$true)}

Should be:

{$CASetup.SetCASetupProperty(0x2,$true)}

Once I did that and tested it worked perfectly!

Coordinator
Jun 22, 2012 at 9:06 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.