Exception calling "ResubmitRequest" with "2" argument(s)

May 17, 2016 at 7:55 PM
PS PKI 3.2.5

This code snippet throws an error when running it locally on a Windows Server 2012 R2 domain-joined standalone root certificate authority. The same code works on Windows 7 SP1 domain-joined workstation with RSAT.

Request 49's status is "taken under submission" and is waiting for approval before running this snippet.
Import-Module PsPKI
Import-Module ActiveDirectory

$Script:CA = "ca.example.com"

Function Handle-Error {
    Param (
        [PSObject]$Error
    )
    Process {
        $Error[0].Exception.InnerException.Message
        $Error[0].Exception.InnerException.StackTrace
    }
}

Write-Host "# Approve pending CSR: Get-PendingRequest"
Try {
    $CertificateRequest = Get-PendingRequest -CertificationAuthority $Script:CA -RequestID 49
    $CertificateRequest
} Catch {
    Handle-Error -Error $Error[0]
}

Write-Host "# Approve pending CSR: Approve-CertificateRequest"
Try {
    $ApprovalResponse = Approve-CertificateRequest -Request $CertificateRequest
    $ApprovalResponse
} Catch {
    Handle-Error -Error $Error[0]
}
Output for Windows Server 2012 R2 domain-joined standalone root certificate authority
# Approve pending CSR: Get-PendingRequest


RequestID             : 49
Request.RequesterName : EXAMPLE\user
Request.SubmittedWhen : 5/17/2016 7:29:48 PM
Request.CommonName    : Test User
CertificateTemplate   : 
RowId                 : 49
ConfigString          : ca.example.com\CA
Table                 : Request

# Approve pending CSR: Approve-CertificateRequest
WARNING: Unable to issue request with ID = '49'
Exception calling "ResubmitRequest" with "2" argument(s): "CCertAdmin::ResubmitRequest: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PsPKI\Server\Approve-CertificateRequest.ps1:16 char:5
+                 $DM = $CertAdmin.ResubmitRequest($Request.ConfigString,$Request.RequestID)
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ComMethodTargetInvocation
Output for Windows 7 SP1 domain-joined workstation with RSAT
# Approve pending CSR: Get-PendingRequest


RequestID             : 49
Request.RequesterName : EXAMPLE\user
Request.SubmittedWhen : 05/17/2016 07:29:48 PM
Request.CommonName    : Test User
CertificateTemplate   : 
RowId                 : 49
ConfigString          : ca.example.com\CA
Table                 : Request

# Approve pending CSR: Approve-CertificateRequest
The certificate '49' was issued.'