You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For DSC MOF encryption and WinRM HTTPS all of my servers end up with 2 certificates. Unfortunately the method in which get xcertreg uses to determine if the cert already exists is simply the subject name and the CA's name. So when you have two certs with the same name but each has a different ability and unique friendly name the DSC gets very confused and keeps re-issuing certs. The common issue is here:
The certificate with subject 'CN=%hostnme%' issued by '%internal CA%' with thumbprint $Thumbprint has the wrong template $templatename.
We need to add something to the check routine beyond just the subject and the CA.
The text was updated successfully, but these errors were encountered:
I have the same issue with a RDP Certificate enrolled by Group Policy. It's issued by the same CA but by a different template. If I delete the RDP Certificate it works fine up until group policy is ran again and installs another certificate.
Can we not add the ability to filter by the FriendlyName property as that can be easily made unique?
For DSC MOF encryption and WinRM HTTPS all of my servers end up with 2 certificates. Unfortunately the method in which get xcertreg uses to determine if the cert already exists is simply the subject name and the CA's name. So when you have two certs with the same name but each has a different ability and unique friendly name the DSC gets very confused and keeps re-issuing certs. The common issue is here:
The certificate with subject 'CN=%hostnme%' issued by '%internal CA%' with thumbprint $Thumbprint has the wrong template $templatename.
We need to add something to the check routine beyond just the subject and the CA.
The text was updated successfully, but these errors were encountered: