Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CertReq: Error occurs in Provider Name with spaces used without Quotes #185

Closed
PlagueHO opened this issue Mar 9, 2019 · 0 comments · Fixed by #201
Closed

CertReq: Error occurs in Provider Name with spaces used without Quotes #185

PlagueHO opened this issue Mar 9, 2019 · 0 comments · Fixed by #201

Comments

@PlagueHO
Copy link
Member

@PlagueHO PlagueHO commented Mar 9, 2019

Details of the scenario you tried and the problem that is occurring

When specifying a ProviderName parameter and quotes are not included within the string an error occurs.

E.g.

ProviderName = 'Microsoft RSA SChannel Cryptographic Provider'

Will result in:

Certificate Request Processor: Invalid provider specified. 0x80090013 (-2146893805 NTE_BAD_PROVIDER)
VERBOSE: [CERT01]: LCM: [ End Set ] [[CertReq]PullCert] in 0.3440 seconds.
PowerShell DSC resource MSFT_CertReq failed to execute Set-TargetResource functionality with error message:
System.InvalidOperationException: Certificate Request file
'C:\Windows\TEMP\xCertReq-cdeb7584-e181-423c-a08d-fded9f0b686c.req' not found.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost

However, this is OK:

ProviderName = '"Microsoft RSA SChannel Cryptographic Provider"'

Verbose logs showing the problem

VERBOSE: [CERT01]: LCM: [ Start Resource ] [[CertReq]PullCert]
VERBOSE: [CERT01]: LCM: [ Start Test ] [[CertReq]PullCert]
VERBOSE: [CERT01]: [[CertReq]PullCert] Starting to locate CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] Using the following container to look for CA
candidates: 'LDAP://CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=jeremysbrain,DC=org'
VERBOSE: [CERT01]: [[CertReq]PullCert] Starting to ping CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] certutil exited with code 0 and the following output:
Connecting to Cert01\jeremysbrain-CERT01-CA ...
Server "jeremysbrain-CERT01-CA" ICertRequest2 interface is alive (0ms)
CertUtil: -ping command completed successfully.
VERBOSE: [CERT01]: [[CertReq]PullCert] Certificate authority 'Cert01jeremysbrain-CERT01-CA'
is online.
VERBOSE: [CERT01]: [[CertReq]PullCert] Found certificate authority
'Cert01jeremysbrain-CERT01-CA'.
VERBOSE: [CERT01]: [[CertReq]PullCert] Test-TargetResource: Testing Certificate with Subject
'CN=Pull01, , OU=IT, O=JeremysBrain, L=Chino, S=CA, C=US' issued by Cert01\jeremysbrain-CERT01-CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] Test-TargetResource: No valid certificate found with
subject 'CN=Pull01, , OU=IT, O=JeremysBrain, L=Chino, S=CA, C=US' issued by Cert01\jeremysbrain-CERT01-CA.
VERBOSE: [CERT01]: LCM: [ End Test ] [[CertReq]PullCert] in 0.3900 seconds.
VERBOSE: [CERT01]: LCM: [ Start Set ] [[CertReq]PullCert]
VERBOSE: [CERT01]: [[CertReq]PullCert] Starting to locate CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] Using the following container to look for CA
candidates: 'LDAP://CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=jeremysbrain,DC=org'
VERBOSE: [CERT01]: [[CertReq]PullCert] Starting to ping CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] certutil exited with code 0 and the following output:
Connecting to Cert01\jeremysbrain-CERT01-CA ...
Server "jeremysbrain-CERT01-CA" ICertRequest2 interface is alive (15ms)
CertUtil: -ping command completed successfully.
VERBOSE: [CERT01]: [[CertReq]PullCert] Certificate authority 'Cert01jeremysbrain-CERT01-CA'
is online.
VERBOSE: [CERT01]: [[CertReq]PullCert] Found certificate authority
'Cert01jeremysbrain-CERT01-CA'.
VERBOSE: [CERT01]: [[CertReq]PullCert] Set-TargetResource: Starting Certificate request with
Subject 'CN=Pull01, , OU=IT, O=JeremysBrain, L=Chino, S=CA, C=US' issued by Cert01\jeremysbrain-CERT01-CA.
VERBOSE: [CERT01]: [[CertReq]PullCert] Set-TargetResource: Creating certificate request
'C:\Windows\TEMP\xCertReq-cdeb7584-e181-423c-a08d-fded9f0b686c.req' from
'C:\Windows\TEMP\xCertReq-cdeb7584-e181-423c-a08d-fded9f0b686c.inf'.
VERBOSE: [CERT01]: [[CertReq]PullCert] Set-TargetResource: Create certificate request
result: Active Directory Enrollment Policy
{53B155A9-742B-4F44-A0D2-FC26F0362879}
ldap:
Certificate Request Processor: Invalid provider specified. 0x80090013 (-2146893805 NTE_BAD_PROVIDER)
VERBOSE: [CERT01]: LCM: [ End Set ] [[CertReq]PullCert] in 0.3440 seconds.
PowerShell DSC resource MSFT_CertReq failed to execute Set-TargetResource functionality with error message:
System.InvalidOperationException: Certificate Request file
'C:\Windows\TEMP\xCertReq-cdeb7584-e181-423c-a08d-fded9f0b686c.req' not found.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost

VERBOSE: [CERT01]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 5.758 seconds

Suggested solution to the issue

Automatically include the quotes around the ProviderName string in the CertReq.ini file if they weren't included.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

CertReq PullCert {
Credential = $CredDomain
Subject = 'CN=Pull01, , OU=IT, O=JeremysBrain, L=Chino, S=CA, C=US'
KeyLength = 2048
CAServerFQDN = 'Pull01.jeremysbrain.org'
ProviderName = 'Microsoft RSA SChannel Cryptographic Provider'
AutoRenew = $true
Exportable = $true
FriendlyName = 'PullServerCert'
KeyUsage = '0xa0'
RequestType = 'PKCS10'
KeyType = 'RSA'
CertificateTemplate = 'WebServer'
DependsOn = '[AdcsWebEnrollment]InstallWebEnrollment'
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

1 participant