xCertReq failed with error #42
Comments
PlagueHO
added
bug
|
Hi @svenvanrijen - thanks for reporting this. I actually ran across this issue last week on one my servers. So I was going to log this, but you beat me to it. Great work. Are you able to post your config for me (blank out any credentials or other sensitive info of course)? |
|
Hi Daniel, no problem: configuration Config
{
Import-DscResource -ModuleName xActiveDirectory, `
xNetworking, `
xPendingReboot, `
xDHCPServer, `
PSDesiredStateConfiguration, `
xComputerManagement, `
xAdcsDeployment, `
xCertificate
[pscredential]$domainCred = Get-AutomationPSCredential -Name 'Local domain admin'
Node $AllNodes.Where{$_.Role -eq "DSC HTTPS Pull Server"}.Nodename
{
LocalConfigurationManager
{
ActionAfterReboot = 'ContinueConfiguration'
ConfigurationMode = 'ApplyAndAutoCorrect'
RebootNodeIfNeeded = $true
}
xComputer JoinDomain
{
Name = $Node.NodeName
DomainName = $Node.DomainName
Credential = $domainCred
}
xCertReq SSLCert
{
CARootName = 'xxxxxxx-CA01-CA'
CAServerFQDN = "CA01.xxxxxx.xxx"
Subject = "xxxxxx.xxx"
Exportable = $true
CertificateTemplate = 'WebServer'
AutoRenew = $true
Credential = $domainCred
}
}
}
$ConfigData = @{
AllNodes = @(
@{
Nodename = "*"
DomainName = "xxxxx.xxx"
RetryCount = 20
RetryIntervalSec = 30
PsDscAllowPlainTextPassword = $true
}
@{
Nodename = "xxxx"
Role = "DSC HTTPS Pull Server"
DomainName = "xxxxxxx.xxx"
RetryCount = 20
RetryIntervalSec = 30
PsDscAllowPlainTextPassword = $true
PsDscAllowDomainUser = $true
}
)
} It's quite a large config, so I just cut and paste the bits for the node that matters. If you need any more info or details, please let me know... Kind regards, |
|
Hi! Anyway, I've got around it by changing my config to not use the $credential parameter and fixing an error in the xCertReq resource (https://github.com/PowerShell/xCertificate/pull/43/files). For now, my config runs smoothly, but the error mentioned above still exists. xCertReq SSLCert
{
CARootName = 'xxxxxxxxx-CA01-CA'
CAServerFQDN = 'xxxxx.xxxxx.xxxx'
Subject = 'dsc01.xxxxx.xxxx'
KeyLength = '1024'
Exportable = $true
ProviderName = '"Microsoft RSA SChannel Cryptographic Provider"'
OID = '1.3.6.1.5.5.7.3.1'
KeyUsage = '0xa0'
CertificateTemplate = 'WebServer'
AutoRenew = $true
} Kind regards, |
|
Hi @svenvanrijen - thanks for the additional info! I'm definitely trying to get to this one. It is right up high on my list. |
|
Hi |
|
Hi @rikhepworth and @svenvanrijen - this does look like the solution to the problem. However the But because there is very little automated integration tests for this resource, I want to be certain that we're not making a breaking change. I've tried to implement some integration test for this resource (https://github.com/PowerShell/xCertificate/blob/dev/Tests/Integration/MSFT_xCertReq.Integration.Tests.ps1), so I'm just going to run these through on my CA's with the changes @svenvanrijen has made. I'm just doing this now and I'll get back to you ASAP. Thanks again for your help and patience! |
|
@rikhepworth and @svenvanrijen - there is still some sort of issue going on when the $credential parameter is being passed. So even once @svenvanrijen has been merged I'll still keep this issue open till I can figure out what is causing this problem. |
|
Successfully created PR #52 |
|
Hi @svenvanrijen - are we able to make this one as closed now? |
|
Yes, we can! |
PlagueHO
removed
the
in progress
Please see error below:
PowerShell DSC resource MSFT_xCertReq failed to execute Set-TargetResource functionality with error message: The process 'C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe' with arguments '-Command "& C:\Windows\system32\certreq.exe @('-submit','-q','-config','CA01.xxxx.xxx\xxxxxx-CA01-CA','C:\Windows\TEMP\xCertReq-b6e74f80-5f35-46b2-a477-24098ca9b417.req','C:\Windows\TEMP\xCertReq-b6e74f80-5f35-46b2-a477-24098ca9b417.cer') | Set-Content -Path 'C:\Windows\TEMP\xCertReq-b6e74f80-5f35-46b2-a477-24098ca9b417.out'"' failed to start within the specified timeout.
Certificate is succesfully created but not put in to the right cert store, certificate stays in C:\Windows\Temp directory.
The text was updated successfully, but these errors were encountered: