Closed acarnie closed 3 months ago
@acarnie is the system you are running the cmdlet from joined to the Active Directory domain of the Certificate Authority?
Yes it is. It is the DC / CA for the domain I am running the command from.
On Wed, Feb 7, 2024 at 10:09 AM Gary Blake @.***> wrote:
@acarnie https://github.com/acarnie is the system you are running the cmdlet from joined to the Active Directory domain of the Certificate Authority?
— Reply to this email directly, view it on GitHub https://github.com/vmware/power-validated-solutions-for-cloud-foundation/issues/470#issuecomment-1931705086, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANMQMAB2IY5CGQJKE6Z53G3YSNHHFAVCNFSM6AAAAABB3UFRLSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZRG4YDKMBYGY . You are receiving this because you were mentioned.Message ID: <vmware/power-validated-solutions-for-cloud-foundation/issues/470/1931705086 @github.com>
-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
@acarnie
"New-CimSession: Access is denied." usually means a permission issue. Os the user account part of Administrator group? Can you try the following to see if you can a successful connection
$cred = Get-Credential
# Use the username and password you provided for Request-SignedcCertificate
New-CimSession -ComputerName $mscaComputerName -Credential $cred
Assigning to Kevin Teng (@garlicNova) for triage.
Hi @acarnie - can you review Kevin's comment and verify in your environment?
Spoke to Alasdair directly and confirmed that this can be closed.
I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
After a follow up conversation this is still an issue, re-opening the ticket.
Verify that the cert has a SAN
Unlocked the issue.
I tried giving the service account "Manage CA" rights, but that did not work. I then removed those rights and added the service account to Domain Admins and the Request-Certificate goes through no problem, but this is a gaping security hole.
I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Code of Conduct
VMware Cloud Foundation
5.1
Module Version
2.7.1
PowerShell Version
7.4
PowerCLI Version
13.1.0
PowerVCF Version
2.4.1
Guest Operating System
Windows Server 2019
Environment Details
Microsoft Server 2019 Enterprise CA Correctly configured VMware certificate template (is already used for all other VCF components) VCF 5.1
Description
This is the command used, and the error I get.
Error or Debug Output
I don't have that.
Expected Behavior
I expect that a certificate is generated on the Microsoft CA.
Actual Behavior
I get the error detailed in the error above.
Steps to Reproduce
Create a CSR and then try to create a new certificate.
Log Fragments and Files
No response
Screenshots
No response
References
No response