Applies To: Director and TPP
Summary:
Sometimes we have connection complications when trying to communicate to the Microsoft Certificate Authority. Issues could range from:
- Network Access/ Firewall/ Proxy /network stability/ DNS resolution
- Credentials
- Permissions
- Windows Server components installed
You might get an error such as "PostCSR failed with error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"
In order to test the server connectivity external of Venafi we can use Microsoft’s CertUtil program
https://technet.microsoft.com/en-us/library/ee624045%28v=ws.10%29.aspx
https://technet.microsoft.com/en-us/library/cc732443.aspx
More Info:
- Example for viewing configuration:
Certutil.exe -view -config "MYCASERVER.domain\CA01"
- Example for viewing a count of CA Templates:
certutil.exe -v -template "serverName.domain.root\SERVICENAME"
- Example for pulling back template counts in a loop from Power Shell (testing connectivity)
//This will query the template count from the CA 10 times.
for($i=1; $i -le 10; $i++) { certutil.exe -v -template "serverName.domain.root\SERVICENAME" }
- Example for viewing names of CA Templates:
certutil.exe -CATemplates -config "serverName.domain.root\SERVICENAME"
For basic command line syntax, run certutil -?
For the syntax on using certutil with a specific verb, run certutil <verb> -?
To send all of the certutil syntax into a text file, run the following commands:
certutil -v -? > certutilhelp.txt
notepad certutilhelp.txt
Comments