Info: How do I check my Microsoft CA Communication?

Applies To: Director and TPP


Sometimes we have connection complications when trying to communicate to the Microsoft Certificate Authority. Issues could range from:

  1. Network Access/ Firewall/ Proxy /network stability/ DNS resolution
  2. Credentials
  3. Permissions
  4. Windows Server components installed

You might get an error such as "PostCSR failed with error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"


In order to test the server connectivity external of Venafi we can use Microsoft’s CertUtil program

More Info:

  • Example for viewing configuration:

Certutil.exe -view -config "MYCASERVER.domain\CA01"

  • Example for viewing a count of CA Templates:

certutil.exe -v -template "serverName.domain.root\SERVICENAME"

  •  Example for pulling back template counts in a loop from Power Shell (testing connectivity)

 //This will query the template count from the CA 10 times.

for($i=1; $i -le 10; $i++) { certutil.exe -v -template "serverName.domain.root\SERVICENAME" }

  • Example for viewing names of CA Templates:

certutil.exe -CATemplates -config "serverName.domain.root\SERVICENAME"


For basic command line syntax, run certutil -?

For the syntax on using certutil with a specific verb, run certutil <verb> -?

To send all of the certutil syntax into a text file, run the following commands:

certutil -v -? > certutilhelp.txt

notepad certutilhelp.txt




Was this article helpful?
2 out of 2 found this helpful