Follow

Info: How do I check my Microsoft CA Communication?

Applies To: Director and TPP

Summary:

Sometimes we have connection complications when trying to communicate to the Microsoft Certificate Authority. Issues could range from:

  1. Network Access/ Firewall/ Proxy /network stability/ DNS resolution
  2. Credentials
  3. Permissions
  4. Windows Server components installed

You might get an error such as "PostCSR failed with error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

 

In order to test the server connectivity external of Venafi we can use Microsoft’s CertUtil program

https://technet.microsoft.com/en-us/library/ee624045%28v=ws.10%29.aspx

https://technet.microsoft.com/en-us/library/cc732443.aspx

More Info:

  • Example for viewing configuration:

Certutil.exe -view -config "MYCASERVER.domain\CA01"

  • Example for viewing a count of CA Templates:

certutil.exe -v -template "serverName.domain.root\SERVICENAME"

  •  Example for pulling back template counts in a loop from Power Shell (testing connectivity)

 //This will query the template count from the CA 10 times.

for($i=1; $i -le 10; $i++) { certutil.exe -v -template "serverName.domain.root\SERVICENAME" }

  • Example for viewing names of CA Templates:

certutil.exe -CATemplates -config "serverName.domain.root\SERVICENAME"

 

For basic command line syntax, run certutil -?

For the syntax on using certutil with a specific verb, run certutil <verb> -?

To send all of the certutil syntax into a text file, run the following commands:

certutil -v -? > certutilhelp.txt

notepad certutilhelp.txt

 

 

 

Was this article helpful?
2 out of 2 found this helpful

Comments