Applies To:
Provisioning to CAPI store using CAPI driver to 2003 Server and above on all versions of TPP
Symptom:
When attempting to push a Certificate to the CAPI store of a Windows Server using the CAPI driver the following error message may be seen in the log:
Connecting to remote server [SERVER] failed with the following error message : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2147749890" Machine="[SERVER]"><f:Message></f:Message></f:WSManFault> For more information, see the about_Remote_Troubleshooting Help topic. WinRM Connection Attempt Failed The WinRM client failed connecting to http://[SERVER]:5985/wsman using Kerberos authentication. (Details: Connecting to remote server [SERVER] failed with the following error message : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2147749890" Machine="[SERVER]"><f:Message></f:Message></f:WSManFault> For more information, see the about_Remote_Troubleshooting Help topic.)
Cause
The important part of the error appears to be the code (Code="2147749890") which identifies a NOT_FOUND error - this is usually caused by an error with WinRM or WMI. There are multiple possible causes. You will find similar error using Powershell - to test this open Powershell on the TPP Server and attempt to open a remote Powershell Session: Enter-PSSession [Server]
Resolution
1. Connectivity
Ensure that the TPP Server can connect to the target server on the port (typically 5985 or 5986).
2. Powershell Remoting has not been enabled
Run Enable-PSRemoting on the target Server from an elevated Powershell prompt and accept the two warnings. If Powershell Remoting has not been enabled then the prerequisites have not been followed, please check the CAPI section of "Certificate Authority and Hosting Platform Integration Guide.pdf" which is available under the documentation section of the KB: https://support.venafi.com/hc/en-us/sections/203604677-Documentation
3. WMI on the target is corrupt
There are various steps to troubleshoot provided by Microsoft, a useful utility is WMIdiag -
WMIdiag is a tool to analyse the health of WMI on the system - it can be downloaded from: https://www.microsoft.com/en-us/download/details.aspx?id=7684 and details are avalable here: https://technet.microsoft.com/en-gb/library/ff404265.aspx The command "cscript.exe wmidiag.vbs checkconsistency" returns the most useful information.
If WMI is found to have errors then the WMI repository can be rebuilt using insturctions found here: https://blogs.technet.microsoft.com/askperf/2009/04/13/wmi-rebuilding-the-wmi-repository/ or running the script attached and then rebooting. After running repeat step 2.
Comments