CertUtil: -dsPublish command FAILED: 0x800704dc (WIN32: 1244 ERROR_NOT_AUTHENTICATED)

0

i am trying to update the certification revocation list on a root server and want to update it on an issuing CA server. But i am facing a strange problem as below -

1. when i am trying to publish the .crl on the issuing CA using the following command from powershell , it is working as expected. I am using the domain admin account to login to the machine and then executing the command on powershell with admin privilege

cmd /c "certutil -f -dspublish C:\<crl_name>.crl"

it is working fine

whoami
<domain_name>\administrator

2. now if i execute the same command from a jenkins pipeline, i am trying to do the same using invoke-command with the same admin credentials .. but it is not working and throwing the following error -

try { 
    Invoke-Command -ScriptBlock { cmd /c "certutil -f -dspublish C:\<crl_name>.crl" } -ComputerName localhost  -Credential (New-Object System.Management.Automation.PSCredential $username,(ConvertTo-SecureString $password -AsPlainText -Force)) 
    
} catch { echo $_.Exception.Message }

for $username i am passing the value <domain_name>\administrator

but the error is -

ldap:///CN=XXXX,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=<domain_name>,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint?certificateRevocationList

ldap: 0x1: 000004DC: LdapErr: DSID-0C090DE7, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
CertUtil: -dsPublish command FAILED: 0x800704dc (WIN32: 1244 ERROR_NOT_AUTHENTICATED)
CertUtil: The operation being requested was not performed because the user has not been authenticated.

i am using the same credentials which i am using to login to the machine as admin to execute the command and that time it is working but the same credentials if i use on invoke-command it is failing.

Can anybody please help me on this.

powershell
pki
ca
certenroll
asked on Stack Overflow Jul 7, 2020 by Reese

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0