Error configuring ADCS from PowershellDSC

Copper Contributor

PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: Setup could not add the Certification Authority’s computer account
to the Cert Publishers security group. This Certification Authority will not be able to publish certificates in Active Directory. To fix this, an administrator must manually add the
Certification Authority’s computer account to the Cert Publishers security group in Active Directory. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344
ERROR_DS_INSUFF_ACCESS_RIGHTS)
Setup could not add the Certification Authority’s computer account to the Pre-Windows 2000 Compatible Access security group. Certificate Managers Restrictions feature will not work
correctly on this Certification Authority. To fix this, an administrator must manually add the Certification Authority’s computer account to the Pre-Windows 2000 Compatible Access
security group in Active Directory. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344 ERROR_DS_INSUFF_ACCESS_RIGHTS)
Setup was unable to install or update the default certificate templates. Ensure you have write permissions on the "Certificate Templates" container in the forest root domain, then
manually install the default certificate templates using the command: certutil -installdefaulttemplates. Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : Rootca.mylabcore.lo

0 Replies