Good afternoon,
I have a certificate file (pfx) that is protected by using users/groups in AD. In this case the group used to allow access to the certificate is Domain Admins. Now because of the number of servers we want to push the certs via release management. Which works fine for servers that can access a RWDC. Now the servers in a DMZ that can only access a RODC fail every single time.
If I Log onto a DMZ server. Copy the PFX file. Launch an admin powershell script and ran Import-PfxCertificate. Result:
Import-PfxCertificate : The specified network password is not correct. 0x80070056 (WIN32: 86 ERROR_INVALID_PASSWORD) At line:1 char:1+ Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My .\star2016.instre ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : NotSpecified: (:) [Import-PfxCertificate], Exception+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.ImportPfxCertificate
Question is:
* How do I fix the RODC so that this kind of scripts actually works ?
As a side note, if it helps, logging onto the server works fine, it just takes a hell of a long time. But I always attributed that to the DMZ server sending the request to the RODC, the RODC sending it to the RWDC and then coming back the way it bounce. Seems I might be wrong.
Thanks