Issue with powershell script

(0) Share

Report

Posted on by Community Member

Hi, I'm working my way through these powershell scripts...seems like each one errors out on me and I have to figure it out. Anyway I'm running this script:

$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\administrator -storeFindType FindBySubjectDistinguishedName”

Invoke-Expression -command $CertificateScriptWithCommand

Obviously I put in my information for the login, certification location and pwd.  My latest error is this:

Read Permission to Access Certificate Private Key is not granted. Please check if Service Account exists.

I've already made sure the account I'm using does have permissions on the certificate key but I still have the issue.  Ideas?

*This post is locked for comments

I have the same question (0)

All responses (8)

Answers (0)

Community Member on at

Like (0)

Report

Ok I got past this error only to run into another. I added read permissions to the folder the key is stored in: C:\programdata\microsoft\crypto\RSA and that fixed the error. Now I am getting an error saying "Certificate private key is not found." I exported the certificate again and checked the RSA folder to make sure a new key was generated for today and there was. So what next?

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

I've ran the repairstore command and deleted and reimported the certificate...still no dice.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

No one has ran into this? No ideas?

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

OK I worked past that issue. I read somewhere that copying the keys to another folder can fix the issue. Fortunately that fixed both my broken RDP and my powershell script issue. I renamed the Machine Keys folder and let Windows create a new one. Now I'm on my newest error. When running the "Import-Module MSOnlineExtended -Force" powershell script I get this error:

The specified module 'MSOnlineExtended' was not loaded because no valid module file was found in any module directory.

Was this reply helpful? Yes No
Suggested answer

Adrian Begovich 1,027 Moderator on at

Like (0)

Report

Hi Burt H,

Try uninstalling and reinstalling the Azure AD PowerShell Module.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Ok I have to back up...I thought that fixed the previous issue but it did not. When I get to the "Invoke-Expression -command $CertificateScriptWithCommand" I am still getting "Certificate private key is not found". I did try uninstalling and reinstalling the Azure AD PowerShell Module...did not work.

Was this reply helpful? Yes No
mikas 5 on at

Like (0)

Report

Have you find how to fix it? Same thing here.. after running "Invoke-Expression -command $CertificateScriptWithCommand" i get Attempted to perform an unauthorized operation Read Permission to Access Certificate Private Key is not granted.

Was this reply helpful? Yes No
John Hoven 360 on at

Like (0)

Report

If you're using the default Network Service, make sure you enter in the script as:

'NT AUTHORITY\NETWORK SERVICE'

That got me by this same error message. It will add the certificate if you just type in something like "NetworkService", and it will have the permission on the private key, but their validation logic that it added successfully fails to recognize it. Hope it saves someone else some frustration...

Was this reply helpful? Yes No