Problem with email notifications from Active Directory Certificate Services Window 2008 R2
Hi, I need to get some notifications working using SMTP when users generate certificates.The requests end up in the "pending" state but the administrators are not notified. I found a solution using the exit modules and the following: certutil -setreg exit\smtp\SMTPServer my_smtp_servername But that just returns: CertUtil: -setreg command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified I think the registry keys are missing but I don't want to mess around with manual registry changes unless I can help it. Anyone got a clue for me? ciao dave
April 12th, 2011 12:55am

what is your CA operating system? Exit module is available only on Enterprise and Datacenter SKUs. If you are running Windows Server 2008 R2 Standard, the feature (Exit module) is not available.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 1:38am

Well that might explain it :-) I guess I'm going to have to script something and run it periodically then. Do you know of a way to get a list of pending requests? Certutil doesn't seem to have a switch for that. Thanks!Confused Right Now
April 12th, 2011 1:57am

certutil does. certutil -view -restrict disposition=9 -out "RequestID, RequesterName, common name" also you may check my PowerShell PKI module: http://pspki.codeplex.com/ the following syntax can be used: Get-CertificationAuthority ca01.company.com | Get-PendingRequest Here is detailed help: http://pspki.codeplex.com/wikipage?title=Get-PendingRequest Also you can pipe result object to other commands. For example to approve/deny pending request: http://pspki.codeplex.com/wikipage?title=Approve-CertificateRequest http://pspki.codeplex.com/wikipage?title=Deny-CertificateRequestMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 2:18am

Thanks heaps. That looks like it will allow us to write a wrapper powershell script to do what we want. You probably already know, but your documentation may be out of date. Get-CertificateAuthority takes the param -CAName (not -Name), which added to my confusion for a while :-) Again, thanks for your help and the library is very useful! Confused Right Now
April 12th, 2011 7:59pm

regarding documentation — it is written against my new upcoming release. Certain parameters are renamed to standard parameter names (for convenience purposes).My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2011 1:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics