Fail to provision to CAPI store on machine w/o admin permissions #571
Description
PROBLEM SUMMARY
using CAPI format on windows machine w/o admin fails even to a user personal store. the frailer reproduce PS1 code instead of providing a meaningful error.
STEPS TO REPRODUCE
use vcert run with following code on win machine w/o Admin permissions:
EXPECTED RESULTS
meaningful error : Install denied - no permissionACTUAL RESULTS
PS C:\Users\tkushnirsky\OneDrive - CyberArk Ltd\_DriveC\VCert Labs\vaas playbooks> C:\Users\tkushnirsky\Downloads\vcert.exe run -f .\6days.yaml -force-renew --debug
2025-07-11T09:38:26.276-0500 INFO vcert/playbook.go:103 running playbook file {"file": ".\\6days.yaml"}
2025-07-11T09:38:26.277-0500 DEBUG vcert/playbook.go:104 debug is enabled
2025-07-11T09:38:26.277-0500 DEBUG parser/reader.go:90 reading from local file system
2025-07-11T09:38:26.278-0500 INFO parser/reader.go:59 playbook successfully parsed
2025-07-11T09:38:26.278-0500 INFO vcert/playbook.go:133 using Venafi Platform {"platform": "VAAS"}
2025-07-11T09:38:26.278-0500 INFO vcert/playbook.go:146 running playbook task {"task": "myCertificate"}
2025-07-11T09:38:26.278-0500 INFO service/service.go:114 Flag [force-renew] is set. All certificates will be requested/renewed regardless of status
2025-07-11T09:38:26.278-0500 INFO service/service.go:60 certificate needs action {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:26.278-0500 INFO service/service.go:65 csr option is 'service'. Generating random password for certificate request
2025-07-11T09:38:27.006-0500 DEBUG vcertutil/vcertutil.go:57 successfully read zone config {"zone": "Internal Certs\\Default"}
2025-07-11T09:38:27.007-0500 DEBUG vcertutil/vcertutil.go:63 successfully updated Request with zone config values
vCert: 2025/07/11 09:38:27 Getting CIT
vCert: 2025/07/11 09:38:27 Building policy
2025-07-11T09:38:30.125-0500 DEBUG vcertutil/vcertutil.go:74 successfully requested certificate {"requestID": "b540d1b0-5e64-11f0-bce5-a14acfab7ca5"}
2025-07-11T09:38:30.764-0500 DEBUG vcertutil/vcertutil.go:84 successfully retrieved certificate {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:30.764-0500 INFO service/service.go:74 successfully enrolled certificate {"certificate": "days6.mimlab.io"}
2025-07-11T09:38:30.766-0500 DEBUG installer/crypto.go:124 successfully decrypted Private Key
2025-07-11T09:38:30.766-0500 INFO service/service.go:91 successfully prepared certificate for installation
2025-07-11T09:38:30.766-0500 INFO service/service.go:141 running Installer {"installer": "CAPI", "location": "CurrentUser\\MY"}
2025-07-11T09:38:30.766-0500 DEBUG installer/capi.go:110 installing certificate {"location": "CurrentUser\\MY"}
2025-07-11T09:38:34.987-0500 ERROR capistore/powershell.go:185 failed to run script file {"stderr": "Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.runScript
/vcert/pkg/playbook/util/capistore/powershell.go:185
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.executeScript
/vcert/pkg/playbook/util/capistore/powershell.go:156
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
/vcert/pkg/playbook/util/capistore/powershell.go:91
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
/vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
/vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
/vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.988-0500 ERROR capistore/powershell.go:159 failed to run script function {"functionName": "install-cert", "stdout": "", "error": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.executeScript
/vcert/pkg/playbook/util/capistore/powershell.go:159
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
/vcert/pkg/playbook/util/capistore/powershell.go:91
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
/vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
/vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
/vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.989-0500 ERROR capistore/powershell.go:94 failed to install certificate into CAPI {"stdout": "", "error": "failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\""}
github.com/Venafi/vcert/v5/pkg/playbook/util/capistore.PowerShell.InstallCertificateToCAPI
/vcert/pkg/playbook/util/capistore/powershell.go:94
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
/vcert/pkg/playbook/app/installer/capi.go:153
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
/vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
/vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.991-0500 ERROR installer/capi.go:155 failed to install certificate in CAPI store {"error": "failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\"\nfailed to install certificate into CAPI, stdout: ''"}
github.com/Venafi/vcert/v5/pkg/playbook/app/installer.CAPIInstaller.Install
/vcert/pkg/playbook/app/installer/capi.go:155
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
/vcert/pkg/playbook/app/service/service.go:157
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
/vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.991-0500 ERROR service/service.go:160 error installing certificate {"location": "CurrentUser\\MY", "error": "failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n", "errorVerbose": "failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n\nfailed to run script function \"install-cert\"\nfailed to install certificate into CAPI, stdout: ''"}
github.com/Venafi/vcert/v5/pkg/playbook/app/service.runInstaller
/vcert/pkg/playbook/app/service/service.go:160
github.com/Venafi/vcert/v5/pkg/playbook/app/service.Execute
/vcert/pkg/playbook/app/service/service.go:102
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:147
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
/usr/local/go/src/runtime/proc.go:272
2025-07-11T09:38:34.992-0500 ERROR vcert/playbook.go:151 error running task {"task": "myCertificate", "error": "error installing certificate at location CurrentUser\\MY: failed to install c2025-07-11T09:38:34.992-0500 ERROR vcert/playbook.go:151 error running task {"task": "myCertificate", "error": "error installing certificate at location CurrentUser\\MY: failed to install certificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\vertificate into CAPI, stdout: '': failed to run script function \"install-cert\": failed to run script file: Get-Item : Cannot find drive. A drive with the name 'Cert' does not exist.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:108 char:17\r\n+ $capi = Get-Item \"Cert:\\$($storeLocation)\\$($installToStore)\"\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ObjectNotFound: (Cert:String) [Get-Item], DriveNotFoundException\r\n + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetItemCommand\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:109 char:9\r\n+ $capi.Open(\"ReadWrite\")\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:110 char:9\r\n+ $capi.Add($cert)\r\n+ ~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nYou cannot call a method on a null-valued expression.\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:111 char:9\r\n+ $capi.Close()\r\n+ ~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [], RuntimeException\r\n + FullyQualifiedErrorId : InvokeMethodOnNull\r\n \r\nFailed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\nAt C:\\TEMP\\venafi-winrm-execute-5f3f0642-68e0-4714-8c21-115fa39c6703.ps1:119 char:17\r\n+ ... throw \"Failed to install chain certificate on target syst ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : OperationStopped: (Failed to insta...fi, Inc.\", C=US:String) [], RuntimeException\r\n + FullyQualifiedErrorId : Failed to install chain certificate on target system - CN=Dedicated - Venafi Cloud Built-In CA, OU=Built-in, O=\"Venafi, Inc.\", C=US\r\n \r\n"}
main.doRunPlaybook
/vcert/cmd/vcert/playbook.go:151
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:274
github.com/urfave/cli/v2.(*Command).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/command.go:267
github.com/urfave/cli/v2.(*App).RunContext
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:332
github.com/urfave/cli/v2.(*App).Run
/go/pkg/mod/github.com/urfave/cli/v2@v2.25.7/app.go:309
main.main
/vcert/cmd/vcert/main.go:163
runtime.main
/usr/local/go/src/runtime/proc.go:272
ENVIRONMENT DETAILS
latest vcert , windows 11 local user no admin rights.
COMMENTS/WORKAROUNDS