i have been pulling my hair out today. dont know why it took me so long to get to this stage but there you go, a bad workman blames his tools and the script was running from an SCCM task sequence using the SCCM task seq service as local system, no interact with desktop.
The machine has the trusted root certs from the cert issuer and the certs views nicely in windows certmgr or the mmc under the computer hive part.
running the script manually with a logged on user and everything was ok. no cert warnings using IE, no errors in the script.
Running it under the context of the local system with no interact with desktop and was falling in a heap at the oHTTP.Send with a message about unable to download resource. This was the same message i was getting previously with the logged on user account when the root cert from the publisher was not in my trusted root certs hive or when the user could not resolve the cert path.
I needed to launch an interactive cmd window under the local system account and browse to the website manually to see a 'revocation information for the security certificate for this site is no available. Do you want to proceed'. I am not sure why I get this as local system but not as a logged on user.
I scratched my head for a while and was kicking myself with .SetOption causing a runtime.
Set oHTTP = CreateObject("MSXML2.XMLHTTP.6.0")
oHTTP.open "POST", strUrl, False, strU, strTimeOut
oHTTP.SetOption 2, 13056
The solution was to use the MSXML2.ServerXMLHTTP.6.0 COM instead.
perhaps this post will serve to remind me when i come to do this sort of thing again in x months time
The machine has the trusted root certs from the cert issuer and the certs views nicely in windows certmgr or the mmc under the computer hive part.
running the script manually with a logged on user and everything was ok. no cert warnings using IE, no errors in the script.
Running it under the context of the local system with no interact with desktop and was falling in a heap at the oHTTP.Send with a message about unable to download resource. This was the same message i was getting previously with the logged on user account when the root cert from the publisher was not in my trusted root certs hive or when the user could not resolve the cert path.
I needed to launch an interactive cmd window under the local system account and browse to the website manually to see a 'revocation information for the security certificate for this site is no available. Do you want to proceed'. I am not sure why I get this as local system but not as a logged on user.
I scratched my head for a while and was kicking myself with .SetOption causing a runtime.
Set oHTTP = CreateObject("MSXML2.XMLHTTP.6.0")
oHTTP.open "POST", strUrl, False, strU, strTimeOut
oHTTP.SetOption 2, 13056
The solution was to use the MSXML2.ServerXMLHTTP.6.0 COM instead.
perhaps this post will serve to remind me when i come to do this sort of thing again in x months time