unable to export windows cert as pkcs12 - “Key not valid for use in specified state”

Question

I am trying to export a cert with powershell to pkcs12. I can export it fine in MMC. But powershell barfs

    PS C:\Users\paul> $cert.export('PFX'," pass")
Exception calling "Export" with "2" argument(s): "Key not valid for use in specified state.
"
At line:1 char:13
+ $cert.export <<<< ('PFX'," pass")
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

The private key is exportable

PS C:\Users\paul> $cert.privatekey.cspkeycontainerinfo


MachineKeyStore        : True
ProviderName           : Microsoft RSA SChannel Cryptographic Provider
ProviderType           : 12
KeyContainerName       : fd6ce48f23c5a94dee97bf7e87ef3da2_2868494a-a319-4976-80a7-e0f129e23cfd
UniqueKeyContainerName : fd6ce48f23c5a94dee97bf7e87ef3da2_2868494a-a319-4976-80a7-e0f129e23cfd
KeyNumber              : Exchange
Exportable             : True
HardwareDevice         : False
Removable              : False
Accessible             : True
Protected              : False
CryptoKeySecurity      : System.Security.AccessControl.CryptoKeySecurity
RandomlyGenerated      : False

running as local admin

Answer 1

This seems like a long shot, but have you tried using the Pfx enumeration instead of the string?

$pfx = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
$cert.Export($pfx,"pass")

The reason I ask, is that if you look at the value underlying the enumeration, Pfx actually has a value of 3.