Certificate enrollment failed – says RPC server unavailable

Tis
10 pts.
Tags:
Digital certificates
Microsoft Windows Server 2003
RPC
Web security
I checked my logs in windows 2003 R2 and received the following error: certificate enrollment for local system failed to enroll for one Domain Controller certificate from (SERVER NAME). (RPC server unavailable 0×800706ba (win32: 1722))
Asked: Last updated:
Related Questions

Answer Wiki

Thanks. We'll let you know when a new response is added.

This comes “as is” from a Microsoft forum:

1) Is the CA machine reachable from the client machine on which the request
is being generated
2) The client machine should be in the same domain as the CA machine or both
of them should be in the same domain for DCOM to be able to request
certificates

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Freakz
    I just love people how state the blatantly obvious. Well here is a constructive answer. Check that the group “Domain Controllers” is a member of the group CERTSVC_DCOM_ACCESS. Reboot the client and try again. //M
    10 pointsBadges:
    report
  • dvodvo
    Check the syste, security log entries found at: Start->All Programs->Administrative Tools->Component Services (Expand)->Event Viewer (Local)->Windows Logs->Security

    In case your server is not part of a domain, such that adapting the group settings for CERTSVC_DCOM_ACCESS does not apply:
    If     remote login is denied due to unknown username/password, you may add on the server side a user and corresponding password matching the user that on the client side needing access to the service.
    Also make sure that the respecitive access rights are granted, for instance:
    Start->All Programs->Administrative Tools->Component Services (Expand)-> Computers (Expand)->My Computer (right-click)->Properties.
    In the COM Security tab:
    Access Permission->Edit Limits->Everyone->Remote Access
    Launch and Activation Permissions->Edit Limits->Everyone->Remote Launch
    10 pointsBadges:
    report
  • Subhendu Sen
    For checking purpose, u can do manually request the domain controller certificate in teh certificate snap-in. 
    107,780 pointsBadges:
    report
  • Genderhayes
    This happens when you create your CA on a Domain Controller and the “Domain Controllers” security group is missing from the “CERTSVC_DCOM_ACCESS” Domain Local Security Group
    10,685 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: