Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Cannot config OCSP Recovation configuration for auto enrollemnt

Answered Cannot config OCSP Recovation configuration for auto enrollemnt

  • Tuesday, October 09, 2012 2:43 AM
     
     
    Sign In to Vote
    0

    Hi

    I am am try to configure the Recovation Configuration for our OCSP .

    But I am getting the following error message

     

    Our setup

    windows 2008 R2 Enterprise :Root CA

    Windows 2008 R2 Enterprise : Enterprise CA

    Windows 2008 R2 Enterprise : OCSP

    troubleshooting steps taken:

    I have tried to telnet on port 125 from the ocsp to the enterprise root: Yes

    On the Enterprise CA:

    In the Certificate Templates.

    on the OCSP Response Signing certificate under securtiy I have given the OCSP computer read and enroll access.

    In the Enterprise Certificate Authority console . Under certificate templates I have publices OCSP Response Signing Certificate.

    I have tried to turn off the firewall  and virus scanner on the enterprise RootCA. Still not working

    I get the following in the application log:

    Log Name:      Application
    Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
    Date:          9/10/2012 10:06:46
    Event ID:      13
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:         

    Computer:      OCSP

    Description:
    Certificate enrollment for Local system failed to enroll for a OCSPResponseSigning certificate with request ID N/A from Enterprise ISsueCA\Enterprise Issuing CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" />
        <EventID Qualifiers="49754">13</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-10-08T23:06:46.000000000Z" />
        <EventRecordID>794</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>SSGOCSP.ssg.org.au</Computer>
        <Security UserID="S-1-5-21-519532968-2122918807-1236795852-23678" />
      </System>
      <EventData>
        <Data Name="Context">Local system</Data>
        <Data Name="TemplateName">OCSPResponseSigning</Data>
        <Data Name="RequestId">ISSUECA01.\ Issuing CA</Data>
        <Data Name="CA">N/A</Data>
        <Data Name="ErrorCode">The RPC server is unavailable. 0x800706ba (WIN32: 1722)</Data>
      </EventData>
    </Event>

    Any help would be great.

    Thanks

    tony lee

     

All Replies

  • Wednesday, October 10, 2012 4:12 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi Tony,

    Thanks for posting in Microsoft TechNet forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     
     
  • Wednesday, October 10, 2012 5:24 AM
     
     
    Sign In to Vote
    0
    Thanks for you reply .

    tony lee

     
  • Friday, October 12, 2012 12:26 PM
     
     
    Sign In to Vote
    0

    Hi,

    In addition to the TCP Port 135, we also need to ensure RPC dynamic ports(49152 -65535/TCP) are opened on the filewall. The error "RPC server is unavailable" is usually due to blocked ports.

    Regards,

    Denny

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • Friday, October 12, 2012 12:28 PM
     
     
    Sign In to Vote
    0

    Some reference:

    http://technet.microsoft.com/en-us/library/dd772723(v=WS.10).aspx

    http://support.microsoft.com/kb/179442#method3

    Regards,

    Denny

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • Monday, October 15, 2012 2:46 AM
     
     
    Sign In to Vote
    0

    Hi Denny,

    thank you for getting back to me. I have tried turning off the firewall and the virus scanner on both the issue ca server and the OCSP server. We still get the same error message.

    do you have any other suggestions ?

    Thanks again for you assistance

    tony lee

     
  • Thursday, October 18, 2012 1:24 PM
     
     Answered
    Sign In to Vote
    0

    Hi,

    "The RPC server is unavailable" error is usually resulted from the following reasons:

    1. TCP 135 and RPC dynamic ports are blocked or filtered by firewall and intermediate device.

    2. DNS resolution failure

    So i suggest you capture a netmon trace to see the details. If you need our further assistance such as analyzing the trace, you may open up an email or phone service request on our support site.

    Regards,

    Denny

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.