none
Building Subordinate CA received RPC Server is unavailable

    Question

  • I installed all the roles/features for a root CA and a Subordinate CA. Both are standalone (NOT enterprise) CA running WIndows Server 2012 R2.  The Root CA installed fine. Also successfully copied the root certs to the subordinate CA. However, while submitting the Cert Request in the Subordinate CA (ultimately going to the ROOT CA), I received this error message.

    RPC Server is unavailable.   0x800706ba (WIN32:1722 rpc_S_SERVER_unavailable).

    I ran the DCOMCNFG.exe and ensured the permission is allowed for EVERYTHING - hoping it would overcome the problem.   Also checked the firewall (disabled it as well as base filtering).    Nothing seems to work.   

    Help, I am drowning and I can't get up. 

    Tuesday, March 28, 2017 6:41 PM

Answers

  • Hi,

    >> Also successfully copied the root certs to the subordinate CA. However, while submitting the Cert Request in the Subordinate CA (ultimately going to the ROOT CA), I received this error message.

    I'm not sure what do you want to do.According your description,it looks like you have deployed a offline root ca,and you want to deploy a online sub CA.If it is the case,you should follow the steps like this:

    1.Copy the CA certificate request file from the sub CA to Root CA.

    2.Right click Submit the sub CA request file on Root CA,select it  in the Pending Request folder and issue.

    3.Double click newly issued certificate, switch to Details tab and press Copy to a file button. Export the certificate (without private key) to a file and transfer it to a Subordinate CA server.

    4.On the Subordinate CA server,select All tasks and select Install CA Certificate.Not submit new request.

    There is a common error when you try to install SubCA certificate. The reason is that CA server is unable to perform revocation check on it's own certificate due of Root CA CRT/CRL file unavailablity. Thereofre after Root CA setup you need to configure CRT/CRL distribution points to a public locations so each client will be able to access them.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by philipch Wednesday, March 29, 2017 1:44 PM
    Wednesday, March 29, 2017 6:22 AM
    Moderator

All replies

  • Hi,

    >> Also successfully copied the root certs to the subordinate CA. However, while submitting the Cert Request in the Subordinate CA (ultimately going to the ROOT CA), I received this error message.

    I'm not sure what do you want to do.According your description,it looks like you have deployed a offline root ca,and you want to deploy a online sub CA.If it is the case,you should follow the steps like this:

    1.Copy the CA certificate request file from the sub CA to Root CA.

    2.Right click Submit the sub CA request file on Root CA,select it  in the Pending Request folder and issue.

    3.Double click newly issued certificate, switch to Details tab and press Copy to a file button. Export the certificate (without private key) to a file and transfer it to a Subordinate CA server.

    4.On the Subordinate CA server,select All tasks and select Install CA Certificate.Not submit new request.

    There is a common error when you try to install SubCA certificate. The reason is that CA server is unable to perform revocation check on it's own certificate due of Root CA CRT/CRL file unavailablity. Thereofre after Root CA setup you need to configure CRT/CRL distribution points to a public locations so each client will be able to access them.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by philipch Wednesday, March 29, 2017 1:44 PM
    Wednesday, March 29, 2017 6:22 AM
    Moderator
  • Cartman:

    Thanks!   This works.

    Wednesday, March 29, 2017 1:44 PM