Automatic Certificate Enrollment failing on few random machines with error: The RPC server is unavailable (0x800706BA)‎


  • We have around 18000+ clients in the environment. We have published a Certificate Template in AD and also have a GPO in place to renew certificates. We are using Symantec PKI with AutoEnrollment (AE) server residing within our network. Majority of the clients are picking up certificates fine and I believe users are renewing certificates before cert expiry. However, on a few random machines across different regions the enrollment is failing with error code: RPC server is unavailable (0x800706BA)‎.

    We are able to reach the server just fine from the problematic machines. We are able to ping and tracert. However, Certutil -ping fails with the same error. Certutil works on other machines.

    The only way we are able to fix the issue right now is move the machine to Workgroup and rejoin the domain. Immediately after the machine is joined to the domain, the certificate automatically renews and we are able to see the certificate in the Certificate console.

    I have checked the DCOM permissions on the server and everything is setup correctly, so I don't think we have a permission issue on the AE server.

    Can anyone help me with this please? We have been having this for over a week now and rejoining the machines to domain is not a solution. We will need to understand why just a few machines are not able to renew while most of the machines are able to. We are seeing this issue on around 15-20 machines right now. 

    Monday, March 6, 2017 12:59 PM