locked
Installing an Internet facing server RRS feed

  • Question

  • I have a single primary (SCCM 2007 R2 SP2 on Windows 2008 R2) and several secondaries (mixed OSs) all running in Native Mode.  I'm attempting to install an Internet server (for SUP, MP, and DP) which is in the DMZ, on the same domain (running Windows 2008 SP2).  I believe I have the right ports (80, 443, 445, 1433) open between the Internet server and the Primary.

    I can't get the Web and Client certificates installed on the Internet facing server.  From the Internet server, I can see all 3 (Site, Web, Client) certificates published in Active Directory.  However, I get an error requesting the Web and Client certificates.

    Error from Certificates MMC:

    The RPC server is unavailable. The certificate request could not be submitted to the
    
    certification authority.
    
    
    Error in System Event Log:
    Source: Distributed COM
    Event ID: 10009
    DCOM was unable to communicate with the computer [pkiserver.domain.com] using any of the
    configured protocols.
    

    Error in the Application Event Log:

    Source: CertificateServicesClient-CertEnroll
    Event ID: 13
    Certificate enrollment for Local system failed to enroll for a SCCMManagement/DistributionPoint
    certificate from [pki.domain.com]\Acme Corporate Issuing Authority (The RPC server is unavailable. <
    0x800706ba (WIN32: 1722)).
    

    From a secondary server that has all the certificates I can run the certutil successfully:

    certutil -ping -config [pkiserver.domain.com]
    

    However, the same command generates the RPC error from the Internet server.

     

     

    Is there an offline method to request/export/import the required certificates or am I going to need to get the firewall opened up between the Internet server and the Certificate Authority server?

    Thank you.

    Thursday, February 10, 2011 5:01 AM

Answers

All replies