none
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) RRS feed

  • Question

  • Hello All,

    We have a large number of workstations in our Active Directory environment that are running Windows XP SP3.  Some reporting and monitoring tools in our environment use WMI to query the machines for data.  For ~75% of the machines, they work without issue, the rest return RPC server unavailable errors.  For the trouble machines, WMI seems to work fine locally using wbemtest, it is only remotely that seems to have problems and gives RPC server unavailable messages.

    This was given to me to research and resolve and I wrote the powershell query below just as a means of testing.  I have domain admin rights and all the workstations are in the same domain.

    $arrCompListFQDN = "computer1.domain.com","computer2.domain.com","computer3.domain.com"
    
    Foreach ($PC in $arrCompListFQDN)
    {
       Try
       {
          $WMICS = Get-WMIObject -Class Win32_ComputerSystem -Namespace "root\cimv2" -ComputerName $PC
          $WMINAC = Get-WMIObject -Class Win32_NetworkAdapterConfiguration -Namespace "root\cimv2" -ComputerName $PC
       }
       Catch
       {
          Write-Host "Failed to get data from machine (Error:" $_.Exception.Message")"
       }
    }
    
    $WMICS
    $WMINAC


    With the sample code above, two thirds of the PCs I query will return the expected information while the other third will return the following errors:

    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    
    At C:\Users\(myuser)\Desktop\WMIquery3.ps1:22 char:37
    
    +             $WMI_CS1 = Get-WmiObject <<<<  -Class Win32_ComputerSystem -Namespace "root\cimv2" -ComputerName $PC
    
        + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    
        + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
    
    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    
    At C:\Users\(myuser)\Desktop\WMIquery3.ps1:24 char:37
    
    +             $WMI_NAC = Get-WmiObject <<<<  -Class Win32_NetworkAdapterConfiguration -Namespace "root\cimv2" -ComputerName $PC
    
        + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    
        + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand


    I have been googling and testing every possible fix I can find for the past 2 weeks to no avail.  So far, this is what I have confirmed or tested:

    • DCOM is enabled on both working and non-working PCs:

           -- HKLM\Software\Microsoft\OLE\EnableDCOM = 'Y'

    • Verified remote logons are not being coerced to the GUEST account (aka "forceguest") on both working and non-working PCs:

           - Secpol.msc > Local Policies > Security Options.

           - "Network access: sharing and security model for local accounts" set to "Classic.." and not "Guest".

    • Verified all of the following services are not disabled and set to either automatic, or manual so they can start on demand:

           - COM+ Event Security

           - Remote Access Auto Connection Manager

           - Remote Access Connection Manager

           - Remote Procedure Call (RPC)

           - Remote Procedure Call (RPC) Locator

           - Remote Registry

           - Server

           - Windows Management Instrumentation

           - Windows Management Instrumentation Driver Extensions

           - WMI Performance Adapter

           - Workstation

    • Ensured WMI Remote is enabled on both working and non-working:

           - Compmgmt.msc > Services and applications > WMI Control

           -  Properties, then Security tab.  Root security has Remote Enable checked for local admin

    • Verified on both working and non-working PCs that PagedPoolSize key is set to 0:

           - HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

    • Verified on both working and non-working PCs that DCOM access and launch permissions are correct and identical

           - local administrators group has remote launch and remote activate

    • Recompiling and eventually rebuilding the WMI repository on non-working machines did not resolve the issue.
    • Non-working machines that throw the RPC error do NOT have windows firewall enabled or running.
    • The only third party firewall software on the machine is McAfee HIPs.  The firewall is currently disabled on all these workstations and allowing all traffic.  I have also tried disabling and even completely removing the McAfee software and this still did not resolve the issue.
    • Verified that Everyone group has "bypass traverse checking" user right under gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
    • WMIDiag has told me WMI is working correctly on machines where I am getting the RPC server unavailable errors.
    • Some PCs that work are on the same subnet/gateway as PCs that give the RPC error.
    • I can still RDP into the PCs that give RPC errors, as well as ping and do nslookups on them.

    I'm at a dead end at the moment banging my head on the desk.  Any assistance that anyone can provide or possibly other items to check would be greatly appreciated!


    Wednesday, August 7, 2013 12:44 AM

All replies

  • I tried using network monitor from my workstation to capture the network traffic to/from one working and one non-working machine.  The one that fails seems to be failing at the DCOM RemoteCreateInstance method and that is where the RPC server unavailable message is coming from, it doesn't even get to the point of the WMI connection/access like the working PC does and no WMI frames are seen.

    That makes it sound like a DCOM permissions issues, but I have looked extensively at the permissions and see no differences what so ever between a machine that responds properly and a machine that give the RPC server unavailable error.  That also would not explain how they seem to be magically working sometimes then not working later.

    Configuration wise, the clients are identical as all the software and policies are pushed to them.  So they are all XP SP3, running same software applications, same version for DCOM, etc.

    Friday, August 9, 2013 10:16 AM
  • While I have not received any feedback, I have continued to attempt to resolve this issue.  I found that there was a difference in permissions on the WMI registry key apparently caused by an update. HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}.  I updated the permissions on a non-working box to match those of a working box and it did not solve the issue.

    Still at a dead end and could use some help tracking this down.

    Monday, August 12, 2013 4:31 PM
  • Tricky Ninja,

    I can't believe you've not seen any traction on this thread.  Not that it's probably a common issue, but one that is, well, tricky to solve.

    I am also experiencing this same issue.  I've been troubleshooting a handful of servers where I am unable to do the following (sometimes, but sometimes it works)

    Get-WmiObject win32_operatingsystem -ComputerName Server01

    the response:  Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

    I ping it, connect to remote shares on it, RDP into it, still nothing, look at some other servers, run my command again and BAM - it works all of a sudden, then I try again and it doesn't work.

    even if I use IP address, I get the same thing. 

    Here's another symptom, the servers I'm trying to connect to are in another continent on a trusted domain in the same forest.  If I remote to one of those systems in that domain, it works fine. 

    I'm only having the issue on about 4 of 200 (at least today since I started digging into this not-so-high-priority-issue)

    Any Luck?


    nick

    Tuesday, May 19, 2015 5:04 PM