none
RPC Server Unavailable trying to connect to CA RRS feed

  • Question

  • Hi All,

    Have a problem where I can't ping or otherwise connect to CA using certutil et al.

    Output from running command is:

    C:\Windows\system32>certutil -ping -config "IND-PROD004\Wilcox Technologies"
    Connecting to IND-PROD004\Wilcox Technologies ...
    Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)

    CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
    CertUtil: The RPC server is unavailable.

    Which is a rather generic and unhelpful error. The event log on the computer I running it on doesn't seem to give much more help other than DCOM error with no supporting protocols worked or some such.

    If I run the same command on the CA itself, it works fine. Other RPC based services such as running remote command prompt using psexec work fine.

    Been googling for hours, and not getting far. Anyone have some tips please to figure out how to debug and fix this problem?

    Have already enabled inbound firewall mentioned for COM+ (DCom In).

    Many Thanks,

    Jessica Hamilton

    Monday, March 9, 2009 3:39 AM

Answers

  • Hi,

     

    To isolate whether the problem is caused by Windows Firewall, I suggest that we temporarily turn off Windows Firewall by running the following command in the elevated command window:

     

    Netsh advfirewall set allprofiles state off

    Wednesday, March 11, 2009 10:41 AM
    Moderator

All replies

  • hi there,

    i have gone through your post, based on which plese do check the following , hoping your server is windows 2008 , please find below few checks which you need to do .

    a)  Open CA management console from "Administrative Tools". Right-click the server name and select "Properties". Select security and add group "Domain Controllers". Select checkbox "Request Certificates" and click OK

    b) have you configured your clients with multiple dns suffix search list ? kb 939882 have a look at that article.

    c) also make sure 
        Add the "Domain Controllers" group to the CERTSVC_DCOM_ACCESS security group, and added the correct permissions to the "\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA" folder

    d) certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
    net stop certsvc
    net start certsvc



    sainath Windows Driver Development
    Monday, March 9, 2009 5:43 AM
    Moderator
  • I've tried all of these and it's still not working.

    This is from server 2008 to another server 2008 machine, if that helps.
    Monday, March 9, 2009 6:06 AM
  • what happens when you try with IPaddress instead of FQDN or netbios name ?
    sainath Windows Driver Development
    Monday, March 9, 2009 6:30 AM
    Moderator
  • Hi,

     

    To isolate whether the problem is caused by Windows Firewall, I suggest that we temporarily turn off Windows Firewall by running the following command in the elevated command window:

     

    Netsh advfirewall set allprofiles state off

    Wednesday, March 11, 2009 10:41 AM
    Moderator
  • Hi got this problem in a network with 2 Domain Controllers (both Windows 2008), one has the Root CA Enterprise role and the other only the DC role.

    The server with only the DC role gives the error when using FQDN:

    Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)

    CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
    CertUtil: The RPC server is unavailable.

    Butt when using ip:

    ICertRequest2 interface is alive
    Certutil -ping command completed succesfully

    Been at this for days now and i can't seem to find a solutions please advise......

    Regards,

    Stephan

    Tuesday, May 12, 2009 4:26 PM
  • Found the solution of my problem.

    My DC are separated by two isa server 2006 with a VPN Tunnel. ISA uses a RPC Protocol Filter where the default is Enforce Strict RPC compliance (when this checkbox is not selected, the filter will allow additional RPC Type Protocols, such as DCOM) In both ISA server i deselected the checkbox of the rpc filter in the VPN Network Rule and everything is working fine now.

    Stephan Voskamp
    Tuesday, May 12, 2009 4:59 PM
  • Thank you!  I've just spent hours wondering why our first DC on a remote site was having problems!

    Thank you for taking the time to follow up. 

    Cheers,

    Stephen.
    Tuesday, August 25, 2009 11:30 PM
  •     Add the "Domain Controllers" group to the CERTSVC_DCOM_ACCESS security group, and added the correct 

    There is no CERTSVC_DCOM_ACCESS security group in Windows server 2008.

    How to workaround this?

    Thanks.

    Tuesday, July 31, 2012 7:08 AM