Warning: Undefined array key "is_rate_editable" in /home/vhosts/itexperience.net/httpdocs/wp-content/plugins/wpdiscuz/class.WpdiscuzCore.php on line 1303
Certificate enrollment for Local system failed (The RPC server is unavailable. 0x800706ba) - itexperience.net

Certificate enrollment for Local system failed (The RPC server is unavailable. 0x800706ba)

If you’re facing the error
Certificate enrollment for Local system failed to enroll for a ClientCertificate certificate with request ID N/A from server\IssuingCA-01 (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE))
it’s almost certain your firewall is blocking the traffic.
In this case, you need to open port 135 (RPC traffic) in your firewall(s) FROM your client TO the certificate server

Please note your environment may have multiple firewalls on different levels. Check your central company wide firewall for dropped packets on port 135.
But also make sure your Windows Firewall is configured to

  • allow outbound traffic (on your client) on port 135
  • allow inbound traffic (on your certificate server) on port 135.

Inbound traffic is most likely being blocked, since that is the default setting in Windows nowadays.

To verify you have solved the issue by opening the firewall ports, you need to trigger the error to reoccur. You can do so by running a scheduled task on the client system:

  1. Open Task Scheduler
  2. Expand Task Scheduler (local) -> Task Scheduler Library -> \Microsoft\Windows\CertificateServicesClient
  3. Run the SystemTask and the UserTask
  4. Wait for a few minutes. Then recheck your Eventlog to verify the error does not appear

certificate enrollment error 0x800706ba

Similar errors that may come up in your eventviewer are:

Certificate enrollment for Local system failed (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-CertEnroll
Event ID:      13
Certificate enrollment for Local system failed to enroll for a OasenClientCertificate certificate with request ID N/A from server\IssuingCA-01 (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).


 

DCOM was unable to communicate with the computer

Source:        Microsoft-Windows-DistributedCOM
Event ID:      10028
DCOM was unable to communicate with the computer using any of the configured protocols; requested by PID     2eb4 (C:\Windows\system32\taskhost.exe).


Event ID:      82
Certificate enrollment for Local system failed in authentication to all urls for enrollment server associated with policy id: {B62A4538-E0C2-4C3D-A8FE-42201A0C8543} (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)). Failed to enroll for template: ClientCertificate


Event ID:      6
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

5 1 vote
Article Rating
Subscribe
Notify of
guest
6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
TrixM

If you want to trigger a certificate renewal, you can also run this command: certutil -pulse

Ahmed

Hi TrixM
How certutil -pulse will trigger and when it will trigger?
Thank you!


Rob Ingenthron

Very helpful!! Our issue turned out to be that it seems the PKI CA also needs *inbound* access to the DC when the auto-enroll feature is being used from Microsoft PKI (AD-integrated CA).

I saw that a DC didn’t have a certificate, and the PKI server could not reach port 135/tcp on the Domain Controller.

Saman

If CA server is not on a Domain Controller, we could get RPC error even though RPC access is allowed on firewall. To fix this we have to add ‘Domain Computers“, “Domain Users” and “Domain Controllers” groups to “Distributed COM Users” group on the CA server (local group).

6
0
Would love your thoughts, please comment.x
()
x