RPC Server Unavailable When Requesting Computer Certificate

RPC Server Unavailable When Requesting Computer Certificate
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
RPC Server Unavailable When Requesting Computer Certificate Ben 09-16-2005
Posted by Ben on September 16, 2005, 7:07 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I'm trying to set up a machine for use with our VPN. We will be using L2TP &
smartcards, so I need to request a computer certificate. Up till now I've
been able to configure most computer when people are in the office,
connected to the domain, using automatic certificate deployment via group
policy. However we have 1 user who is not going to be in the office, but
needs VPN access.

So I've changed the VPN access to allow PPTP temporarily, and asked him to
connect, then I've used remote assistance to terminal service into his
machine. From there I've managed to use the web based enrollment to download
the CA certificate, and tried to use the certificates MMC snap in to request
a computer certificate. However I get the initial screen up, asking which
certificate I'd like, common name etc, but when I press finish, the system
hangs for about 10 seconds, then errors with "RPC Server is unavailable".

At first I thought this might be a firewall issue, as he was running windows
firewall, as well as Symantec firewall. So I disabled both, and also the
firewall on his 3com router. However after trying again, with a number of
reboots, it still errors. I can ping the CA, the domain, and other
computers.

Does anyone have any ideas as to how I can successfully request a computer
certificate? Is there another way of doing it? I notice there is no computer
certificate option in the web enrollment form, even though the template has
been added to the CA.

We're using ISA 2004 as the VPN server, and it's allowing all protocols
through from VPN > internal, and Internal > VPN. The DC is windows 2003
server, and the client machine is Windows XP pro SP2.

Many thanks

Ben



Posted by =?Utf-8?B?T3pvbmU=?= on September 20, 2005, 2:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
The one thing that I would do it to start Netmon on both ends and run them
while making the request for the cert. you should see one of them come back
with a Port access issue. With this info, you will know what you need to do
on the firewall for RPC to work and allow for the cert request to work
properly...

"Ben" wrote:

> Hi,
>
> I'm trying to set up a machine for use with our VPN. We will be using L2TP &
> smartcards, so I need to request a computer certificate. Up till now I've
> been able to configure most computer when people are in the office,
> connected to the domain, using automatic certificate deployment via group
> policy. However we have 1 user who is not going to be in the office, but
> needs VPN access.
>
> So I've changed the VPN access to allow PPTP temporarily, and asked him to
> connect, then I've used remote assistance to terminal service into his
> machine. From there I've managed to use the web based enrollment to download
> the CA certificate, and tried to use the certificates MMC snap in to request
> a computer certificate. However I get the initial screen up, asking which
> certificate I'd like, common name etc, but when I press finish, the system
> hangs for about 10 seconds, then errors with "RPC Server is unavailable".
>
> At first I thought this might be a firewall issue, as he was running windows
> firewall, as well as Symantec firewall. So I disabled both, and also the
> firewall on his 3com router. However after trying again, with a number of
> reboots, it still errors. I can ping the CA, the domain, and other
> computers.
>
> Does anyone have any ideas as to how I can successfully request a computer
> certificate? Is there another way of doing it? I notice there is no computer
> certificate option in the web enrollment form, even though the template has
> been added to the CA.
>
> We're using ISA 2004 as the VPN server, and it's allowing all protocols
> through from VPN > internal, and Internal > VPN. The DC is windows 2003
> server, and the client machine is Windows XP pro SP2.
>
> Many thanks
>
> Ben
>
>
>

Posted by Steven L Umbach on September 20, 2005, 5:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Your best bet would be to enable the "offline ipsec" certificate template
for the CA and have him request that via Web Enrollment. The RPC error is
usually because of a firewall problem or dns problem. If you had to you
could manually request the certificate yourself for that computer and
specify that computer name in the request. Then export the
certificate/private key from your computer [select option to export whole
certificate chain to include CA certificate] to a password protected.pfx
file and send it to the user with instructions how to import it into the
"computer" certificate store. Note that the user would need to be a local
administrator to request and install the certificate. --- Steve


> Hi,
>
> I'm trying to set up a machine for use with our VPN. We will be using L2TP
> & smartcards, so I need to request a computer certificate. Up till now
> I've been able to configure most computer when people are in the office,
> connected to the domain, using automatic certificate deployment via group
> policy. However we have 1 user who is not going to be in the office, but
> needs VPN access.
>
> So I've changed the VPN access to allow PPTP temporarily, and asked him to
> connect, then I've used remote assistance to terminal service into his
> machine. From there I've managed to use the web based enrollment to
> download the CA certificate, and tried to use the certificates MMC snap in
> to request a computer certificate. However I get the initial screen up,
> asking which certificate I'd like, common name etc, but when I press
> finish, the system hangs for about 10 seconds, then errors with "RPC
> Server is unavailable".
>
> At first I thought this might be a firewall issue, as he was running
> windows firewall, as well as Symantec firewall. So I disabled both, and
> also the firewall on his 3com router. However after trying again, with a
> number of reboots, it still errors. I can ping the CA, the domain, and
> other computers.
>
> Does anyone have any ideas as to how I can successfully request a computer
> certificate? Is there another way of doing it? I notice there is no
> computer certificate option in the web enrollment form, even though the
> template has been added to the CA.
>
> We're using ISA 2004 as the VPN server, and it's allowing all protocols
> through from VPN > internal, and Internal > VPN. The DC is windows 2003
> server, and the client machine is Windows XP pro SP2.
>
> Many thanks
>
> Ben
>



Similar ThreadsPosted
requesting a certificate in Vista. February 6, 2008, 1:54 pm
Requesting certificate via certreq.exe to remote CA January 24, 2008, 12:21 pm
requesting cert from local CA: "no trusted certificate authorities available" November 6, 2006, 12:58 pm
Unable to request Server Authen. Certificate from CA for secondary IAS server March 7, 2007, 8:56 am
Computer Certificate Private Key December 7, 2007, 9:26 am
Certificate Server April 7, 2008, 1:58 pm
Exec.exe requesting operation. Want to block it. January 31, 2007, 1:59 pm
Error: 0x00000046 - when requesting certificates December 3, 2007, 9:15 pm
Add a Root Certificate Server October 12, 2005, 11:08 am
Server 2008 Security: The client computer WMI dtat store may be co December 1, 2008, 7:00 am

The site map in XML format XML site map

Contact Us | Privacy Policy