Re: RPC server is unavailable while requesting new certificate

Hello Jozef,

Thank you for posting back!

I am glad to hear that you have resolved the issue and thing is working
correctly on your side now. If you need any assistance in the future,
please feel free to post back to this Newsgroup. We are glad to be working
with you again!

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
>Thread-Topic: RPC server is unavailable while requesting new certificate
>thread-index: AcWuOZhxToguh2qBTS2eVSPtgpxnlg==
>X-WBNR-Posting-Host: 84.47.23.2
>From: "=?Utf-8?B?Sm96ZWYgSXpzbw==?=" <JozefIzso@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <F4BFE2C0-0232-485F-97D3-45E7C4CB49B1@xxxxxxxxxxxxx>
<PAm3vaynFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
<e6cotc1nFHA.3760@xxxxxxxxxxxxxxxxxxxx>
<LWou3lZoFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: RPC server is unavailable while requesting new certificate
>Date: Wed, 31 Aug 2005 07:38:04 -0700
>Lines: 311
>Message-ID: <48DEEBAD-2C6D-4BA1-B544-6BDBC8469C3B@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:149556
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>After I've used Internet Connection Wizard, all certification services are
>working fine.
>
>
>Issue is resolved.
>
>Jozef.
>
>
>""Brandy Nee [MSFT]"" wrote:
>
>> Hello Jozef Izso,
>>
>> Thank you for posting back and your detailed information.
>>
>> While waiting for the Event logs on your server and problematic
>> workstation, please help to gather more information for troubleshooting:
>>
>> 1. Test connect the client computer with the SBS Server to a hub, will
this
>> issue occur?
>>
>> 2. On the client computer and the SBS Server, get netdiag /v
>> >c:\netdiag.txt file. To do so,
>>
>> Insert SBS 2K3 CD#2 in your server, and install the support Tools which
is
>> under Support\Tools folder. Then go to command prompt, type netdiag /v
>> >c:\netdiag.txt, and email me the netdiag.txt file.
>>
>> 3. On the problematic client workstation, collect userenv.log. To do so,
>> please see:
>>
>> a. Go to folder: %SystemRoot%\Debug\UserMode\. If you can find a file
>> called userenv.log, please rename it to userenv.old. (Please do not
delete
>> it.)
>>
>> b. Go to Start -> Run type "regedit" (without the quotation marks), and
>> then click OK.
>>
>> c. Find the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
>> NT\CurrentVersion\Winlogon
>>
>> d. Highlight the Winlogon key and click Edit -> New -> DWORD Value in
the
>> menu bar.
>>
>> e. Name the new value as "UserEnvDebugLevel" (without the quotation
marks)
>> and then double click it and specify the Value data as 00010002. Please
>> double check that the value name and the data are correct (the value
should
>> be shown as 0x00010002(65538)).
>>
>> f. Close registry edit.
>>
>> g. Restart the client computer. Logon as the problematic user account.
>>
>> h. Go to the %SystemRoot%\Debug\UserMode\ to get the following files:
>> userenv.log and userenv.old.
>>
>> i. Please send the following information to me:
>> %SystemRoot%\Debug\UserMode\userenv.log.
>>
>> For detailed steps, please see:
>>
>> 221833 How to Enable User Environment Debug Logging in Retail Builds of
>> Windows
>> http://support.microsoft.com/?id=221833
>>
>> 4. Also, on the server. Go to Start -> Run, type "msinfo32" (without
the
>> quotation marks). Go to File tab, select Save and save it as .NFO file
and
>> send it to my mailbox.
>>
>> I am greatly appreciated your time and cooperation, and am looking
forward
>> to hearing from you soon!
>>
>>
>> Best regards,
>>
>> Brandy Nee
>>
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
the
>> "Notify me of replies" box to receive e-mail notifications when there
are
>> any updates in your thread. When responding to posts via your
newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly.
Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>>
>>
>> --------------------
>> >Date: Fri, 12 Aug 2005 18:02:00 +0200
>> >From: Jozef Izso <JozefIzso@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >User-Agent: Thunderbird 1.0+ (Windows/20050809)
>> >MIME-Version: 1.0
>> >Subject: Re: RPC server is unavailable while requesting new certificate
>> >References: <F4BFE2C0-0232-485F-97D3-45E7C4CB49B1@xxxxxxxxxxxxx>
>> <PAm3vaynFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
>> >In-Reply-To: <PAm3vaynFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
>> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>> >Content-Transfer-Encoding: 7bit
>> >Message-ID: <e6cotc1nFHA.3760@xxxxxxxxxxxxxxxxxxxx>
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >NNTP-Posting-Host: 85-135-144-34.adsl.slovanet.sk 85.135.144.34
>> >Lines: 1
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143733
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >Certificates requesting from CA is performed in local network without
>> >firewalls between computers. (Only one firewall is enabled on Local
Area
>> >Network connection through Routing & Remote Access. This network
>> >interface is configured as Private interface connected to private
>> >network. Without this setting I was unable to join domain, computers
>> >didn't find DNS server, etc.)
>> >
>> >
>> > > 1. Does the issue occur on all the client computers or some of them?
>> >
>> >This issue is occurring on all client computers.
>> >
>> >
>> > > 2. On a computer where autoenrollment is failing, can you enroll for
>> >a certificate by using the MMC snap-in?
>> >
>> >No, I can't enroll for a computer nor personal certificate through
>> >Certificates MMC snap-in.
>> >
>> >
>> > > 3. On a computer where autoenrollment is failing, can you enroll for
>> >a certificate by using the CA Web pages?
>> >
>> >On CA Web Page is only option to enroll Administrator certificate. No
>> >Computer cert.
>> >
>> >
>> > > 4. Check the GPO to make sure that you configured the correct CA
>> >Server in the ACRS GPO.
>> >
>> >Checked. GPO is configured properly.
>> >
>> >
>> > > 5. On the server and one of the problematic client workstations, run
>> >"eventvwr" (without quotation marks), check whether there is any error,
>> >if yes, double click it, click the Copy button and paste the full
>> >content to the Newsgroup.
>> >
>> >At the moment I doesn't have access to the Event Viewer so I can't post
>> >the full description of problem. But on client computer there is log
>> >entry that belongs to this issue. I'll be able post full description in
>> >few days.
>> >
>> >
>> >--
>> >Jozef Izso
>> >
>> >
>> >Brandy Nee [MSFT] wrote:
>> >> Hello Jozef Izso,
>> >>
>> >> Thank you for posting to the SBS Newsgroup.
>> >>
>> >> From your description, I understand that you using ACRS for
certificate
>> >> requesting. You can deploy CA root by GPO which works, but ACRS does
not
>> >> work. If I have misunderstood your concern, please feel free to let
me
>> >> know.
>> >>
>> >> In ACRS, client computer will query the allowed certificate template
and
>> >> once all the requirements are meet, the certificate can be issued to
>> client
>> >> computers automatically.
>> >>
>> >> "The RPC Server is unavailable" generally indicates that the client
>> process
>> >> cannot communicate with the server. Generally, it will occur if there
is
>> a
>> >> firewall.
>> >>
>> >> For ACRS to succeed, the following underlying dependencies for this
>> >> communication must be working correctly:
>> >>
>> >> a. Domain authentication
>> >>
>> >> b. Remote procedure call (RPC) connectivity
>> >>
>> >> c. DNS resolution for Active Directory domain names
>> >>
>> >> d. TCP/IP connectivity
>> >>
>> >> e. Physical network connectivity
>> >>
>> >> So, we need to check network related issue or a pure CA issue.
>> >>
>> >> Considering the CA certificate requesting process is a pure DCOM,
please
>> >> check if DCOM port is closed/blocked by the firewall application
between
>> >> the client and the server. It is better that we disable all the
firewall
>> >> applications between the client and the SBS Server.
>> >>
>> >> Due to lack of information, I need your help to gather the following
>> >> information, please see:
>> >>
>> >> 1. Does the issue occur on all the client computers or some of them?
>> >>
>> >> 2. On a computer where autoenrollment is failing, can you enroll for
a
>> >> certificate by using the MMC snap-in?
>> >>
>> >> 3. On a computer where autoenrollment is failing, can you enroll for
a
>> >> certificate by using the CA Web pages?
>> >>
>> >> 4. Check the GPO to make sure that you configured the correct CA
Server
>> in
>> >> the ACRS GPO.
>> >>
>> >> 5. On the server and one of the problematic client workstations, run
>> >> "eventvwr" (without quotation marks), check whether there is any
error,
>> if
>> >> yes, double click it, click the Copy button and paste the full
content
>> to
>> >> the Newsgroup.
>> >>
>> >> I suggest you that refer to the following White Document to make sure
>> that
>> >> you network configuration is correct. Please see:
>> >>
>> >> Securing Your Windows Small Business Server 2003 Network
>> >>
>>
http://www.microsoft.com/technet/security/smallbusiness/prodtech/SBS/sec_sbs
>> >> 2003_network.mspx
>> >>
>> >> Hope this information helps. If anything is unclear, please feel free
to
>> >> let me know. I am looking forward to hearing from you!
>> >>
>> >> Best regards,
>> >>
>> >> Brandy Nee
>> >>
>> >> Microsoft CSS Online Newsgroup Support
>> >>
>> >> Get Secure! - www.microsoft.com/security
>> >> ======================================================
>> >> This newsgroup only focuses on SBS technical issues. If you have
issues
>> >> regarding other Microsoft products, you'd better post in the
>> corresponding
>> >> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>> >> You can locate the newsgroup here:
>> >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>> >>
>> >> When opening a new thread via the web interface, we recommend you
check
>> the
>> >> "Notify me of replies" box to receive e-mail notifications when there
>> are
>> >> any updates in your thread. When responding to posts via your
>> newsreader,
>> >> please "Reply to Group" so that others may learn and benefit from
your
>> >> issue.
>> >>
>> >> Microsoft engineers can only focus on one issue per thread. Although
we
>> >> provide other information for your reference, we recommend you post
>> >> different incidents in different threads to keep the thread clean. In
>> doing
>> >> so, it will ensure your issues are resolved in a timely manner.
>> >>
>> >> For urgent issues, you may want to contact Microsoft CSS directly.
>> Please
>> >> check http://support.microsoft.com for regional support phone numbers.
>> >>
>> >> Any input or comments in this thread are highly appreciated.
>> >> ======================================================
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> >>
>> >>
>> >>
>> >> --------------------
>> >>> Thread-Topic: RPC server is unavailable while requesting new
certificate
>> >>> thread-index: AcWdkb22PNFENbO0SWun5wwfJUbbdQ==
>> >>> X-WBNR-Posting-Host: 85.135.144.34
>> >>> From: "=?Utf-8?B?Sm96ZWYgSXpzbw==?="
>> <JozefIzso@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >>> Subject: RPC server is unavailable while requesting new certificate
>> >>> Date: Wed, 10 Aug 2005 02:56:14 -0700
>> >>> Lines: 39
>> >>> Message-ID: <F4BFE2C0-0232-485F-97D3-45E7C4CB49B1@xxxxxxxxxxxxx>
>> >>> MIME-Version: 1.0
>> >>> Content-Type: text/plain;
>> >>> charset="Utf-8"
>> >>> Content-Transfer-Encoding: 7bit
>> >>> X-Newsreader: Microsoft CDO for Windows 2000
>> >>> Content-Class: urn:content-classes:message
>> >>> Importance: normal
>> >>> Priority: normal
>> >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >>> Newsgroups: microsoft.public.windows.server.sbs
>

.