Server 2016 Standard CertificateServicesClient-CertEnroll Errors

JC34209324 51 Reputation points
2021-01-15T22:18:51.237+00:00

Hello, I've installed Server 2016 Standard on a physical server and it's been joined to the domain.

I continue receiving CertificateServicesClient-CertEnroll and CertificateServicesClient-AutoEnrollment errors (Event IDs 6, 13, 82, and 13).

Below is the complete error for Event IDs 6 and 13:

Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 1/15/2021 1:48:32 PM
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Date: 1/15/2021 11:59:48 AM
Event ID: 13
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer:
Description:
Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from "CA" (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).

I've verified RPC is running and the Certificate Authority can communicate to and from the server on port 135.

This is the first time I've encountered these errors.

Can you please assist with a solution to resolve this?

Thank you!

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,348 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,931 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,701 questions
0 comments No comments
{count} votes

7 additional answers

Sort by: Most helpful
  1. JC34209324 51 Reputation points
    2021-02-01T17:10:03.477+00:00

    @Vicky Wang Hello, I've confirmed ports 80 and 135 are open from the server to the CA, but I think the ephemeral ports (49152-65535) still need to be opened. I am working on that right now and will provide another update once I'm able to test.

    Thank you!

    1 person found this answer helpful.
    0 comments No comments

  2. JC34209324 51 Reputation points
    2021-02-09T18:13:59.373+00:00

    @Vicky Wang Thank you for your assistance. Per Microsoft, I also needed to open ephemeral/dynamic ports 49152-65535 on the Certificate Authority from (incoming) the server generating CertificateServicesClient-CertEnroll and CertificateServicesClient-AutoEnrollment errors.

    Once ports were opened, I confirmed connectivity via Telnet. I confirmed errors were no longer present by running the certificate enrollment system task and user task in the OS and rebooting the server.

    1 person found this answer helpful.
    0 comments No comments

  3. Thameur-BOURBITA 31,916 Reputation points
    2021-01-16T00:02:31.27+00:00

    Hi,

    It seems network issue, check if all required ports are opened between client to CA server RPC TCP 135 and Dynamic RPC port


    Please don't forget to mark helpful reply as answer


  4. Vicky Wang 2,636 Reputation points
    2021-01-21T08:42:56.397+00:00

    Hi,

    Just checking in to see if the information provided was helpful.
    Please let us know if you would like further assistance.

    Best Regards,
    Vicky

    0 comments No comments