Hi,
you can download porqry tools to check if dynamic rpc ports are opened or not betwwen client and the server:
Please Don't forget to mark helpful reply as answer
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello, I've installed Server 2016 Standard on a physical server and it's been joined to the domain.
I continue receiving CertificateServicesClient-CertEnroll and CertificateServicesClient-AutoEnrollment errors (Event IDs 6, 13, 82, and 13).
Below is the complete error for Event IDs 6 and 13:
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 1/15/2021 1:48:32 PM
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Date: 1/15/2021 11:59:48 AM
Event ID: 13
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer:
Description:
Certificate enrollment for Local system failed to enroll for a DomainControllerAuthentication certificate with request ID N/A from "CA" (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).
I've verified RPC is running and the Certificate Authority can communicate to and from the server on port 135.
This is the first time I've encountered these errors.
Can you please assist with a solution to resolve this?
Thank you!
Hi,
you can download porqry tools to check if dynamic rpc ports are opened or not betwwen client and the server:
Please Don't forget to mark helpful reply as answer
@Vicky Wang Hello, I've confirmed ports 80 and 135 are open from the server to the CA, but I think the ephemeral ports (49152-65535) still need to be opened. I am working on that right now and will provide another update once I'm able to test.
Thank you!
@Vicky Wang Thank you for your assistance. Per Microsoft, I also needed to open ephemeral/dynamic ports 49152-65535 on the Certificate Authority from (incoming) the server generating CertificateServicesClient-CertEnroll and CertificateServicesClient-AutoEnrollment errors.
Once ports were opened, I confirmed connectivity via Telnet. I confirmed errors were no longer present by running the certificate enrollment system task and user task in the OS and rebooting the server.
Hi,
It seems network issue, check if all required ports are opened between client to CA server RPC TCP 135 and Dynamic RPC port
Please don't forget to mark helpful reply as answer
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky