Share via

CertUtil -ping fails. RPC server unavailable

Michael Scott K 1 Reputation point
2022-12-20T20:48:19.91+00:00

Full error -- Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE) -- (156ms)
CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
CertUtil: The RPC server is unavailable.

Initial problem came up when trying to request a certificate on a Windows 2019 server from a local DC CA. When you hit the ENROLL button this comes up:
'An error occurred while enrolling for a certificate. The certificate request could not be submitted to the certificate authority.
Url: [servername.domain.local][CA name]
Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE).

I've been through a half dozen "RPC Unavailable" forum entries and none of the solutions have worked for me. As mentioned, the certutil fails and also when I do a Dcdiag I noticed this error: "The server did not register with DCOM within the required timeout.' Not sure if that's related. I can't find any DNS problems though. NLTEST /sc_verify works.

Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 45,051 Reputation points
    2022-12-22T14:42:41.547+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query\issues related to certutil command.

    "The RPC server is unavailable." often belongs to the DNS/firewall,please check those settings,or you could perform a network capture,to determine where is breaking down. Hence Disable any Antivirus program or Windows firewall you may have for temporary purpose.

    1. Please try to reset CA Flag by using commands

    certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
    net stop certsvc
    net start certsvc

    2 . Please try to manually update the DCOM security settings for the certificate service, run the following commands at a command prompt:

    certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
    net stop certsvc
    net start certsvc

    Reference article :
    https://social.technet.microsoft.com/Forums/Azure/en-US/247d8453-d0cc-4df6-a638-e472ae1f2cad/getting-ca-generate-error-in-dc?forum=winserver8gen

    ---------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Robert Wickberg 21 Reputation points
    2023-01-03T22:48:43.777+00:00

    I have the same problem.

    The instructions in step 1 and step 2 appear to be identical. I tried them, no dice.

    What I can tell you, if this helps, is running the command tnc -ComputerName <serverfqdn> -Port 135
    on the client works, but certutil -ping -config <serverfqdn>\<ca name> does not.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.