CA Web Enrollment RPC server error for FQDN/IP domain names

PKInoob88 101 Reputation points
2021-02-26T06:11:23.297+00:00

Hi,

I have set 3 SANs for my web enrollment server proxy server. IP, FQDN and hostname.
When i try to request for a cert from the hostname via https://hostname/certsrv everything works perfectly.

However, when i try https://ip/certsrv and https://fqdn/certsrv i get the RPC server is unavailable error

Result:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
COM Error Info:
CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
LastStatus:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)

I have added SPNs for both my IP and fqdn via setspn -s http/ipaddress testlab\WebEnrol and http/fqdn testlab\WebEnrol

I have also done delegation to any service for my Web enrollment server.

May i know what step did i miss? Thanks in advance!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,182 questions
{count} votes

Accepted answer
  1. Daisy Zhou 20,871 Reputation points Microsoft Vendor
    2021-03-02T02:54:37.397+00:00

    Hello @PKInoob88 ,

    Thank you for your reply.

    I test in my lab.

    I enroll a cert for only server FQDN using web server certificate template.

    Then I bind this cert for https.

    I can enroll user cert via Request A Certificate -> User Cert - > Submit (After this step).

    Would you please confirm if you can?

    Best Regards,
    Daisy Zhou


1 additional answer

Sort by: Most helpful
  1. Daisy Zhou 20,871 Reputation points Microsoft Vendor
    2021-03-01T03:02:13.363+00:00

    Hello @PKInoob88 ,

    Thank you for posting here.

    Based on the description above, would you please confirm the information below:

    1.Do you receive the error message "RPC server is unavailable" immediately after you type https://ip/certsrv or https://fqdn/certsrv and click Enter? If not, which step do you receive the error message?

    2.If you enroll three certs, one cert is for IP address and the second cert is for FQDN and the third cert is for hostname, then bind one https web page for IP address, bind the second https web page for FQDN and bind the third https web page for hostname, then check if it helps.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou