This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I have set 3 SANs for my web enrollment server proxy server. IP, FQDN and hostname.
When i try to request for a cert from the hostname via https://hostname/certsrv everything works perfectly.
However, when i try https://ip/certsrv and https://fqdn/certsrv i get the RPC server is unavailable error
Result:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
COM Error Info:
CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
LastStatus:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
I have added SPNs for both my IP and fqdn via setspn -s http/ipaddress testlab\WebEnrol and http/fqdn testlab\WebEnrol
I have also done delegation to any service for my Web enrollment server.
May i know what step did i miss? Thanks in advance!
Hello @PKInoob88 ,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Hi Daisy,
I managed to solve the issue by using any authentication protocol for my delegation. I also added bindings to the 3 domains like you suggested.
Hello @PKInoob88 ,
Thank you for your reply.
I test in my lab.
I enroll a cert for only server FQDN using web server certificate template.
Then I bind this cert for https.
I can enroll user cert via Request A Certificate -> User Cert - > Submit (After this step).
Would you please confirm if you can?
Best Regards,
Daisy Zhou
Hi daisy,
I realised the problem was the kerberos delegation. If i select 'Any authentication protocol', it works perfectly. But when i select Kerberos authentication, for some reason i cannot reach the CA, (I have set the SPNs for the local administrator account)
Can i check with you is it possible to do delegation with kerberos with SPN set for the default administrator account?
thanks!
Hello @PKInoob88 ,
Thank you for your reply.
I discussed with my colleague, by default it is not possible to do delegation with kerberos with SPN set for the default administrator account.
Best Regards,
Daisy Zhou
Hello @PKInoob88 ,
Thank you for posting here.
Based on the description above, would you please confirm the information below:
1.Do you receive the error message "RPC server is unavailable" immediately after you type https://ip/certsrv or https://fqdn/certsrv and click Enter? If not, which step do you receive the error message?
2.If you enroll three certs, one cert is for IP address and the second cert is for FQDN and the third cert is for hostname, then bind one https web page for IP address, bind the second https web page for FQDN and bind the third https web page for hostname, then check if it helps.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
Hi Daisy,
I receive the error after i click through Request A Certificate -> User Cert - > Submit (After this step)