CA Web Enrollment Proxy on Windows 2022

George He 41 Reputation points
2022-06-10T00:55:29.573+00:00

Hi,

I installed Web Enrollment Proxy on a domian server. Also followed below link to configure delegation.

https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy/ba-p/396255

But when I try to request a certificate, I got below. If I install Web Enrollment on the issuing CA, it works. However I hope to seperate them out.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
The RPC server is unavailable. 0x800706ba (WIN32: 1722)
COM Error Info:
CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
LastStatus:
The operation completed successfully. 0x0 (WIN32: 0)
Suggested Cause:
This error can occur if the Certification Authority Service has not been started.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,309 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 37,356 Reputation points
    2022-06-13T08:06:29.147+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having issues related to for CA web enrollment.

    1. Please DCOM permissions

    Open an MMC console and add the Component Services snap-in. Open -> Component Services and DCOM Config. Then find the CertSRV Request. Check the Properties, Security and Access Permissions. There are separate permissions for Local and Remote access.

    1. Log onto the CA, check whether Remote Procedure Call services (including RPC and RPCLocator services) are running, if not, start them manually.
    2. Disable any Antivirus program or Windows firewall you may have for temporary purpose.
    3. Ensure ports TCP 135 and randomly allocated high TCP ports are not blocked, or you may temporarily disable firewall on the CA to test.

    --If the reply is helpful, please Upvote and Accept as answer--


  2. George He 41 Reputation points
    2022-06-17T06:16:54.267+00:00

    I have fixed it by going into Active Directory Users and Computers, find out the Web enrollment proxy computer name. Right click ->Property->Delegation - >"Turst this computer for delegation to specified servcies only ->"Use any authentication protocol". Then click "Add", add CA computer's all service Type.

    The key here is "Use any authentication protocol".

    No comments