Troubleshooting Error 1722 “The RPC Server is Unavailable”

832

Error 1722 RPC Server Unavailable (RPC_S_SERVER_UNAVAILABLE) is a quite common Windows error. Often domain administrators face this error when AD replication is not working as expected. However, this error can also appear on workstations running Windows 10 or Windows Server, without the ADDS role installed. This article will show how to troubleshoot and fix the RPC error 1722 in different cases.

Active Directory Domain Controller Replication Error: The RPC Server is Unavailable

In this section we’ll take a look at the basic ways to fix Active Directory replication Error 1722: The RPC server is unavailable when syncing changes between domain controllers. You can face the error both in the domain controller event logs and when trying to start or check the replication status using the Repadmin tool.

For example, you want to check the current status of Active Directory domain controllers with the command:

repadmin /replsummary

Or:

repadmin /showrepl

As you can see, some domain controllers return an error “(1722) The RPC server is unavailable”. This means that some domain controllers are unable to replicate AD data (or just inactive) for a few days.

Hint. There is a similar error RPC Server is Unavailable 0x800706BA, which is usually not associated with Active Directory domain controllers, and can occur on any Windows device. This needs to be fixed differently.

Let’s consider the typical reasons for such an error:

1. The domain controller is offline (or broken);
2. Changes have been made to the network, or new Windows Defender Firewall rules have been added to block the AD replication traffic;
3. Incorrect DNS configuration on domain controllers, or invalid DNS records;
4. Poor network performance or high latency.

Make sure the specified domain controllers are powered on and the following Windows services are running on them:

• COM+ Event System;
• Remote Procedure Call (RPC);
• Active Directory Domain Services;
• DNS Client;
• DFS replication service;
• Intersite Messaging;
• Kerberos Key Distribution Center;
• Security Accounts Manager;
• Server;
• Workstation;
• Windows Time;
• NETLOGON.

Note. Now let’s say a few words about how replication works in an Active Directory domain. Replication (Synchronization) Active Directory is a fully automated process. Each domain controller periodically writes changes that occurred on other domain controllers (replication partners) to its local AD database (ntds.dit file). This means that to make changes from dc02 to dc01, it is required that dc02 should be the replication partner of the dc01.

First of all, to verify that everything is fine with replication, you need to make sure the UNC path \\lon-dc01 (this is a problematic DC that returns error 1722 RPC server unavailable) is accessible, and the SYSVOL and NETLOGON folders are shared.

If they are not available, use the built-in ping and tracert tools to test basic network connectivity between the RPC client and server:

ping lon-dc01 

tracert lon-dc01

If the RPC client and server are on different networks, make sure traffic is properly routed between them. If they are in different physical locations, check if the link between them is up.

Then check the permissions on the NETLOGON and SYSVOL folders, and check the availability of TCP 135/445 ports, maybe they are blocked by the firewall.

Now check if TCP port 135 (RPC locator) on the domain controller returning error 1722 is in the listening state. You can do this using telnet or the PowerShell Test-NetConnection cmdlet:

telnet lon-dc01 135

Or:

Test-NetConnection lon-dc01 –port 135

A common source of such problems is the incorrect DNS configuration on the DC. Check if the correct DNS servers’ IP addresses are specified in the DC network connection settings. The primary address should be the address of another DC, and the secondary one is its own IP address.

Check the DNS health on a problem DC with the dcdiag tool:

DCDIAG /TEST:DNS /V /S:<ProblemDCName>

Active Directory uses the dynamic range of TCP ports for replication. Windows Server 2008 R2 (and higher) uses the following port range for TCP Dynamic RPC — from 49152 to 65535.

In some cases, an AD administrator can bind (restrict) Active Directory replication traffic on a specific port. In this case, the fixed RPC port number must be configured in the domain controller registry. For example, to bind the AD replication traffic on TCP port 5000 (0x1388), you need to change the registry key on the domain controller:

[HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]

"TCP/IP Port"=dword:00001388

If firewalls are used on your corporate network and the replication port AD is fixed, then replication won’t work on the newly promoted DC. This happens because the DC will try to replicate with the partner over a random port from the dynamic RPC range that is blocked by the firewalls.

After you’ve fixed all problems, you can run the repadmin /replsummary command again, and check if the replication was successful. We also recommend initiating the AD replication manually and checking for errors. Make sure the dcdiag /a /q command doesn’t return errors.

RPC Server is Unavailable (Error Code: 1722) on Windows 10/Windows Server

On Windows, you may receive the error “1722 The RPC server is unavailable” if the local service/app on your computer cannot communicate with the service on the remote computer.

Note. RPC is a widely used network communication protocol for exchanging data between local computers (RPC client) and remote computers (RPC server). If the RPC client is unable to connect to the RPC server, the “RPC Server Unavailable” error appears.

In this case, first of all, you need to check if the services required for the RPC protocol are running on the remote computer:

• Remote Procedure Call (RPC);
• RPC Endpoint Mapper;
• DCOM Server Process Launcher;
• Remote Procedure Call (RPC) Locator service (is not typically running).

Open the Service management console (services.msc), and check if the specified services are in the Running state. If not, start them manually.

Also, some network applications may return error 1722 The RPC server is unavailable if TCP/IPv6 protocol is disabled on the computer.

Open the properties of your network adapter in the control panel (Win + R > ncpa.cpl), and check if Internet Protocol Version 6 (TCP/IPv6) and File and Printer Sharing for Microsoft Network are enabled.

Then clear the DNS cache with the command:

ipconfig /flushdns

Some RPC-based services don’t work correctly when IPv6 is disabled. Try to enable the IPv6 protocol in the properties of the network adapter. If the “RPC server is unavailable” error persists, try to disable the Teredo protocol through the registry. To do this, create a DWORD parameter with the name DisabledComponents and value 8 under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters. Restart your computer and check RPC connectivity

Also, RPC error 1722 can occur when you try to print a document on a remote computer with a shared network printer. In this case, you need to check if the remote computer is turned on, and the Print Spooler service is running on it. Open the services.msc console and start the Print Spooler service.

Troubleshooting RPC Connectivity Using Portquery

The Remote Procedure Call (RPC) protocol is used in Windows to communicate between computers over a network. Many built-in Windows services use RPC (Distributed File System, AD Replication, DCOM services, MSSQL, Exchange, SCOM, SCCM, NLB, Microsoft Cluster Services, Certificate services, join domain, etc.).

The RPC protocol is based on a client-server model. The RPC server accepts and processes connections using the RpcSs service. Windows dynamic ports are used to communicate between clients and the RCP server (TCP Range from 49152 and up to 65535).

The static TCP port 135 is used as the starting point for RPC communication. This port is listened by the RPC Endpoint Mapper (RpcEptMapper) service. In a normal RPC session, the client connects to the RPC endpoint mapper service on the server on port 135 and requests the dynamic port number assigned to the particular service. RpcEptMapper responds with the IP address and service port number (a random dynamic port is assigned when the service starts).

The most common causes of RPC errors are:

• Disabled RPC service;
• Name resolution errors (DNS or NetBIOS);
• Network connectivity issues;
• RPC Traffic blocking by firewall.

You can use the portquery tools to diagnose the availability of the RPC and RPC Port Mapper services (PortQry Command Line Port Scanner).

To check the availability of the RPC Port Mapper port on a remote server, run the command:

portqry -n <problem_server> -e 135

In this example, you can see that the RPC Port Mapper service is available on TCP port 135. The service also returned a list of running RPC endpoints and the ports assigned to them (in square brackets). Check if the service you are troubleshooting is on this list. Check if the port assigned to your TCP service is not blocked by firewalls between the client and server.

portqry -n <problem_server> -p tcp -e 49666