Most likely, a lot of you already faced with an error The RPC server is unavailable. (Exception from HRESULT: 0x800706BA), when you tried to connect to a remote computer or server through a specific MMC management snap-in, WMI, PowerShell, WinRM or another remote control tool.
The easiest way to test RPC connectivity is to use a simple WMI query against remote computer.
In our case, we tried to poll a remote computer through WMI from the PowerShell console.
PS C:\Windows\system32> Get-WmiObject Win32_ComputerSystem –ComputerName 192.168.0.14 Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) At line:1 char:1 + Get-WmiObject Win32_ComputerSystem –ComputerName 192.168.0.14 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
In this example, you can see that the remote computer is not accessible by RPC.
Now you need to check the next things in order to fix the error The RPC server is unavailable 0x800706BA:
- Check if you have entered the incorrect IP address or computer name; check if the remote computer is now in the shutdown/startup state;
- Verify that Remote Procedure Call (RPC) and Windows Management Instrumentation services are running on the remote computer. You can check the status of services using the following commands: sc query Winmgmt and sc query rpcss. In the event that these services are started, the commands are returned STATE: 4 RUNNING. If the services are stopped, run them with the command:
net start rpcss & net start Winmgmt
- Perhaps access to the remote computer over RPC ports is blocked by firewalls (this is a very common reason). If there are no firewalls on your network, try to temporarily disable the firewalls on the client and server side and check the RPC connection. Additionally, for the RPC protocol to operate, you must check the availability of port TCP/135 on the server side. The easiest way is to do this with a PoSh command:
tnc 192.168.1.14 -port 135
If the RPC service is enabled and access to it is not blocked, the TcpTestSucceeded line should contain True.
If you are facing error The RPC server is unavailable 0x800706ba when performing the automatic registration of a certificate on a domain controller or in a certification authority, you can find the following error event in the application log on the server:
Source: CertificateServicesClient-CertEnroll Event ID: 13
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from ServerCA.contoso.com\ ServerCA (The RPC server is unavailable. 0x800706ba (WIN32: 1722))
Source: CertificateServicesClient-AutoEnrollment EventID: 6 Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
This problem can have several solutions, but in most cases the source of the problem is that your computer is a member of the group DCOM access group (DCOM access to certificate service) or the incorrect permission are issued. Follow the next steps:
- On the domain of the controller on which the certification service is deployed, you need to make sure that there is a domain group CERTSVC_DCOM_ACCESS or Certificate Service DCOM Access;
- Add the following domain groups to the CERTSVC_DCOM_ACCESS/Certificate Service DCOM Access group: Domain Users, Domain Controllers, Domain Computers;
- Update the DCOM security settings on the server with the CA role using the commands:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG net stop certsvc & net start certsvc
- On a server with the deployed CA, check the COM Security permissions. For this group, Remote access and Remote Activation permissions should be allowed.
After that, try to restart the computer and check the issuance of the certificate.