Certificate autoenrollment fails with RPC server is unavailable – Again

Hey Again !

I’ve blogged in the past about this issue – Certificate autoenrollment fails with RPC server is unavailable , but following a session today, we’ve encountered a new situation when trying to Auto-Enroll certificates, also with manual enrollment using MMC. The error code was 0x800706ba –  The RPC server is unavailable

If you read my previous blog, you’ll see I’ve explained a situation with Auto-Enrollment on domain controllers when the CA is installed on a DC. Solution was actually adding the “Domain Controllers” security group to the CERTSVC_DCOM_ACCESS security group, but what happens when the CERTSVC_DCOM_ACCESS was deleted ?

Well, easy ( so it seems )

  1. Create the CERTSVC_DCOM_ACCESS group – Domain Local, Security Group in the Users container
  2. Populate the group with “Domain Users” , “Domain Computers” , “Domain Controllers”
  3. Log on to the CA server and run the following commands:
    1. certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
    2. net stop certsvc && net start certsvc
  4. Restart your effected computers / DC’s , because they have a new computer group membership
  5. Successfully auto-enroll your certificate

Have fun !

Reference links:


Also (Again):



About ilantz

I am a technology enthusiastic, I've been working as an IT consultant since late 2007, I attained extensive experience with Microsoft's Exchange Server, Active Directory, Forefront products and the Windows server platform. I love designing solutions, handling security measures, architecture and advanced troubleshooting.
This entry was posted in PKI. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s