Hey Again !
I’ve blogged in the past about this issue – Certificate autoenrollment fails with RPC server is unavailable , but following a session today, we’ve encountered a new situation when trying to Auto-Enroll certificates, also with manual enrollment using MMC. The error code was 0x800706ba – The RPC server is unavailable
If you read my previous blog, you’ll see I’ve explained a situation with Auto-Enrollment on domain controllers when the CA is installed on a DC. Solution was actually adding the “Domain Controllers” security group to the CERTSVC_DCOM_ACCESS security group, but what happens when the CERTSVC_DCOM_ACCESS was deleted ?
Well, easy ( so it seems )
- Create the CERTSVC_DCOM_ACCESS group – Domain Local, Security Group in the Users container
- Populate the group with “Domain Users” , “Domain Computers” , “Domain Controllers”
- Log on to the CA server and run the following commands:
- certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
- net stop certsvc && net start certsvc
- Restart your effected computers / DC’s , because they have a new computer group membership
- Successfully auto-enroll your certificate
Have fun !