0

I am setting up an RA and a Subordinate CA who is also an AD.

I can issue certs through certutil and the mmc snap-in with no problem.

But when I try using Web Enrollment in the RA, it fails saying "The RPC server is unavailable. 0x800706ba (WIN32: 1722)"

This is what the webpage shows:

Modo de solicitud:
newreq - Nueva solicitud 
Disposición:
(nunca establecido) 
Disposición de mensaje:
(ninguno) 
Resultado:
El servidor RPC no está disponible. 0x800706ba (WIN32: 1722) 
Información de error de COM :
CCertRequest::Submit: El servidor RPC no está disponible. 0x800706ba (WIN32: 1722) 
último estado:
La operación se ha completado correctamente. 0x0 (WIN32: 0) 
Causa sugerida:
Es posible que este error se produzca si el Servicio de entidad de certificación no ha sido iniciado.

Following this guide did not help to troubleshoot the problem: http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx

I can certutil -ping -config "XXX.ca.loc\CA" the CA from the RA successfully so apparently it's not a network problem.

I have even given the User Template permisions to "Everybody" in case it was a security problem but no luck.

How can I fix this issue so that the Web Enrollment form the RA works?

Thanks!

JuanKB1024
  • 133
  • 1
  • 2
  • 7
  • is web enrollment installed on the CA server, or on different server? Also, is there any specific reason to use web enrollment? Nowadays web enrollment is way too old and new mechanisms (web enrollment services) are recommended over web enrollment pages. – Crypt32 Feb 04 '15 at 15:55
  • No, Web Enrollment is installed on the RA but not the Sub CA. This is enabled for certs other than device certs for specific apps. – JuanKB1024 Feb 16 '15 at 13:22

1 Answers1

0

Fix for me was the computer object for the Web Enrollment service needed to be trusted for delegation. https://blogs.technet.microsoft.com/askds/2009/04/22/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy/

Chris
  • 11
  • 1
    Hi there, while the link you posted may solve the question it is preferred that you include a summary to ensure that a dead link does not remove the utility of the answer in the future. – Jacob Jan 31 '17 at 22:02
  • Thank you! This solved it for me too. I don't agree with the comment above because your sentence is more than enough information for me to know what to do. I didn't need the link to understand – Shaun Vermaak May 16 '19 at 06:20