RPC Server Unavailable When Requesting Computer Certificate

From: Ben (bjblackmore_at_hotmail.com)
Date: 09/16/05

  • Next message: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)" 
    Date: Fri, 16 Sep 2005 12:07:10 +0100

    Hi,

    I'm trying to set up a machine for use with our VPN. We will be using L2TP &
    smartcards, so I need to request a computer certificate. Up till now I've
    been able to configure most computer when people are in the office,
    connected to the domain, using automatic certificate deployment via group
    policy. However we have 1 user who is not going to be in the office, but
    needs VPN access.

    So I've changed the VPN access to allow PPTP temporarily, and asked him to
    connect, then I've used remote assistance to terminal service into his
    machine. From there I've managed to use the web based enrollment to download
    the CA certificate, and tried to use the certificates MMC snap in to request
    a computer certificate. However I get the initial screen up, asking which
    certificate I'd like, common name etc, but when I press finish, the system
    hangs for about 10 seconds, then errors with "RPC Server is unavailable".

    At first I thought this might be a firewall issue, as he was running windows
    firewall, as well as Symantec firewall. So I disabled both, and also the
    firewall on his 3com router. However after trying again, with a number of
    reboots, it still errors. I can ping the CA, the domain, and other
    computers.

    Does anyone have any ideas as to how I can successfully request a computer
    certificate? Is there another way of doing it? I notice there is no computer
    certificate option in the web enrollment form, even though the template has
    been added to the CA.

    We're using ISA 2004 as the VPN server, and it's allowing all protocols
    through from VPN > internal, and Internal > VPN. The DC is windows 2003
    server, and the client machine is Windows XP pro SP2.

    Many thanks

    Ben

  • Next message: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)"

    Relevant Pages

    • Re: Exportable computer certificate
      ... access without a computer certificate that your VPN server trusts and even ... With l2tp however the encrypted tunnel is created ... >> allow pptp so that you can request the certificate over the VPN ...
      (microsoft.public.windows.server.security)
    • Re: L2TP setup.
      ... You are right, as I know, the L2TP/IPSsc VPN do not need to use GRE47. ... Please perform the steps in "Issue Certificates to the ISA Server ... |> ii. Obtain a new machine certificate and install it ... |> iv. Make an L2TP connection to the server ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN Problem, PC not Authenticating with Server
      ... thank you for using Microsoft newsgroup. ... do you mean you have configured L2TP/IPSec VPN ... |> is the VPN server, ... you must install a certificate in the local ...
      (microsoft.public.windows.server.sbs)
    • Re: RPC Server Unavailable When Requesting Computer Certificate
      ... > while making the request for the cert. ... > on the firewall for RPC to work and allow for the cert request to work ... so I need to request a computer certificate. ... >> So I've changed the VPN access to allow PPTP temporarily, ...
      (microsoft.public.windows.server.security)
    • Re: RPC Server Unavailable When Requesting Computer Certificate
      ... > while making the request for the cert. ... > on the firewall for RPC to work and allow for the cert request to work ... so I need to request a computer certificate. ... >> So I've changed the VPN access to allow PPTP temporarily, ...
      (microsoft.public.security)