Re: RPC Server Unavailable When Requesting Computer Certificate
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/20/05
- Previous message: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)"
- In reply to: Ben: "RPC Server Unavailable When Requesting Computer Certificate"
- Next in thread: Ben: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Reply: Ben: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 16:47:57 -0500
Your best bet would be to enable the "offline ipsec" certificate template
for the CA and have him request that via Web Enrollment. The RPC error is
usually because of a firewall problem or dns problem. If you had to you
could manually request the certificate yourself for that computer and
specify that computer name in the request. Then export the
certificate/private key from your computer [select option to export whole
certificate chain to include CA certificate] to a password protected.pfx
file and send it to the user with instructions how to import it into the
"computer" certificate store. Note that the user would need to be a local
administrator to request and install the certificate. --- Steve
"Ben" <bjblackmore@hotmail.com> wrote in message
news:e85CT7quFHA.1256@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm trying to set up a machine for use with our VPN. We will be using L2TP
> & smartcards, so I need to request a computer certificate. Up till now
> I've been able to configure most computer when people are in the office,
> connected to the domain, using automatic certificate deployment via group
> policy. However we have 1 user who is not going to be in the office, but
> needs VPN access.
>
> So I've changed the VPN access to allow PPTP temporarily, and asked him to
> connect, then I've used remote assistance to terminal service into his
> machine. From there I've managed to use the web based enrollment to
> download the CA certificate, and tried to use the certificates MMC snap in
> to request a computer certificate. However I get the initial screen up,
> asking which certificate I'd like, common name etc, but when I press
> finish, the system hangs for about 10 seconds, then errors with "RPC
> Server is unavailable".
>
> At first I thought this might be a firewall issue, as he was running
> windows firewall, as well as Symantec firewall. So I disabled both, and
> also the firewall on his 3com router. However after trying again, with a
> number of reboots, it still errors. I can ping the CA, the domain, and
> other computers.
>
> Does anyone have any ideas as to how I can successfully request a computer
> certificate? Is there another way of doing it? I notice there is no
> computer certificate option in the web enrollment form, even though the
> template has been added to the CA.
>
> We're using ISA 2004 as the VPN server, and it's allowing all protocols
> through from VPN > internal, and Internal > VPN. The DC is windows 2003
> server, and the client machine is Windows XP pro SP2.
>
> Many thanks
>
> Ben
>
- Previous message: Brian Komar [MVP]: "Re: IIS 6 behavior on checking clients' certificates (again)"
- In reply to: Ben: "RPC Server Unavailable When Requesting Computer Certificate"
- Next in thread: Ben: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Reply: Ben: "Re: RPC Server Unavailable When Requesting Computer Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
