Re: RPC Server Unavailable When Requesting Computer Certificate

From: Ben (bjblackmore_at_hotmail.com)
Date: 09/21/05 

Date: Wed, 21 Sep 2005 09:52:16 +0100

Hi Steve,

Thanks for the reply. I had looked into doing this, but I couldn't find any
documentation on how to request a certificate on behalf of another computer
(lots of documentation for doing another user). I've installed the
certificate for "enrollment agent (computer)", but if I do 'request new
certificate' and select computer, I don't get the option to enter the other
computer name, even if I select advanced, I can put it in the friendly name,
but at the end on the details screen, computer name is still that of my
computer. If I try to export this, I don't get the option to export the
private key, it's greyed out. And the only certificate format I can export
to is DER encoded, Base-64 or Cryptographic message syntax, again the option
for PFX is greyed out!
If you know of any documentation that exists, could you point me in the
right direction!

Cheers

Ben

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uJ70H0ivFHA.2064@TK2MSFTNGP09.phx.gbl...
> Your best bet would be to enable the "offline ipsec" certificate template
> for the CA and have him request that via Web Enrollment. The RPC error is
> usually because of a firewall problem or dns problem. If you had to you
> could manually request the certificate yourself for that computer and
> specify that computer name in the request. Then export the
> certificate/private key from your computer [select option to export whole
> certificate chain to include CA certificate] to a password protected.pfx
> file and send it to the user with instructions how to import it into the
> "computer" certificate store. Note that the user would need to be a local
> administrator to request and install the certificate. --- Steve
>
>
> "Ben" <bjblackmore@hotmail.com> wrote in message
> news:e85CT7quFHA.1256@TK2MSFTNGP09.phx.gbl...
>> Hi,
>>
>> I'm trying to set up a machine for use with our VPN. We will be using
>> L2TP & smartcards, so I need to request a computer certificate. Up till
>> now I've been able to configure most computer when people are in the
>> office, connected to the domain, using automatic certificate deployment
>> via group policy. However we have 1 user who is not going to be in the
>> office, but needs VPN access.
>>
>> So I've changed the VPN access to allow PPTP temporarily, and asked him
>> to connect, then I've used remote assistance to terminal service into his
>> machine. From there I've managed to use the web based enrollment to
>> download the CA certificate, and tried to use the certificates MMC snap
>> in to request a computer certificate. However I get the initial screen
>> up, asking which certificate I'd like, common name etc, but when I press
>> finish, the system hangs for about 10 seconds, then errors with "RPC
>> Server is unavailable".
>>
>> At first I thought this might be a firewall issue, as he was running
>> windows firewall, as well as Symantec firewall. So I disabled both, and
>> also the firewall on his 3com router. However after trying again, with a
>> number of reboots, it still errors. I can ping the CA, the domain, and
>> other computers.
>>
>> Does anyone have any ideas as to how I can successfully request a
>> computer certificate? Is there another way of doing it? I notice there is
>> no computer certificate option in the web enrollment form, even though
>> the template has been added to the CA.
>>
>> We're using ISA 2004 as the VPN server, and it's allowing all protocols
>> through from VPN > internal, and Internal > VPN. The DC is windows 2003
>> server, and the client machine is Windows XP pro SP2.
>>
>> Many thanks
>>
>> Ben
>>
>
>

Relevant Pages

  • Re: Computer and User Certificates Issues
    ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
    (microsoft.public.windows.server.security)
  • Re: RPC Server Unavailable When Requesting Computer Certificate
    ... > while making the request for the cert. ... > on the firewall for RPC to work and allow for the cert request to work ... so I need to request a computer certificate. ... >> So I've changed the VPN access to allow PPTP temporarily, ...
    (microsoft.public.security)
  • RE: SIMple SSL question ??
    ... OK - i would also delete a cert request file lying around. ... But a certificate is a pub key + extra info. ... That said - if someone compromises the server he will also find a way to retrieve the private key. ... traffic between the initial web server and the client. ...
    (microsoft.public.dotnet.security)
  • Re: RPC Server Unavailable When Requesting Computer Certificate
    ... > while making the request for the cert. ... > on the firewall for RPC to work and allow for the cert request to work ... so I need to request a computer certificate. ... >> So I've changed the VPN access to allow PPTP temporarily, ...
    (microsoft.public.windows.server.security)