“RPC Server is unavailable” error when requesting a certificate
While trying to request a certificate using the Certificates MMC snap-in on a computer running ISA Server, Threat Management Gateway (TMG) or Unified Access Gateway (UAG), you may encounter the following error:
“The RPC Server is unavailable”
This may be caused due to the RPC Filter in ISA Server/TMG. The RPC filter ensures security by monitoring RPC traffic flowing through the firewall. DCOM traffic is also dropped by this filter. However, DCOM is required to request a certificate.
To workaround this problem, disable strict RPC compliance setting on ISA Server/TMG. Here’s how to do it:
- Right click on Firewall Policy and choose Edit System Policy .
- Under Authentication, select Active Directory configuration group
- Uncheck the Enforce Strict RPC Compliance option.
- Click OK and apply your changes.
Of course, you will also need to create a firewall policy rule to allow all traffic from Localhost to Internal. Once you have requested the certificate you can revert these changes.
You can now request certificates from your ISA Server/TMG computer!
Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.
New blog post: “RPC Server is unavailable” error when requesting a certificate on #ISAServer or #TMG http://tinyurl.com/ydy268a
Thnxs,
I was looking a long time for this solutions !!!
Many Thanks dude , this resolved my issue !
Glad I could be of help. I posted another workaround to the same problem here:
http://www.microsoftnow.com/2011/01/rpc-server-unavailable-error-while-requesting-ip-https-certificate-on-uag.html
What about trying to access the TMG server for remote monitoring using DCOM over RPC. When I run wbemtest from the monitoring server and try to connect to the TMG server to test I get The RPC server is unavailable.
Hi Shijaz,
Are you local here in Qatar?
possible you can send me an email with your contact details?
I am here in Qatar too, would be nice to meet you….
Thanks man! This helped me today, I first tried using RPC(All Interfaces) as the protocol for the rule that allowed communication from localhost to internal. This did not work, I changed it to “All Outbound Traffic” and it started working!
Awesome, cheers.