While trying to request a certificate using the Certificates MMC snap-in on a computer running ISA Server, Threat Management Gateway (TMG) or Unified Access Gateway (UAG), you may encounter the following error:

“The RPC Server is unavailable”

This may be caused due to the RPC Filter in ISA Server/TMG. The RPC filter ensures security by monitoring RPC traffic flowing through the firewall. DCOM traffic is also dropped by this filter. However, DCOM is required to request a certificate.

To workaround this problem, disable strict RPC compliance setting on ISA Server/TMG. Here’s how to do it:

• Right click on Firewall Policy and choose Edit System Policy .
• Under Authentication, select Active Directory configuration group
• Uncheck the Enforce Strict RPC Compliance option.

• Click OK and apply your changes.

Of course, you will also need to create a firewall policy rule to allow all traffic from Localhost to Internal. Once you have requested the certificate you can revert these changes.

You can now request certificates from your ISA Server/TMG computer!