Attempting autoenrollment of server certificates in my domain seeing EVENT ID's 6 and 13 RPC server is unavailable 0x800706ba. Same for domain controller autoenrollment. I checked the security on the cert template it is set for autoenroll and enroll and read for domain computers. Everything is Server 2016
On the AD group Certificate Service DCOM Access I added domain computers/users/controllers and authenticated users. My issuing CA computer account is listed in Cert Publishers AD group as well.
I tried turning off the local FW that didn't help. and of course RPC service is actually running.
The certs are not sitting in Pending requests in the CA. And there is no old CA floating around my environment this is the first and only one. In the Event ID you can see it calling out the correct CA in the request.
I looked at registry and rsop and confirmed it is getting the Autoenrollment policy but even if you manually request a new Cert via the cert console on the server you get the same error about RPC not available.
My issuing CA is not a domain controller but a domain joined server
I don't know where else to look
CraigB