I've setup up Web Enrollment on a separate Windows 2012 Server and getting "The RPC server is unavailable. 0x800706ba (WIN32: 1722)". I can see my Custom Templates. My CA is a Cluster on two 2012 server nodes. Domain Controller is 2008 R2
- Serverconfig in certdat.inc is correct for cluster dnshostname
- Installing Web Enrollment on the active cluster node is working fine, i can enroll certificates and download root cert via certsrv.
- Autoenrollment and Enrollment via mmc are working. I can also request Certificare via IIS for my webserver.
- Disabled windows firewall on all servers and opened all com ports i could find for in and outbound
- Activated delegation for Webserver computer
- certutil ping and pingadmin shows no error, interface is alive from webserver
- all Server are on same subnet so no firewall between this servers
I guess it has to do something with DCOM but steps like descried here http://social.technet.microsoft.com/Forums/en-US/2b93bfa8-c162-4fc8-9cf3-a8f8f8c8ff29/rpc-server-is-unavailable-requesting-a-new-certificate will not work.
- I've set Access Permissions and Launch and Active Permission on both CA Nodes (edit limits shows computer/Certificate DCOM but domain group isn't available anyway)
- i've put Domain Admins, Computers, Controllers, User and NT Authority/Authenticated Users in Builtin\Certififcate Service DCOM Access Group
- Builtin/user has domain users, authenticated and interactive
- changing certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG won't work, after restart it shows old value
- added domain users, computers, admins on both ca nodes to local computer certificate service Dcom Access Group