D
Dandotwalker
Hi All,
I have a test environment I am setting up for my team. Every Windows server is 2016 Datacenter.
ROOTCA1 - Root certificate authority, not domain joined
DC1 - AD and DNS only
CA1 - Automatic cert issuance
CA2 - Manual cert issuance
OCSP1 - OCSP and RA
The configuration is set so there is one DC, 2 CA and 1 RA which also provides OCSP. For this forum thread I wish to concentrate on the RA side.
During the set up I installed CA1 and CA2 as just certificate authorities. They work great. They have no web services on them. To generate a cert, you can use the command line utility certreq.
For web enrolment, I want to use the certsrv web utility on the OCSP1 server. I have installed that service and during the setup I pointed it to CA2.
If I try to use a CSR to generate a certificate using OCSP1 I get this error:
Result: The RPC Server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
There are lots of posts about this which I have checked and tried, but they do not help.
Things I have tried:
Disable Firewall - There is no firewall or antivirus yet
Trust delegation - After this I restarted all machines concerned and it did not work still.
Looking through logs - There are no logs that I can find to work out why this is happening.
CertUtil Ping - The server which is listed as "Config" in CertUtil output can successfully be pinged from CertUtil.
Does anyone have any ideas what to do next please?
Continue reading...
I have a test environment I am setting up for my team. Every Windows server is 2016 Datacenter.
ROOTCA1 - Root certificate authority, not domain joined
DC1 - AD and DNS only
CA1 - Automatic cert issuance
CA2 - Manual cert issuance
OCSP1 - OCSP and RA
The configuration is set so there is one DC, 2 CA and 1 RA which also provides OCSP. For this forum thread I wish to concentrate on the RA side.
During the set up I installed CA1 and CA2 as just certificate authorities. They work great. They have no web services on them. To generate a cert, you can use the command line utility certreq.
For web enrolment, I want to use the certsrv web utility on the OCSP1 server. I have installed that service and during the setup I pointed it to CA2.
If I try to use a CSR to generate a certificate using OCSP1 I get this error:
Result: The RPC Server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
There are lots of posts about this which I have checked and tried, but they do not help.
Things I have tried:
Disable Firewall - There is no firewall or antivirus yet
Trust delegation - After this I restarted all machines concerned and it did not work still.
Looking through logs - There are no logs that I can find to work out why this is happening.
CertUtil Ping - The server which is listed as "Config" in CertUtil output can successfully be pinged from CertUtil.
Does anyone have any ideas what to do next please?
Continue reading...