Follow

Error: RPC Server is Unavailable When Renewing Certificates From a Microsoft CA (HRESULT: 0x800706BA)

Applies To:

Venafi Encryption Director

Symptom:

When renewing certificates (Between Stages 0 and 700), this error appears in the certificate status:

certStatusHResult.PNG

 

The error log is as follows:

Source IP, Client Time, Component, Severity, Event, Description
[::ffff:192.168.5.48], 1/14/2014 1:47:55 PM, \VED\Policy\ChipsMSCA: \VED\Policy\ChipsMSCA, Error: Error, Translated event: Microsoft CA - Communication Error, An error occurred communicating with the CA \VED\Policy\ChipsMSCA. Error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA). Additional error data
Server stack trace:
at Interop.CERTCLIENTLib.CCertRequestClass.Submit(Int32 Flags, String strRequest, String strAttributes, String strConfig)
at Venafi.ComPlusService.MicrosoftCa.PostCSR(String connection, String template, String csr, Int32& requestId, String& returnMessage)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Venafi.ComPlusService.MicrosoftCa.PostCSR(String connection, String template, String csr, Int32& requestId, String& returnMessage)
at Venafi.Drivers.CertificateAuthority.MicrosoftCaManager.PostCSR(String OwnerDN, String Csr, String& status)

Cause:

This error is caused by Director servers attempting to communicate with a Microsoft CA when the Microsoft CA Integration option was not selected during Director configuration.

There is another cause for this issue, noted here: 

https://support.venafi.com/entries/20802828-Error-The-RPC-server-is-unavailable-when-provisioning-a-certificate-to-an-IIS-application

The instructions given at the above location only apply if you see the error when trying to provision the certificate to an IIS application (Stage 800 and later).

In this case, the error appears when the certificate is going through the enrollment / renewal process (Stages 0 to 700).

Resolution:

In a Multi-Director environment where you will be working with the Microsoft CA, you need to select the Microsoft CA Integration option when installing all Director instances.

msca_integration.png

To install the Microsoft CA Integration feature after initial set-up of your Director environment, you can go back through the installation wizard and add this option.

These are the instructions for re-running DCC to add the option:

Pre-requisites: Stop all Venafi services on your Director server and the UniCert service if you are using it.

  1. Open a Command Prompt window on your Director server and change directories into the

    "<installation drive>:\Program Files\Venafi\Platform" folder

  2. Run the command "dcc -wizard"
  3. Continue with configuration, making sure to select the "Microsoft CA Integration" option on the "Component Selection" page of the configuration wizard
  4. Complete the configuration wizard by going through all of the steps in the wizard.  Simply exiting the wizard after selecting the Microsoft CA Integration feature does not enable the feature.

Post-step: Re-start all Venafi services on your Director server  Re-start the UniCert service if in use.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk