Recently worked on a FIM Certificate Management issue that I wanted to share the information acquired during this troubleshooting session, and what ended up resolving the issue.
Error message
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
FIM CM - Verbose Logging information
An error occurred during request execution. Request: 1) Exception Information ********************************************* Exception Type: System.Runtime.InteropServices.COMException ErrorCode: -2147023174 Message: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) Data: System.Collections.ListDictionaryInternal TargetSite: Microsoft.Clm.CertificateServices.Interop.PropertyType GetCAPropertyFlags(System.String, Microsoft.Clm.CertificateServices.Interop.CAProperty) HelpLink: NULL Source: Microsoft.Clm.CertificateServices.Interop StackTrace Information ********************************************* Server stack trace: at Microsoft.Clm.CertificateServices.Interop.ICertRequest2.GetCAPropertyFlags(String strConfig, CAProperty PropId) at Microsoft.Clm.CertificateServices.Interop.CertRequest.GetCAProperty(String config, CAProperty property, Int32 index, CAFormatFlag flags) at Microsoft.Clm.BusinessLayer.CertificateServer.IsOnline() at Microsoft.Clm.BusinessLayer.RequestExecution.CheckCertificateAuthorityAvailable(UserProfile profileTemplate) at Microsoft.Clm.BusinessLayer.RequestExecution.RequestCertificates(Guid requestGuid, UniqueCertificateRequests enroll, String password, String comment) at Microsoft.Clm.BusinessLayer.SmartCard.SmartCard.EnrollGenerateCerts(Request aRequest, UniqueCertificateRequests enrollData, String pfxPassword, CertificateRequestResults& requestResults) at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.EnrollProtocol.Process() at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.Protocol.ProcessClientMessage() at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.Protocol.ProcessClientMessage(Guid requestUuid, bcspClientMsg clientMsg) at Microsoft.Clm.BusinessLayer.RemoteRequests.ProcessBaseCspClientMessage(Guid requestUuid, bcspClientMsg msg, CultureInfo uiCulture, CultureInfo culture) at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs) at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Clm.BusinessLayer.RemoteRequests.ProcessBaseCspClientMessage(Guid requestUuid, bcspClientMsg msg, CultureInfo uiCulture, CultureInfo culture) at Microsoft.Clm.BulkClient.BaseCsp.ClientProtocol.ExecuteRequest(Guid requestUuid, String reader) at Microsoft.Clm.BulkClient.RequestExecution.RequestExecutionWorkerThread.ExecuteSmartCardRequest(Guid guidReq, Boolean isBaseCsp) at Microsoft.Clm.BulkClient.RequestExecution.RequestExecutionWorkerThread.DoWork()
An error occurred during request execution. Request:
1) Exception Information ********************************************* Exception Type: System.Runtime.InteropServices.COMException ErrorCode: -2147023174 Message: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) Data: System.Collections.ListDictionaryInternal TargetSite: Microsoft.Clm.CertificateServices.Interop.PropertyType GetCAPropertyFlags(System.String, Microsoft.Clm.CertificateServices.Interop.CAProperty) HelpLink: NULL Source: Microsoft.Clm.CertificateServices.Interop
StackTrace Information *********************************************
Server stack trace: at Microsoft.Clm.CertificateServices.Interop.ICertRequest2.GetCAPropertyFlags(String strConfig, CAProperty PropId) at Microsoft.Clm.CertificateServices.Interop.CertRequest.GetCAProperty(String config, CAProperty property, Int32 index, CAFormatFlag flags) at Microsoft.Clm.BusinessLayer.CertificateServer.IsOnline() at Microsoft.Clm.BusinessLayer.RequestExecution.CheckCertificateAuthorityAvailable(UserProfile profileTemplate) at Microsoft.Clm.BusinessLayer.RequestExecution.RequestCertificates(Guid requestGuid, UniqueCertificateRequests enroll, String password, String comment) at Microsoft.Clm.BusinessLayer.SmartCard.SmartCard.EnrollGenerateCerts(Request aRequest, UniqueCertificateRequests enrollData, String pfxPassword, CertificateRequestResults& requestResults) at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.EnrollProtocol.Process() at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.Protocol.ProcessClientMessage() at Microsoft.Clm.BusinessLayer.SmartCard.BaseCsp.Protocol.ProcessClientMessage(Guid requestUuid, bcspClientMsg clientMsg) at Microsoft.Clm.BusinessLayer.RemoteRequests.ProcessBaseCspClientMessage(Guid requestUuid, bcspClientMsg msg, CultureInfo uiCulture, CultureInfo culture) at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs) at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Clm.BusinessLayer.RemoteRequests.ProcessBaseCspClientMessage(Guid requestUuid, bcspClientMsg msg, CultureInfo uiCulture, CultureInfo culture) at Microsoft.Clm.BulkClient.BaseCsp.ClientProtocol.ExecuteRequest(Guid requestUuid, String reader) at Microsoft.Clm.BulkClient.RequestExecution.RequestExecutionWorkerThread.ExecuteSmartCardRequest(Guid guidReq, Boolean isBaseCsp) at Microsoft.Clm.BulkClient.RequestExecution.RequestExecutionWorkerThread.DoWork()
In this particular issue, we discovered the cause of the problem to be an Access Denied. We discovered that the account issuing the smart cards was not allowing delegation.
Possible problem connecting to the Certifcate Authority (CA): Here is a Microsoft Knowledge Base Article ( KB-975795: Error Connecting to Certificate Authority: <domain>\<CA name> ) that provides information into this error and items to check. *NOTE: Even if you have done some of these, it is important to double check these items, as that is what we did in this case and we were able to locate the issue.
In one customer issue, we discovered that item #4 in the above mentioned Microsoft Knowledge Base Article was actually our problem. #4 The user account requesting the certificate might have the "Account is sensitive and cannot be delegated" checkbox checked in the Account options section of the Account tab in AD Users and Computers.
Provide the account issueing the Smart Cards with allowing delegation
Pieter de Loos edited Revision 2. Comment: Changed layout to defaults
Fernando Lugão Veltem edited Revision 1. Comment: added tag and remove blank space
I faced same error and found a solution by opening the Group Policy Object Editor (gpedit.msc) and edited the Group Policy object (GPO) that is used to manage Windows Firewall settings.
Open Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile & Standard Profile.
Here enable the following exceptions: "Allow inbound remote administration exception" and "Allow inbound file and printer sharing exception".