KB ID 0000473
Problem
Event ID 6
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Description:
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
Event ID 13
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Description:
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from {hostname}{name of CA}(The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
Solution
Note: The pertinent information in the Event ID 13 above is 0x800706ba there are Other causes of this Event ID make sure yours is the same.
In my case I had an Exchange server that was using a certificate that had been “self signed”. And the Root CA that signed the certificate had been ungracefully removed from the domain. Take a note of the Root CA name from the Event ID error shown arrowed).
1. Launch Active Directory Sites and Services” > Select the top level object > View > Show Services Node.
2. Expand Services > Public Key Services > AIA > Delete the “Problem CA”.
3. Then select “Enrollment Services” > Delete the “Problem CA”.
If you have a New CA (in this example you would have seen it in step 2), then DO NOT perform the next two steps!!!
4. Providing you DONT have a CA now, select “Certificate Templates” and delete them all.
5. Providing you DONT have a CA now, select “Public Key Services” and delete the NTAuthCertificates item.
6. To tidy up, (On the server logging the error) run the following command:
[box] certutil -dcinfo deleteBad [/box]
7. Finally on the server logging the error run the following command to update the policies:
[box] gpupdate /force [/box]
Related Articles, References, Credits, or External Links
NA