Avatar of Patrick
Patrick
 asked on

The RPC server is unavailable

I'm getting quite a few Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable and Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from LEVERE.SAE.net\levere (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

Problem is - it's looking for a server that was dcpromo-ed and removed from the network (Levere.sae.net\levere). Troubling still is I'm working to figure out why on a new DNS server, the A record for our e-mail server would be automatically deleted from DNS, which may or may not be related but am going through all the error logs trying to resolve to deduce (I already turned off aging/scavenging which was already disabled).

How can I remove need for our network to automatically renew a certificate enrollment?
Windows Server 2008Windows Server 2003

Avatar of undefined
Last Comment
Patrick

8/22/2022 - Mon
Darius Ghassem

Run metadata cleanup to make sure all objects were remove for the DC>

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Patrick

ASKER
No mention of the old server in any DC - however when I attempt to list servers in site in on DC, it only finds 1 server when it should find 3
Darius Ghassem

Run dcdiag post results
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Patrick

ASKER
Edit: No mention of the old server in any DC - however when I attempt to list servers in site in on ONE DC, Minerva , it only finds 1 server when it should find 3  and lists it as 0 - (null) when on another DC - when you go to that Domain DC, it finds all three servers, none being the old one
Patrick

ASKER
Old DC:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.SIGMA.000>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\MINERVA
      Starting test: Connectivity
         ......................... MINERVA passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MINERVA
      Starting test: Replications
         ......................... MINERVA passed test Replications
      Starting test: NCSecDesc
         ......................... MINERVA passed test NCSecDesc
      Starting test: NetLogons
         ......................... MINERVA passed test NetLogons
      Starting test: Advertising
         ......................... MINERVA passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MINERVA passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MINERVA passed test RidManager
      Starting test: MachineAccount
         ......................... MINERVA passed test MachineAccount
      Starting test: Services
         ......................... MINERVA passed test Services
      Starting test: ObjectsReplicated
         ......................... MINERVA passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MINERVA passed test frssysvol
      Starting test: frsevent
         ......................... MINERVA passed test frsevent
      Starting test: kccevent
         ......................... MINERVA passed test kccevent
      Starting test: systemlog
         ......................... MINERVA passed test systemlog
      Starting test: VerifyReferences
         ......................... MINERVA passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : SAE
      Starting test: CrossRefValidation
         ......................... SAE passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... SAE passed test CheckSDRefDom

   Running enterprise tests on : SAE.net
      Starting test: Intersite
         ......................... SAE.net passed test Intersite
      Starting test: FsmoCheck
         ......................... SAE.net passed test FsmoCheck

C:\Documents and Settings\Administrator.SIGMA.000>
Patrick

ASKER
New DC:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator.SIGMA>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = NetOps
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NETOPS
      Starting test: Connectivity
         ......................... NETOPS passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NETOPS
      Starting test: Advertising
         ......................... NETOPS passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... NETOPS passed test FrsEvent
      Starting test: DFSREvent
         ......................... NETOPS passed test DFSREvent
      Starting test: SysVolCheck
         ......................... NETOPS passed test SysVolCheck
      Starting test: KccEvent
         ......................... NETOPS passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... NETOPS passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... NETOPS passed test MachineAccount
      Starting test: NCSecDesc
         ......................... NETOPS passed test NCSecDesc
      Starting test: NetLogons
         ......................... NETOPS passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... NETOPS passed test ObjectsReplicated
      Starting test: Replications
         ......................... NETOPS passed test Replications
      Starting test: RidManager
         ......................... NETOPS passed test RidManager
      Starting test: Services
         ......................... NETOPS passed test Services
      Starting test: SystemLog
         ......................... NETOPS passed test SystemLog
      Starting test: VerifyReferences
         ......................... NETOPS passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : SAE
      Starting test: CheckSDRefDom
         ......................... SAE passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... SAE passed test CrossRefValidation

   Running enterprise tests on : SAE.net
      Starting test: LocatorCheck
         ......................... SAE.net passed test LocatorCheck
      Starting test: Intersite
         ......................... SAE.net passed test Intersite

C:\Users\Administrator.SIGMA>
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Darius Ghassem

Patrick

ASKER
I added Domain Controllers to that security group, but why would it be refrencing a server that's no longer on the network?
Darius Ghassem

I have had the issue before I don't remember why to be honest.

Lets see if this actually fixes the problem
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Patrick

ASKER
The error still pops up maybe twice a day on the old DC, it's occured once on the new DC, so I guess the issue remains?
ASKER CERTIFIED SOLUTION
Darius Ghassem

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Patrick

ASKER
How woud I double check that I don't have a new CA -
Patrick

ASKER
Sorry - that was a dumb question, I don't.

There are 2 mentions of the certificate under Certification Autorities, CDP, and KRA, is it safe to delete from there as well?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Darius Ghassem

Yes
Patrick

ASKER
Absolutely pefect - THANKS!!!