The RPC Server is Unavailable Error (0x800706BA)

1.8K

When you connect to a remote computer or server using MMC snap-ins, WMI, PowerShell, WinRM, or another remote management tool, you may receive the error The RPC server is unavailable (Exception from HRESULT: 0x800706BA). In this article, we will look at the main causes of the 0x800706BA RPC error and how to fix it.

Basic RPC Connectivity Troubleshooting on Windows

The most common cause for error 0x800706BA is that the RPC service is not running on the remote computer, or the connection to it is blocked by a firewall.

You can test the RPC connectivity between the local computer and the remote computer by using the following PowerShell command that queries the WMI service:

Get-WmiObject Win32_ComputerSystem –ComputerName 192.168.0.14

The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

In this example, you can see that the remote computer is not accessible via RPC.

The RPC communication between your hosts works fine if you get any output or a “Get-WmiObject : Access is denied” error (means that you do not have the necessary permissions to access the WMI service on the remote computer).

Most common problems that can cause the RPC server unavailable error:

• The remote computer is switched off or there are other network connectivity issues;
• The RPC service is stopped/failed on the remote computer;
• Firewalls between your computer and the remote computer block the RPC Endpoint Mapper port (TCP/135) or the dynamic RPC port range.

Now you need to check the next things in order to fix the RPC error 0x800706BA:

1. Check that you have entered the correct IP address or remote computer name;
2. Check that the remote host is powered on;
3. Verify that the Remote Procedure Call (RPC) and Windows Management Instrumentation services are running on the remote computer. You can use PowerShell to check the service status:

   Get-Service Winmgmt,rpcss, DcomLaunch

   

If the services are stopped, run them.

Or you can run the Service management console GUI (services.msc) to make sure that the Remote Procedure Call (RPC) and DCOM Server Process Launcher services are running and configured to start automatically.

You should then check that the RPC Endpoint Mapper is listening on the remote computer on TCP port 135:

netstat -ano | find "135"

The following firewall ports must be open for RPC communication on the remote computer:

• TCP/135 (RPC Endpoint Mapper)
• TCP port from 49152 to 65535 (RPC Dynamic Ports)

To check the availability of the TCP/135 port, you can use the Test-NetConnection cmdlet:

Test-NetConnection 192.168.1.14 -port 135

If port 135 (RPC Endpoint Mapper) is available (TcpTestSucceeded = True), but the error “The RPC server is unavailable” still occurs, you need to ensure that firewalls don’t block dynamic RPC port range communication.

You can use a small command-line tool PortQry from Microsoft to get a list of RPC Dynamic ports (endpoints) managed by the RPC Mapper service.

PortQry.exe -e 135 -n 192.168.1.201

In this case, 151 endpoints were found. Each RPC point has a dynamic TCP port number next to it that it is listening on. You can check the availability of the specific RPC service by its port number:

Test-NetConnection 192.168.1.201 -port 49703

Depending on the target service, Windows Defender Firewall should have enabled:

• At least one rule with the description RPC-EPMAP (allows connection to port 135 RPC Endpoint Mapper);
• At least one rule with an RPC description (allows access to Dynamic RPC ports).

If there are no rules for inbound RPC traffic (they have been removed), you will need to create them manually.

Note. Windows RPC/DCOM connections often don’t work correctly when NAT is used. Check the direct connection to your RPC server without using NAT.

Next, we will have a look at custom 0x800706ba errors which are not directly related to the network availability of the RPC server.

RPC Error 0x800706ba During Certificate Enrollment

When you try to enroll the certificate from the Windows Server Certificate Authority, you can receive the following message:

An error occurred while enrolling for a certificate.
The certificate request could not be submitted to the certification authority.
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)

In this case, the domain controller or other client fails to enroll for certificates from the CA.

The following errors appear in Event Viewer > Application Log:

Source: CertificateServicesClient-CertEnroll

Event ID: 13
Certificate enrollment for the Local system failed to enroll for a DomainController certificate with request ID N/A from ServerCA.contoso.com ServerCA (The RPC server is unavailable. 0x800706ba (WIN32: 1722))

Or:

Source: CertificateServicesClient-AutoEnrollment

EventID: 6
Automatic certificate enrollment for the local system failed (0x800706ba) The RPC server is unavailable.

This problem can have several solutions, but in most cases, the source of the problem is that your computer is not a member of the domain DCOM access group or due to incorrect permissions DCOM permissions. This most commonly occurs when the Certificate Authority role is installed on a DC.

1. To access the Certificate Authority via DCOM, the CERTSVC_DCOM_ACCESS or Certificate Service DCOM Access the built-in Active Directory security group from the Users container is used;
   
2. Open the ADUC console and the following domain groups to the CERTSVC_DCOM_ACCESS/Certificate Service DCOM Access group: Domain Users, Domain Controllers, Domain Computers;
   
3. Update the DCOM security settings on the server with the CA role using the commands:

   certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
   
   net stop certsvc & net start certsvc

4. Then check the COM security permissions on a CA host. This group must have Remote Access and Remote Activation permissions allowed;
5. Restart the computer and check the certificate enrollment.

Then check the DCOM Permissions on the Certificate Authority host. Even if RPC is configured correctly, incorrect DCOM permissions can block remote authentication.

1. Run the command dcomcnfg.exe;
2. Expand Component Services > Computers > My computer;
3. Open the properties of My computer, go to the Default Properties tab, and ensure that the Enable Distributed COM on this computer option is checked;
4. Then navigate to the COM Security tab and click on the Edit Limits button in the Access Permissions section. Check that the Certificate Service DCOM Access security group has Local Access and Remote Access permissions;
   
5. Then click the Edit Limits button in the Launch and Activation Permission section and check that the Certificate Service DCOM Access group is allowed for Local Activation and Remote Activation.

If the above solution doesn’t work, use the nltest command to find out problems with netlogon calls to a domain controller:

Nltest /Server:dc01 /query

Then check that the Active Directory CA request interface is responding:

Certutil -ping

In order to trigger the renewal of a certificate on the CA, run the following command:

certutil –pulse

If you get the error “Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)” from the non-domain joined computer, ensure that the “Authenticated Users” group is added to the “Certificate Service DCOM Access” group on the CA server.

GPO Update Error: RPC Server is Unavailable

When you try to remotely update Group Policy settings on domain computers from the Group Policy Management Console (gpmc.msc), you may receive the following error:

The remote procedure call was canceled and 800706ba: The RPC server is unavailable.

To resolve this issue, you must enable the following rules in Windows Defender Firewall:

• Remote Scheduled Tasks Management (RPC);
• Remote Scheduled Tasks Management (RPC-EPMAP);
• Windows Management Instrumentations (ASync-In);
• Windows Management Instrumentations (DCOM-In);
• Windows Management Instrumentations (WMI-In);
• Windows Management Instrumentations (DCOM-In);
• Windows Remote Management (HTTP-In).

You can create a new GPO and enable these rules manually (Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall > Inbound Rules).

Or you can enable the following default Starter GPOs:

• Group Policy Remote Update Firewall Ports;
• Group Policy Reporting Firewall Ports.

These policies contain all the necessary Windows Defender Firewall rules to remotely update Group Policy settings.

Go to the Starter GPOs section, click on each of the items, and select New GPO from Starter GPO. Create new GPOs and assign them to Organizational Units with target computers.

After a while, try a remote Group Policy update. The error should disappear.

Windows Backup Fails with Error 0x800706ba

In some cases, when you create a restore point or system image backup on Windows 10/11, or perform a backup using Windows Server Backup, you may receive an error:

The RPC Server is unavailable

Error code: 0x800706BA

To fix this error:

1. Check that the RpcSs (Remote Procedure Call/RPC) service is running on Windows;
2. Make sure that the Private or Domain network profile is being used for your network connection (Public network category may prevent some network connections, including RPC);
   
3. Make sure that File and Printer Sharing for Microsoft Networks and Internet Protocol Version 6 (TCP/IPv6) are enabled the network adapter settings;
   
4. Clear the DNS cache:

   ipconfig /flushsdns

5. If you have any third-party anti-virus software or firewall software installed on your computer, temporarily disable them;
6. Use the following command to check and repair the integrity of the Windows Component Store:

   DISM /Online /Cleanup-Image /RestoreHealth