Overview

The error: The RPC server is unavailable is encountered when the server needs to access a remote computer.

This error can occur in different situations, for example:

• GFI LanGuard scans a remote computer 
• GFI LanGuard deploys the agent to a remote computer
• GFI EventsManager collects events from a remote computer

The error is not necessarily displayed directly, but it can be usually found in the debug logs. Also, the error can be usually reproduced when one connects to the C$ administrative share of a remote machine using windows explorer and the IP address of the remote machine (for example:. \\192.168.5.4\c$). GFI LanGuard always connects to the remote machines' administrative shares using the IP address (and Microsoft Windows will use NTLM authentication for those connections).

Environment

• GFI EventsManager
• GFI LanGuard
• GFI EndPointSecurity
• All supported environments

Root Cause

The remote computer is not reachable through Remote Procedure Calls (RPC). Resolution

Check the following:

• Does the remote computer exist?
• Is the remote computer shut down?
• Is there a network or hardware problem?
• Are there no common transports?
• Does a DNS entry exist for the remote computer?
• Are the following Microsoft Windows services enabled?
  • Remote Procedure Call (RPC)
  • Remote Procedure Call (RPC) Locator
  • Remote Registry
• Are firewalls (or even antivirus software) blocking RPC traffic?
• Check all the policies for NTLM in the local policy editor (Gpedit.msc) AND in the local security policy editor (secpol.msc) under the following section and set them to Not defined or Allow All (Important Note: the same policies can be set separately in each editor and the most restrictive will take effect)
  • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
• If the target computer is a WinXP machine, check to see if the following applies:
  Errors may be seen when attempting to access shares after installation of the update

Notes:

• RPC can be used over SMB protocol which uses ports 139 and/or 445 (ex. connecting to the remote registry)
• RPC can also use dynamic ports from a large port range by default (1024 - 65535 for Microsoft Windows 2003 and XP / 49152 - 65535 for Microsoft Windows 2008, Vista and 7). The port range used can be limited:
  • How to configure RPC dynamic port allocation to work with firewalls 
  • Service overview and network port requirements for the Windows Server system