Issue description   

The "RPC Server Unavailable" error occurs in EventLog Analyzer when it fails to establish a remote connection with a Windows server or workstation using RPC, WMI, or DCOM services. This issue typically arises due to network restrictions, DNS resolution failures, improper firewall configurations, or service disruptions on the target machine. As a result, EventLog Analyzer is unable to collect event logs from the affected devices.This article provides a detailed troubleshooting guide to identify and resolve the root causes of the RPC error.

Prerequisites   

• The target machine should be reachable from the server where EventLog Analyzer is installed.

• Required RPC ports (135, 139, 445, 49152-65535) are opened in inbound on the target server and outbound for EventLog Analyzer.

• Windows Firewall allows Remote Event Log Management and COM+ Network Access (DCOM-In).

• The service account has the necessary permissions to collect logs remotely.

Possible causes 

• Verify network connectivity  . EventLog Analyzer is unable to ping the Domain Controller, Member Server, Workstation and vice versa.

• EventLog Analyzer cannot resolve the Flat Name, Fully Qualified Domain Name (FQDN), or IP Address of the target server.

• Unable to contact Event Viewer of the target machine.

• Windows Management Instrumentation (WMI) service is not functioning properly.

Resolution 

Step 1: Verify network connectivity

1. Ping the target server from the EventLog Analyzer server.

2. To ping a server, open Command Prompt (Run > CMD)

3. Type ping servername

for example  ping terminal01 -4

Step 2: Verify name resolution

Ensure EventLog Analyzer can resolve the Flat Name and Fully Qualified Domain Name (FQDN) of the target server.

1. Check DNS resolution using,

• nslookup <Target_Server_Name>

2. To perform nslookup, open Command Prompt (Run > CMD)

3. Type nslookup <target_server_name>  i.e nslookup terminal01

Step 3: Test remote event log connectivity

1. Open Event Viewer on the EventLog Analyzer server. Run > eventvwr

2. Click Action > Connect to Another Computer.

3. Enter the target Domain Controller name.

4. Select Connect as another user, provide the EventLog Analyzer service account credentials, and click OK.

Note: If the connection fails here, ensure to allow the below ports or firewall rules, if you are using an internal or external firewall. This is required to enable Windows to Windows event log management and enables the ability to collect event logs remotely

1. External Firewall/Third Party Firewall

• Ensure RPC ports (135 and dynamic range 49152-65535) are open in the firewall.

• Open Windows Defender Firewall with Advanced Security (wf.msc).

• Go to Inbound Rules > New Rule.

• Select Port, then TCP > Specific local ports (e.g., 135, 49152-65535).

• Choose Allow the connection > Select Domain, Private or Public > Name the rule > Finish.

2. Internal/local Firewall 

• Open Windows Defender Firewall and navigate to Advanced Security.

• click Inbound Rules.

• Locate and enable the following rules,

• Remote Event Log Management (NP-In)

• Remote Event Log Management (RPC)

• Remote Event Log Management (RPC-EPMAP)

• COM+ Network Access (DCOM-In)

Note: For additional ports, external firewalls, or a centralized firewall, you must enable all the mentioned ports from this guide.

Step 4: Test WMI connection

1. Click Start > run, type wbemtest, and click OK.

2. In the Windows Management Instrumentation tester, click connect.

3. Enter the namespace <dc_name>\root\cimv2.

4. Provide the username and password of the service account.

5. Click connect, and you should connect to the Windows Management Instrumentation (WMI) tester  without errors

Note: If the connection fails or if you are receiving an RPC service is unavailable error, ensure that the mentioned firewall rules are not blocked or the required ports are allowed. If the issue persists, this must be troubleshooted from the environment. (i.e a GPO preventing WMI or RPC or DCOM)

Validation  

Validate and test to see if the issue has been fixed in EventLog Analyzer

1. Log in to EventLog Analyzer

2. Launch EventLog Analyzer and navigate to  settings >> Devices>> Windows devices

3. Click Scan Now on the windows device which shows RPC error, and the latest logs should collect.

4. The status should change from RPC error unavailable to Success. The latest timestamp will also be updated, showing that the issue has now been resolved.

Related topics and articles   

• Prerequisites

• Troubleshooting the "RPC server is unavailable" error

•  Pitstop

 
Tips: 

• In above prerequisites cannot be achieved to resolve this error  you can also install an EventLog Analyzer agent for Log collection. Please refer to this link 

How to reach support         

If the issue persists even after following the above steps, contact our support team here.