Windows device status: RPC server is unavailable - Online help | EventLog Analyzer

Windows device status: RPC server is unavailable

The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication might be due to any of the following reasons:
  1. The machine is disconnected from or not part of the network.
  2. The machine has shut down or stopped running.
  3. There isn’t a physical or virtual firewall.

Troubleshooting steps:

  1. Open the command prompt in the EventLog Analyzer server and ping the host from which logs should be collected. This will verify that there’s basic communication between the machines.
  2. Ensure that the following ports are open:

Rule description

Protocol
Port
Traffic direction (inbound or outbound)
WMI, DCOM, and RPC
TCP
135, 445, and 139
Incoming (for host)
WMI, DCOM, and RPC
TCP
49152 to 65534
Outgoing (for host)
WMI, DCOM, and RPC
TCP
135, 445, and 139
Outgoing (for server)
WMI, DCOM, and RPC
TCP
49152 to 65534
Ingoing (for server)

3. Check if the following rules are enabled in Windows Firewall. 
  1. COM+ Network Access (DCOM-In)
  2. Remote Event Log Management (NP-In)
  3. Remote Event Log Management (RPC)
  4. Remote Event Log Management (RPC-EPMAP)
  5. Windows Management Instrumentation (ASync-In)
  6. Windows Management Instrumentation (DCOM-In)
  7. Windows Management Instrumentation (WMI-In)
To enable any rule, open Windows Firewall > Advanced settings > Inbound Rules. Right-click the respective rule, then click Enable Rule.
Run WBEMTest to verify the WMI connectivity:
4. In the EventLog Analyzer server, click Start. Open Run, type wbemtest, then select OK.

Windows Management Instrumentation Tester


  1. In the Windows Management Instrumentation Tester window, click Connect.
  2. In the Connect window, enter the following:
    1. In the Namespace textbox, enter \\<machine_name>\root\cimv2, where machine_name is the hostname of the source machine.
    2. In the User and Password textboxes, enter the credentials that will be used to collect the logs, and click Connect.
Connect tab - Windows Management Instrumentation Tester
  1. If the connection is successful, that implies there are no issues with the credentials. If you encounter an error message, proceed further based on the error code displayed.
  1. 800706BA: RPC server is unavailable
  2. 80070005: Access denied
  3. 800706BE: RPC has failed
  4. 8007203a: The server is not operational

                  New to ADSelfService Plus?

                    • Related Articles

                    • RPC server unavailable in EventLog Analyzer while collecting logs

                      Issue description The "RPC Server Unavailable" error occurs in EventLog Analyzer when it fails to establish a remote connection with a Windows server or workstation using RPC, WMI, or DCOM services. This issue typically arises due to network ...
                    • Network device status shows 'Device not Reachable'

                      Issue description A network device in EventLog Analyzer will display the status "Device not Reachable" if the last message received by the EventLog Analyzer server from the device is greater than 24 hours. This message will display in the log sources ...
                    • Windows device status: Access denied

                      The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...
                    • Windows agent not communicating with EventLog Analyzer server

                      Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...
                    • How to migrate EventLog Analyzer standalone edition to different server or drive [Windows to Windows]

                      Objective This article provides a detailed step-by-step guide to migrate EventLog Analyzer Standalone instance (not integrated with Log360) to a new server or different server or drive. Prerequisites Refer to the System Requirement to plan the new ...