Windows device status: RPC server is unavailable
The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication might be due to any of the following reasons:
- The machine is disconnected from or not part of the network.
- The machine has shut down or stopped running.
- There isn’t a physical or virtual firewall.
Troubleshooting steps:
- Open the command prompt in the EventLog Analyzer server and ping the host from which logs should be collected. This will verify that there’s basic communication between the machines.
- Ensure that the following ports are open:
| Protocol | Port | Traffic direction (inbound or outbound) |
WMI, DCOM, and RPC | TCP | 135, 445, and 139 | Incoming (for host) |
WMI, DCOM, and RPC | TCP | 49152 to 65534 | Outgoing (for host) |
WMI, DCOM, and RPC | TCP | 135, 445, and 139 | Outgoing (for server) |
WMI, DCOM, and RPC | TCP | 49152 to 65534 | Ingoing (for server) |
3. Check if the following rules are enabled in Windows Firewall.
- COM+ Network Access (DCOM-In)
- Remote Event Log Management (NP-In)
- Remote Event Log Management (RPC)
- Remote Event Log Management (RPC-EPMAP)
- Windows Management Instrumentation (ASync-In)
- Windows Management Instrumentation (DCOM-In)
- Windows Management Instrumentation (WMI-In)
To enable any rule, open Windows Firewall > Advanced settings > Inbound Rules. Right-click the respective rule, then click Enable Rule.
Run WBEMTest to verify the WMI connectivity:
4. In the EventLog Analyzer server, click Start. Open Run, type wbemtest, then select OK.
- In the Windows Management Instrumentation Tester window, click Connect.
- In the Connect window, enter the following:
- In the Namespace textbox, enter \\<machine_name>\root\cimv2, where machine_name is the hostname of the source machine.
- In the User and Password textboxes, enter the credentials that will be used to collect the logs, and click Connect.
- If the connection is successful, that implies there are no issues with the credentials. If you encounter an error message, proceed further based on the error code displayed.
- 800706BA: RPC server is unavailable
- 80070005: Access denied
- 800706BE: RPC has failed
- 8007203a: The server is not operational
New to ADSelfService Plus?
Related Articles
Windows device status: Access denied
The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...
Windows Agent version mismatch
Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...
Does the given credentials of a Windows device have permission for log collection?
Case 1: The account is a local administrator or a domain administrator. The credentials will, by default, have the required permissions. Case 2: The account is a non-admin domain user. Provide the non-admin domain user with the required permissions. ...
What to do if the IIS Site status shows "Failed"?
Troubleshooting: Open the server out log file and search for the exception following the line "New Import File Arrived". a. Exception: "File not found" Probable cause(s) and troubleshooting step(s): Log file was not created for the particular day. ...
Windows: File Integrity Monitoring (FIM) issues
Prerequisites: An agent needs to be deployed on the respective machine. Open the EventLog Analyzer GUI. Go to the Settings tab > Configuration > Manage File Integrity Monitoring. Configure the folders in the machine that should be monitored. Verify ...