Hinweis: Dieser Artikel wurde ursprünglich veröffentlicht in 2013. Einige Schritte, Befehle oder Softwareversionen haben sich möglicherweise geändert. Überprüfen Sie die aktuelle Dokumentation von TMG 2010 für die neuesten Informationen.
Voraussetzungen
Bevor Sie beginnen, stellen Sie sicher, dass Sie Folgendes haben:
- Forefront TMG 2010 installed
- TMG Management Console access
- Understanding of firewall and proxy concepts
How to: Use the Certificate Enrollment MMC in the (http://en.wikipedia.org/wiki/Telegraph_Media_Group “Telegraph Media Group”) host machine
Behavior:
When you are using the Certificate MMC snap-in and/or try to perform a certificate auto-enrollment in your localhost/TMG server you’ll most likely run into an (http://en.wikipedia.org/wiki/Error_message “Error message”) on-screen that reads ” RPC failure ”. If you try requesting a certificate on other computers joined to your domain you won’t be experiencing this issue, only on your TMG
Lösung:
(http://en.wikipedia.org/wiki/Distributed_Component_Object_Model “Distributed Component Object Model”) is required in order to request a certificate and if you take a look at your TMG’s System Firewall Policy you will see that your (http://en.wikipedia.org/wiki/Anno_Domini “Anno Domini”) connectivity has both flags selected: Enable RPC and Enable strict RPC compliance. For some reason having selected the Enable strict RPC compliance option blocks the DCOM traffic and hence you get an RPC failure when requesting a certificate. One proposed solution is rather simple: Disable that option when you are requesting certificates from your Active Directory (http://en.wikipedia.org/wiki/Certificate_authority “Certificate authority”) (AD CA). I am sure there must be a way to create a rule with higher priority and force that DCOM / RPC traffic to go through a static port… too much hassle for me. Hopefully you won’t mind checking and unchecking some boxes, and if strict RPC compliance is not a business need then might as well considering leaving that check box unselected. Hope this helps! Additional resources:
- (http://blogs.technet.com/isablog/archive/2007/05/16/rpc-filter-and-enable-strict-rpc-compliance.aspx)
Related articles
- (http://technology.bauzas.com/files/2013/03/151301910_80_80.jpg)](http://technology.bauzas.com/microsoft/servers/windows-servers/how-to-manage-the-certificate-store-on-your-local-machine-using-the-command-prompt-or-powershell/)(http://technology.bauzas.com/microsoft/servers/windows-servers/how-to-manage-the-certificate-store-on-your-local-machine-using-the-command-prompt-or-powershell/)
(http://img.zemanta.com/zemified_h.png?x-id=e73b3fc8-b913-4884-9b20-f4397b177be0)](http://www.zemanta.com/?px “Enhanced by Zemanta”)
