The diagram below shows the RPC workflow starting with the registration of the server application with the RPC Endpoint Mapper (EPM) in step 1 to the passing of data from the RPC client to the client application in step 7.
- Server app registers its endpoints with the RPC Endpoint Mapper (EPM)
- Client makes an RPC call (on behalf of a user, OS or application initiated operation)
- Client side RPC contacts the target computers EPM and ask for the endpoint to complete the client call
- Server Machine’s EPM responds with an endpoint
- Client side RPC contacts the server app
- Server app executes the call, returns the result to the client RPC
- Client side RPC passes the result back to the client app
How RPC Works
https://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.
Restricting Active Directory RPC traffic to a specific port
https://support.microsoft.com/en-us/kb/224196
How to configure RPC dynamic port allocation to work with firewalls
https://support.microsoft.com/en-in/kb/154596
Have you set static port on the DC for netlogon or for any other interfaces?
Long logon time after you set a specific static port for NTDS and NETLOGON in a Windows Server 2008 R2-based domain environment
http://support.microsoft.com/kb/2827870/en-us
AD replication fails with an RPC issue after you set a static port for NTDS in a Windows-based domain environment
http://support.microsoft.com/kb/2912805/en-us
Logon fails after you restrict client RPC to DC traffic in Windows Server 2012 R2 or Windows Server 2008 R2
http://support.microsoft.com/kb/2987849/en-us
Use the script https://gallery.technet.microsoft.com/Test-RPC-Testing-RPC-4396fcda that helps to test the RPC connectivity via TCP: This script tests TCP network connectivity to not just the RPC Endpoint Mapper on port 135, but it also checks TCP network connectivity to each of the registered endpoints returned by querying the EPM. Many firewall teams have a difficult time with RPC, and they will end up allowing the Endpoint Mapper on port 135, but forget to also allow the ephemeral ports through the firewall. This script uses localhost by default, but obviously you can specify a remote machine name or IP address to test a server across the network. The script works by P/Invoking functions exported from rpcrt4.dll to get an enumeration of registered endpoints from the endpoint mapper, so it’s not just a wrapper around portqry.exe.
One of the issue if the ephemeral ports are blocked between clients and the domain controller it will show the RPC error while trying to join a client machine to the domain. Client gets joined to the domain and later fails with error “Changing the Primary Domain DNS name of this computer to “” failed. The name will remain “testlab.com. The error was: The RPC server is unavailable”.
use the below link to make sure we opened the required ports for the communication between clients and the DC.
How to configure a firewall for domains and trusts
https://support.microsoft.com/en-us/kb/179442
Techbrainblog 