In a Windows network MID Server fails to communicate with RPC server<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } Description The MID Server can use Windows Management Instrumentation (WMI) and PowerShell to run automations on Windows devices. When the MID Server cannot complete communication to a target server, the error "The RPC server is unavailable" displays. This can happen during discovery, orchestration or the IntegrationHub Powershell step. To successfully run a PowerShell probe, you must have an environment configured to allow communication between the MID Server and the target server, plus a credential with the necessary rights. Contact your Windows or network team managing the target server or environment to resolve this error. The remainder of this article focuses on issues and resolutions that ServiceNow Support has found while helping to resolve the error. In this article RPC portsRoot CauseResolutionTroubleshootingExample Troubleshooting RPC ports WMI is based on a Distributed Component Object Model (DCOM) and a Remove Procedure Call (RPC) server. This means a connection is first initiated on port 135 to determine what dynamic port to use. The connection then proceeds to use the dynamic port negotiated. The default ranges of DCOM ports are: From 1025 to 5000: Windows 2000, Windows XP, and Windows Server 2003From 49152 to 65535: Windows Server 2008 and later versions, and in Windows Vista and later versions The following Microsoft documentation provides more information on this topic: Setting up a Remote WMI ConnectionHow to configure RPC dynamic port allocation to work with firewalls The error, "The RPC server is unavailable", indicates that the connection cannot complete successfully. The following image shows a Wireshark capture of a successful WMI connection between two devices. (In this example, DCERPC traffic is filtered out). The initial connection to the target is on port 135. The connection continues on port 62199. This was the dynamic port negotiated and could have been a different port. Root Cause Possible root causes are, but not limited to: Firewall settingsAntivirusIncorrect time and time zone settingsOut of date DNSKerberos issues Resolution Firewall Confirm that the firewalls of the source device, target device, and network are not blocking the connection on port 135 or one of the dynamic ports. If necessary, review the following Microsoft documentation on Setting Up a Fixed Port for WMI. Antivirus Work with your antivirus team to allow the connection to complete. Steps will depend on the antivirus software in use. Incorrect time and time zone settings Verify that these settings are correct. Outdated DNS and Kerberos issues Out of date DNS can cause issues with Kerberos authentication. On the MID Server, use the nslookup command to check that both forward and reverse lookup are correct for the target device. Troubleshooting Overall Troubleshooting Confirm that credential username and password are correct.Log into the MID Server.Set up a network monitor on the MID Server.Reproduce the issue.Review the traffic capture. Example Troubleshooting DNS/Kerberos issue Discovery returns the error, "The RPC server is unavailable". Attempting a gwmi command against the target using same domain username and password returns the same error. The following image shows the output that is returned. In Wireshark, Kerberos errors and packets reset and timeouts were displayed. Note: The previous error is not related to discovery but rather highlights an environment issue. Here, troubleshooting is best done by the Windows or network team managing the target server. Investigation on event logs on the target server also revealed errors such as the following: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computerName.domain Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server serverName. The target name used was domain/serverName... Research on the KRB_AP_ERR_MODIFIED error led to a Microsoft article explaining that this error could be due to reverse lookup mismatch. Running the nslookup <target_ip> command on the MID Server and hostname command on the target confirmed the mismatch. Once the DNS was up to date, the issue was resolved.