Design (all servers in a VMWare Test environment)RootCA (offline)PolicyCA (offline)IssuingCA (online. Also has IIS running to mimic the intranet site )DomainServer (running DNS and DHCP)The IssuingCA and DomainServer VM's can see each other.I was able to build the Root and Policy CA without incidentHowever the CA service on the Issuing server won't start stating "The revocation server is offline etc..."I installed the AD CS remote tools on the domain server (pkiview.msc) and all the AIA and CDP info is reporting "OK"From the Issuing server I can navigate to http://intranet/certenroll (the info that is in the AIA and CDP fields) successfully.I am yet to generate a CRL from the issuing server as when I try to run certutil -CRL I receive an error: The RPC server is unavailable.Any help?

use CERTUTIL -verify -urlfetch to validate the Issuing CAs certificate, the policyCAs certificate and also the RootCAs certificate.or you can use CERTUTIL -URL for the same thing.as well, better to test this under the SYSTEMs account by starting the tools from CMD running under the SYSTEM identity:psexec -s -i cmd.exeondrej.