I am trying to get autoenrollement working for a user certificate. My CA is configured in a different domain than my users. I have added the security to the template that I would like to use as well as the GPO. However, when I manually try to enroll from the workstation, I get an RPC server not available. If however I run the MMC with a user from my CA domain it works well. I have validated every place that I read so far and I cannot get it to work from my other domain. If someone can help me out, I would appreicate it.

make sure if: 1) both domains (account and service) are members of the same forest 2) you are using global or universal security groups to assign permissions on certificate templates 3) clients can reach CA server via DCOM/RPC protocols "RPC unavailable" error may be caused due to various reasons. The most common reasons are: 1) client cannot resolve CA host name 2) client cannot reach CA server (routing problems) 3) firewall on CA server does not allow connections from account domains.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

make sure if: 1) both domains (account and service) are members of the same forest 2) you are using global or universal security groups to assign permissions on certificate templates 3) clients can reach CA server via DCOM/RPC protocols "RPC unavailable" error may be caused due to various reasons. The most common reasons are: 1) client cannot resolve CA host name 2) client cannot reach CA server (routing problems) 3) firewall on CA server does not allow connections from account domains.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki