In the scenario of getting event logs remotely, using Event Viewer or PowerShell, some time in an unfamiliar environment, the system admin may get this error “The RPC server is unavailable” even the correct credential is supplied.
Why? The service is running on the remote host – most of the time it’s a Windows Server. There must be something block the traffic – Windows Server itself or the network.
Look into the Windows server – the target host, there are several places to check – The Windows Firewall, the Group Policy. Many online resources focused on WMI Group rules, such as running the following command to enable this group of firewall rules – 3 Inbound and 1 Outbound.
> netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes
The same approach is to open 3 Inbound rules using Windows Firewall with Advanced Security or GP Editor:
– Windows Settings
— Security Settings
— Windows Firewall Advanced Security
—- Inbound Rules
—- Right-click and select ‘New Rule’ (Key point)
—- Predefined radio button
—- Choose Remote Event Log Management (Drop down list)
—- Click Next
—- Accept the defaults and click ‘Next’
—- Choose Allow the connection and click ‘Finish’
But, sometimes these local firewall rules are already enabled, by default, unless they are disabled on purpose. Then what? There is another place to look at, despite the message “The RPC server is unavailable”, some newer operation systems give more information in a pop-up.
Now look at these two rules, they could be disabled, just enable them you will be able to access Event Logs remotely.
This is tested in both Event Viewer and PowerShell, on Windows Server 2012 R2.
p.s. I don’t think .Net Framework 3.5 is necessary in this case, some online article mentioned that though. But still worth to check if the following services are running on the target host:
- Windows Management Instrumentation service
- TCP/IP NetBIOS Helper service
- Remote Procedure Call (RPC) service