Querying the configured RPC endpoints of a certification authority

Author Uwe GradeneggerPosted on Categories Certification AuthorityTags ,

In the default configuration, the certificate authority's certificate request interface is configured to negotiate dynamic ports for the incoming RPC/DCOM connections (for more details, see the article "Firewall rules required for Active Directory Certificate Services„).

However, it is also possible to configure the certificate authority to a static port (see article "Configuring the certificate authority to a static port (RPC endpoint)„).

The following describes how to check the current configuration of the certification authority.

Query via Graphical User Interface

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

The procedure is described in the article "Configuring the certificate authority to a static port (RPC endpoint)" described.

Example - Static endpoint on port 4711 :

Example - default configuration, use dynamic port range between 49152 and 65535:

Example - Using the dynamic port range between 49152 and 65535 was configured as the endpoint:

Query via command line

The following command is used to query the current configuration via the command line.

reg QUERY HKCR\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3} /v Endpoints

Example - Static endpoint on port 4711

HKEY_CLASSES_ROOT\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}
Endpoints REG_MULTI_SZ ncacn_ip_tcp,0,4711

Example - default configuration, use dynamic port range between 49152 and 65535:

ERROR: The system was unable to find the specified registry key or value.

Example - Using the dynamic port range between 49152 and 65535 was configured as the endpoint:

HKEY_CLASSES_ROOT\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}
Endpoints REG_MULTI_SZ ncacn_ip_tcp,0,

Related links:

en_USEnglish
de_DEDeutsch en_USEnglish