In the default configuration, the certificate authority's certificate request interface is configured to negotiate dynamic ports for the incoming RPC/DCOM connections (for more details, see the article "Firewall rules required for Active Directory Certificate Services„).
However, it is also possible to configure the certificate authority to a static port (see article "Configuring the certificate authority to a static port (RPC endpoint)„).
The following describes how to check the current configuration of the certification authority.
Query via Graphical User Interface
The procedure is described in the article "Configuring the certificate authority to a static port (RPC endpoint)" described.
Example - Static endpoint on port 4711 :
Example - default configuration, use dynamic port range between 49152 and 65535:
Example - Using the dynamic port range between 49152 and 65535 was configured as the endpoint:
Query via command line
The following command is used to query the current configuration via the command line.
reg QUERY HKCR\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3} /v Endpoints
Example - Static endpoint on port 4711
HKEY_CLASSES_ROOT\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}
Endpoints REG_MULTI_SZ ncacn_ip_tcp,0,4711
Example - default configuration, use dynamic port range between 49152 and 65535:
ERROR: The system was unable to find the specified registry key or value.
Example - Using the dynamic port range between 49152 and 65535 was configured as the endpoint:
HKEY_CLASSES_ROOT\AppID\{D99E6E74-FC88-11D0-B498-00A0C90312F3}
Endpoints REG_MULTI_SZ ncacn_ip_tcp,0,
English 
Deutsch