PKI

NDES configuration failing with duplicate endpoint error 

Protecting organizations infrastructure against human errors

Read time: 2 minutes 

This blog will discuss a known bug happening with the Luna HSM Client version, preventing users from installing NDES. 

Source: Microsoft-Windows-Certification Authority

Error Code: 0x6cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT).

Event ID: 34

Description

On Server 2016 while building the PKI, even though with all the CA’s built/configured, OSCP deployed successfully, still the command to restart the services via scripts cannot be issued.  

After running through the scripts to configure the CA using various certutil commands the script gets to  

net stop certsvc && net start certsvc

What the screen displays:

The Active Directory Certificate Services service is stopping. 
The Active Directory Certificate Services service was stopped successfully. 

The Active Directory Certificate Services service is starting. 
The Active Directory Certificate Services service was started successfully. 

When trying to restart the services, it reports:

WIN32: 1749 RPC_S_DUPLICATE_ENDPOINT

Active Directory Certificate Services did not start, could not initialize RPC for Issuing CA, and showed the endpoint as duplicates.  

As the setup times out and the installation fails, it reports either RPC is unavailable or that the endpoint text is duplicate. This behavior is consistent across all CAs on the server and prevents from installing NDES.

Cause

The duplicate endpoint error message is caused by the SafeNet KSP library’s failure to release the service before it is restarted. It was an issue with Luna Version 10.3.0, where the service restart was too fast, and it locked the KSP. 

Solution

Since it is an issue with the Luna Client version, so upgrading the client version will solve the issue. In this case, 10.3.0 was there, and upgrading to 10.5.0 solved the issue. 

 

About the Author

Nishiket Kumar is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Search any posts

A collection of Encryption related products and resources that every organization should have!

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk