PKI Reading Time: 2 minutes

NDES configuration failing with duplicate endpoint error 

This blog will discuss a known bug happening with the Luna HSM Client version, preventing users from installing NDES. 

Source: Microsoft-Windows-Certification Authority

Error Code: 0x6cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT).

Event ID: 34


On Server 2016 while building the PKI, even though with all the CA’s built/configured, OSCP deployed successfully, still the command to restart the services via scripts cannot be issued.  

After running through the scripts to configure the CA using various certutil commands the script gets to  

net stop certsvc && net start certsvc

What the screen displays:

The Active Directory Certificate Services service is stopping. 
The Active Directory Certificate Services service was stopped successfully. 

The Active Directory Certificate Services service is starting. 
The Active Directory Certificate Services service was started successfully. 

When trying to restart the services, it reports:


Active Directory Certificate Services did not start, could not initialize RPC for Issuing CA, and showed the endpoint as duplicates.  

As the setup times out and the installation fails, it reports either RPC is unavailable or that the endpoint text is duplicate. This behavior is consistent across all CAs on the server and prevents from installing NDES.


The duplicate endpoint error message is caused by the SafeNet KSP library’s failure to release the service before it is restarted. It was an issue with Luna Version 10.3.0, where the service restart was too fast, and it locked the KSP. 


Since it is an issue with the Luna Client version, so upgrading the client version will solve the issue. In this case, 10.3.0 was there, and upgrading to 10.5.0 solved the issue. 

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.


About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo