NDES configuration failing with duplicate endpoint error 

Read time: 2 minutes 

This blog will discuss a known bug happening with the Luna HSM Client version, preventing users from installing NDES. 

Source: Microsoft-Windows-Certification Authority

Error Code: 0x6cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT).

Event ID: 34

Description

On Server 2016 while building the PKI, even though with all the CA’s built/configured, OSCP deployed successfully, still the command to restart the services via scripts cannot be issued.  

After running through the scripts to configure the CA using various certutil commands the script gets to  

net stop certsvc && net start certsvc

What the screen displays:

The Active Directory Certificate Services service is stopping. 
The Active Directory Certificate Services service was stopped successfully. 

The Active Directory Certificate Services service is starting. 
The Active Directory Certificate Services service was started successfully. 

When trying to restart the services, it reports:

WIN32: 1749 RPC_S_DUPLICATE_ENDPOINT

Active Directory Certificate Services did not start, could not initialize RPC for Issuing CA, and showed the endpoint as duplicates.  

As the setup times out and the installation fails, it reports either RPC is unavailable or that the endpoint text is duplicate. This behavior is consistent across all CAs on the server and prevents from installing NDES.

Cause

The duplicate endpoint error message is caused by the SafeNet KSP library’s failure to release the service before it is restarted. It was an issue with Luna Version 10.3.0, where the service restart was too fast, and it locked the KSP. 

Solution

Since it is an issue with the Luna Client version, so upgrading the client version will solve the issue. In this case, 10.3.0 was there, and upgrading to 10.5.0 solved the issue.