The ClearTunnel certificate wizard may fail with an RPC error even when all fields are correct. There are two possible solutions.
There is a known limitation with the ISA RPC filter that prevents the ISA server from connecting to the certificate server's RPC interface.
There are two approaches to solve this problem.
- Create a temporary "allow all" rule between ISA and the certificate server machine.
- After you have run the certificate wizard successfully, disable or remove this rule.
Long but more correct solution
Disable "Strict RPC" in the System Policies, Authentication Services, Active Directory rule group
Configure the Certificate Server to operate on a predefined RPC port as outlined in http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Create a custom protocol that describes your custom CertSvr protocol
Create a computer set that includes all cert servers in your environment
Create an Access Rule that allows this prtoocol from the local host network to your Cert Servers computer set.
After you do this, your ISA will be able to auto-enroll for any certificates it needs (including running the ClearTunnel Certificate Wizard)