Most common causes for RPC Unavailable Errors and how to fix them.

"RPC Unavailable" is one of the most common scanning errors in Lansweeper, affecting Windows device discovery and data collection. This error occurs when the Lansweeper server cannot establish a Remote Procedure Call (RPC) connection to target devices. Based on our support cases from the last year, this article compiles proven solutions to resolve RPC connectivity issues.

Root Causes

The primary causes of RPC unavailable errors are:

1. Firewall blocking WMI/RPC traffic (most common)
2. Blocked network ports (Port 135, dynamic RPC ports)
3. Incorrect or insufficient scanning credentials
4. DCOM configuration issues
5. DCOM security hardening (Windows security updates)
6. VPN/remote access restrictions
7. Network connectivity problems

---

Solution 1: Configure Windows Firewall for WMI/RPC Traffic

Why This Works

Lansweeper pulls Windows computer data from WMI (Windows Management Instrumentation), which by default sends data over random ports. Firewalls often block this traffic, causing RPC errors.

Steps

For Windows Firewall:

• Review firewall configuration to ensure WMI traffic is allowed
• Enable the required firewall rules for WMI communication
• See Configure Windows Firewall for agentless scanning of computers
• Windows Firewall has a remote administration setting you can enable to allow WMI traffic

For Third-Party Firewalls:

• Consult your firewall documentation
• Allow WMI/RPC traffic from Lansweeper server to target devices
• Ensure both inbound and outbound rules are configured

Network Ports Required

• Port 135 (TCP): RPC Endpoint Mapper - Essential for initiating RPC connections 
• Dynamic WMI Ports: Random ports in the 1025-5000 or 49152-65535 range for WMI data 
• Port 161 (UDP): For SNMP-based network device scanning (optional)

For complete port requirements, see Ports scanned or used by Lansweeper.

---

Solution 2: Verify and Configure Scanning Credentials

Why This Works

Insufficient privileges or incorrectly configured credentials prevent Lansweeper from accessing WMI data on target machines. 

Steps

1. Verify Credential Requirements:

   • Credentials must have administrative privileges on target machines 
   • For domain computers: read-only access to Active Directory
   • For workgroup computers: local administrative access

2. Check Credential Configuration:

   • Ensure credentials are correctly mapped to scanning targets
   • Verify username format (use domain\username or username@domain.com) 
   • Re-submit the password to ensure it's correct 

3. Test Credentials:

   • Use the testconnection.exe tool (see Solution 5)
   • Manually verify credentials can access target machine via RDP or administrative shares

For detailed credential configuration, see Create and map scanning credentials.

---

Solution 3: Run DCOM Reconfiguration Script

Why This Works

DCOM (Distributed Component Object Model) is used to establish initial RPC connections. Misconfigured DCOM settings can cause RPC errors even when firewall and credentials are correct. 

Steps

1. Download the Windows firewall configuration script as mentioned in Configure Windows Firewall for agentless scanning of computers
2. Run the script as administrator on affected client machines
3. The script will reconfigure:
   • DCOM settings
   • WMI permissions
   • Windows Firewall rules
   • Other required settings 
4. Restart the target machine (recommended)
5. Re-scan the device in Lansweeper

Note

Test on a single machine first to understand all changes before deploying widely. If using third-party firewalls, you will still need to check their configuration separately. 

---

Solution 4: Address DCOM Security Hardening

Why This Works

Microsoft security updates implemented DCOM security hardening changes, which can break previously working scanning credentials.

Symptoms

• Scanning credentials suddenly stop working after Windows updates
• Access Denied errors appearing after June 2022 or March 2023 updates
• Multiple customers report similar issues simultaneously

Solutions

Option A: Update All Systems

• Update both the Lansweeper scanning server and all client machines to the latest OS build
• Ensure both are on the same KB patch level 
• For more details, see Seeing Access Denied errors after updating your Windows machines

Option B: Run DCOM Reconfiguration Script

• Use the script from Solution 3
• Script addresses DCOM hardening configuration issues

Option C: Deploy LsAgent

• Install Lansweeper Agent on affected devices
• Agent-based scanning bypasses DCOM/RPC requirements
• Recommended for VPN-connected devices

---

Solution 5: Use Connection Tester for Diagnosis

Why This Works

The testconnection.exe tool identifies the exact reason for RPC failure, enabling targeted troubleshooting. 

Steps

1. Launch ConnectionTester:

   • On Lansweeper server, navigate to: C:\Program Files (x86)\Lansweeper\Actions
   • Run testconnection.exe 

2. Perform Test:

   • Enter target device's IP address, NetBIOS name, or FQDN (Fully Qualified Domain Name)
   • Provide the same credentials used by Lansweeper for scanning
   • Click "Test Connection"
   • Wait for diagnostic results

3. Analyze Results:

   • Check the DNS section to verify the computer name resolves to the correct IP address 
   • Review the Scanning TCP Ports section to verify port 135 is accessible 
   • Review the Scanning WMI section to verify WMI traffic is allowed 
   • If WMI shows green, Lansweeper should be able to scan the machine 

4. Important Notes:

   • You must run the test tool on your Lansweeper scanning server (the machine with the Lansweeper Server service) 
   • Tests from other machines cannot be used for troubleshooting as they don't replicate exact network conditions 
   • Run multiple tests using IP address, NetBIOS name, and FQDN to identify DNS issues 

For detailed troubleshooting guidance, see How to troubleshoot the RPC unavailable error.

---

Solution 6: VPN and Remote Access Workarounds

Problem

VPN configurations that block inbound traffic make agentless scanning impossible. 

Solutions

For Windows/Mac/Linux Devices:

• Deploy LsAgent - works through VPN connections 
• LsAgent establishes outbound connections, bypassing inbound traffic restrictions
• LsAgent does not require firewall reconfiguration 
• Install LsAgent on devices before they leave the office or deploy remotely

LsAgent Benefits:

• No firewall ports required (outbound connections only) 
• Does not require scanning credentials 
• Does not require administrative privileges 
• Immune to almost all scanning errors, including access denied and firewall errors

For Always-On VPN (AoVPN):

• Configure WMI fixed ports and allow connectivity through VPN tunnel
• If VPN cannot allow required traffic, switch to LsAgent

For VPN scanning guidance, see:

• Introduction to LsAgent for Windows, Linux, and Mac
• Scanning devices connected through VPN

---

Solution 7: Disable Performance Scanning (LsAgent Conflicts)

Problem

When LsAgent is installed but performance scanning is enabled, Lansweeper attempts agentless RPC connections, causing scan errors.

Solution

1. Navigate to scanning settings in Lansweeper
2. Uncheck "Performance Scanning" for LsAgent-only devices
3. Configure devices as "LsAgent Only" to prevent agentless scan attempts
4. Re-scan affected devices

Why This Works

Performance scanning requires RPC connections. When LsAgent is present, agentless scanning is unnecessary and causes false errors.

---

Diagnostic Workflow

Follow this decision tree to resolve RPC errors:

---

Additional Troubleshooting

If standard solutions don't resolve the issue:

Additional Checks

• Verify the computer is switched on (offline machines generate RPC errors)
• Ensure the Remote Procedure Call (RPC) service is running on the target computer 
• Check that local time is correctly configured on the client, Lansweeper server, and domain controller (time difference >15 minutes can cause issues) 
• Verify the computer meets other Windows domain scanning requirements

---

Prevention Best Practices

Network Configuration

• Document required ports (135 + dynamic RPC) in firewall policies 
• Create firewall exceptions for Lansweeper server IP
• Use fixed WMI ports in high-security environments 

Credential Management

• Use dedicated service accounts with appropriate privileges
• Regularly test credentials against target devices
• Monitor for expired passwords or account lockouts

Monitoring

• Set up alerts for high RPC error rates
• Review scanning errors weekly (check Last Scan Attempt dates) 
• Track patterns (specific subnets, device types, timeframes)

Updates

• Test Windows security updates in lab environment first
• Check Lansweeper Community for known DCOM hardening issues before patching
• Keep Lansweeper updated to latest version

---

When to Use LsAgent Instead

Consider switching from agentless to agent-based scanning when:

• VPN-connected devices with inbound traffic restrictions
• High-security environments with strict firewall policies
• Frequent RPC errors despite troubleshooting
• Remote/mobile workforce
• DCOM hardening cannot be addressed
• Port 135 cannot be opened due to security policy

LsAgent benefits: 

• No firewall reconfiguration required
• Works through VPN and over the internet (using relay server)
• More reliable for remote devices
• Eliminates RPC/WMI dependency
• Does not require administrative privileges
• Immune to access denied and firewall errors

For installation guides, see:

• Install LsAgent on a Windows computer
• Install LsAgent on a Mac computer
• Silently installing LsAgent

---

Related Resources

Troubleshooting RPC Errors:

• RPC server is unavailable (Lansweeper Sites)
• The RPC server is unavailable (Lansweeper Classic)
• How to troubleshoot the RPC unavailable error

Firewall Configuration:

• Configure Windows Firewall for agentless scanning of computers
• Ports scanned or used by Lansweeper

Access Denied Errors:

• WMI Access is denied (Lansweeper Sites)
• WMI Access is denied (Lansweeper Classic)

DCOM Hardening:

• Seeing Access Denied errors after updating your Windows machines
• Suddenly seeing Access Denied scanning errors
• Pro Tips: DCOM Hardening

LsAgent:

• Introduction to LsAgent for Windows, Linux, and Mac
• Install LsAgent on a Windows computer
• Scanning devices connected through VPN

Credentials:

• Create and map scanning credentials
• Windows domain scanning requirements

General Troubleshooting:

• Scanning Troubleshoot Guide

---

Summary

RPC unavailable errors stem primarily from firewall restrictions and credential issues. The most effective resolution path:

1. Immediate: Run testconnection.exe to identify the specific cause 
2. First fix: Configure Windows Firewall for WMI traffic (Solution 1) 
3. Second fix: Verify scanning credentials and permissions (Solution 2) 
4. If persistent: Run DCOM reconfiguration script (Solution 3) 
5. Modern Windows: Check for DCOM hardening impacts after updates (Solution 4) 
6. VPN/Remote: Deploy LsAgent for affected devices (Solution 6) 

Over 90% of RPC errors resolve with Solutions 1-3. For remaining cases, DCOM hardening (Solution 4) or network architecture issues (Solution 6) are typically the cause.

If you are unable to allow WMI traffic through your firewalls or resolve RPC errors, scan your computers locally with LsAgent instead. This does not require firewall reconfiguration and is immune to RPC/firewall errors.