![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 90%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQQ%3C/text%3E%3C/svg%3E)
Thank you for reaching out to the Microsoft Community. We understand your need to strengthen RPC security by enabling “Restrict Unauthenticated RPC clients” with the “Authenticated without exceptions” setting. However, as you've observed, this configuration can interfere with certificate enrollment processes, resulting in error 0x800706ba.
To allow certificate registration while maintaining security, we recommend switching the policy setting to “Authenticated” instead of “Authenticated without exceptions.” This option still enforces authentication but permits exceptions for certain RPC interfaces that explicitly request unauthenticated access. It offers a more flexible balance between security and functionality.
Unfortunately, this policy cannot be scoped per client machine directly through Group Policy. Instead, you may consider applying the policy at the OU level or using WMI filters to target specific systems if granular control is needed.
Let us know if you’d like assistance implementing these changes or reviewing your certificate services configuration.
Best regards,
Quinnie Quoc.