Error: "RPC server is unavailable" or "Access is denied" during remote execution

Error: "RPC server is unavailable" or "Access is denied" during remote execution

The user receives the following error message when executing a automated script remotely:

• The RPC server is unavailable 
• Access is denied

Note: Executing the script locally works correctly

Solution

Quality Center (QC) and ALM use DCOM, a Microsoft technology,  for remote execution between the QC client and the remote testing machine.

• Error: "Access is denied"  - This generally indicates a DCOM permission problem
• Error: "RPC Server is unavailable" - This generally indicates a connectivity issue (e.g. Unable to communicate on port 135)

The steps below provide details on how to make sure the Windows Firewall is not blocking port 135 and on how to configure DCOM permissions.
Notes:

• IMPORTANT. The follow steps assume:
  • Hostname or value under "Run on Host" has being tested with ping command. If hostname or DNS name is used and shows problems, then check IP Address
  • HP Client Components have being registered.
     
• The security changes suggested below should be applied by a System Administrator.
   
• If the firewall installed with Windows has being disabled, it is not needed to apply the steps in Part II below. However, a utility (CPT33502C.zip) has been created to automate the steps for opening the ports outlined in Part II.
   
• Part III - V can be applied automatically by running the attached batch file. For more information about BAT file, see section below called "Batch DCOM approach"
   

The following is the manual process for opening the firewall ports and modifying the DCOM properties for QTP / UFT, BPT, System Test, LoadRunner, and VAPI-XP.

• Part I: Add the Windows user that is running the QC client to the Local Administrators group on the remote testing machine. This is required for Windows to authenticate the remote user executing the tests against the DCOM objects.
  
  IMPORTANT: The windows user must have the exact same user name and password (ideally the same domain user here )
   
• Part II:  On the Testing Tool client machine configure Windows Firewall to allow Port 135 for DCOM:
  1. Select Start -> Control Panel -> Windows Firewall.
  2. Navigate to the Exceptions tab.
  3. Configure the Remote Agent to be allowed under "Programs and Services." Configuration should be done for each testing tools as given below:
     • QuickTest Professional Remote Agent (path: <System Drive>:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe)
     • Execution Agent for Business Process Testing (QC path: <System Drive>:\Program Files\Common Files\Mercury Interactive\Quality Center\bp_exec_agent.exe or ALM path: <System Drive>:\Users\<WindowsUser>\AppData\Local\HP\ALM-Client\<ServerFolder>\be)
  4. Click on <Add Port> and add the DCOM TCP port 135 to the Exceptions list.
     
     Note: The remote agent is a DCOM object and requires port 135 to work. The list of "Port Assignments for Commonly-Used Services" is provided in the URL below:http://technet.microsoft.com/en-us/library/cc959833.aspx
      
• Part III: Modify DCOM Security Properties:
  1. Select Start > Run > type "dcomcnfg".
  2. Navigate to Console Root -> Component Services -> Computers -> My Computer.
     Note: If Windows Security Alert dialog window appears, click on <Ask me later> or <Unblock>
      
  3. Right-click on "My Computers" and select "Properties."
  4. Navigate to the "Default Properties" tab.
  5. Make sure the "Default Impersonation Level" is "Identify."
  6. Click <Apply>.
  7. Navigate to the "Default COM Security" tab.
  8. Under "Access Permissions", click on <Edit Limits>. The "Access Permission" dialog window appears.
  9. Click on <Add>. The "Select Users or Groups" dialog windows appear.
  10. Click on <Advanced>.
  11. Click on <Find Now>.
  12. Add the following groups and users from the local machine:
      • Administrator
      • Administrators
      • Authenticated User
      • Anonymous Logon
      • Everyone
      • Interactive
      • Network
      • System
         
  13. Click <OK>.
  14. Add the following groups and users from the domain:
      • <tdomain user logged into the QTP/UFTbox>
      • <domain user logged into the TD client box executing the remote execution>
         
  15. Click <OK>.
  16. Give "Local Access" and "Remote Access" permissions to the groups and users.
  17. Click <OK>.
  18. Under Access Permissions, repeat steps 9-17 for <Edit Default>.
  19. Under Launch and Activation Permissions, click on <Edit Limits>. The Launch Permission dialog window appears.
  20. Repeat steps 9-15.
  21. Enable "Local Launch," "Remote Launch," "Local Activation," and "Remote Activation" permissions to the groups and users.
  22. Click <OK>.
  23. Repeat steps 20-22 for <Edit Default>.
       
• Part IV: (for QTP / UFT only)
  1. While still in the Component Services window, navigate to Console Root -> Component Services -> Computers -> My Computer -> DCOM Config.
  2. Look for the following:
     • AQTRmtAgent (QTP, UFT 12.01 and earlier)
       {25E8BB22-5C86-11D4-90DA-00104B3E51B1}
        
     • QuickTest Professional Automation
       {A67EB23A-1B8F-487D-8E38-A6A3DD150F0B}
        
     • TlpRmtServer (QTP only, not UFT)
       {70396405-BE62-11D2-8F0B-00104B3E51B1}
        
     • UFTRemoteAgent (UFT 12.02 and later)
       {6F3D6AE0-F130-4830-993C-6FFCBB0FA7CF}
        
  3. For each of these DCOM applications, right click and select <Properties>.
  4. Under the Identity tab, select <The Interactive User>. This will allow the DCOM application to authenticate the process against the logged in Windows user and run the process in that security context.
  5. Next, go to the Security tab.
  6. For both the <Launch and Activation Permissions> and <Access Permissions>, select <Use Default>. This will use the Default security settings as we did in Part III.
  7. Click Apply, then OK to commit the changes.
  8. Now, you are ready to run a remote execution test with QTP.
      
• Part V:
  1. While still in the Component Services window, navigate to Console Root -> Component Services -> Computers -> My Computer -> DCOM Config.
  2. Look for the following (and repeat steps for each if found)
     • Vapi-XP object
       {6A03829E-EC39-4802-A631-3841484EFBE3}
       {FCB69899-EC52-4A7A-86DB-3655E9FDBA58}
        
     • Business Process Testing object
       {6108A56C-6239-41F6-8C0F-94D9CE0D4B61}
        
     • Business Process Testing object (UFT only)
       {87EB2F8C-03B0-4B86-BBF2-78B7CB15A637}
        
     • LoadRunner Testing object
       {E933439A-81A1-11D4-8EEE-0050DA6171E8}
        
     • System Test Remote Agent
       {1B78CAE4-A6A8-11D5-9D7A-000102E1A2A2}
        
  3. For each of these DCOM applications (if found), right click and select <Properties>.
  4. Under the Identity tab, select <The Interactive User>. This will allow the DCOM application to authenticate the process against the logged in Windows user and run the process in that security context.
  5. Next, go to the Security tab.
  6. For both the <Launch and Activation Permissions> and <Access Permissions>, select <Use Default>. This will use the Default security settings as we did in Part III.
  7. Click Apply, then OK to commit the changes.

Notes:

1. If you have not configured the Remote Agent to be allowed under "Programs and Services," a Windows Security Alert message will appear while running a test remotely. Click <Unblock> to resolve this problem. The next time you execute an automated script, the warning will not appear.
    
2. If after performing all the described steps and you still receive "The RPC server is unavailable" message, create some shared folder anywhere on the Testing Tool machine.
    
3. If still an issue, disable any anti-virus running on remote machine to make sure no ports are being blocked.  

---

Batch DCOM Approach

File: DCOM.zip
Instructions:

1. Extract contents of zip file to a temp directory
2. Ensure all files extracted are on same folder
3. Ensure user to execute next step is an administrator user
4. Execute the SetDCOM.bat file. The batch file will use "GetNameBySID.vbs" (identifies required account names, according to installed Window's Native language) provided AS-IS by HPE support and the "dcomperm.exe" (sets permissions to particular DCOM classes with particular accounts) provided by Microsoft to update the DCOM properties of the remote agents for QTP / UFT, BPT, System Test, and VAPI-XP.

Notes:

• If you apply the batch file, you do not need to implement the steps in Part III - VI below.
• A system administrator is required to run this batch file across the network to update each Windows machine. \
• It is expected to see below error if respective feature/application (for example LoadRunner, etc) is not installed (or used yet) on machine when running BAT file:
  ERROR: Cannot open AppID registry key.
  The system cannot find the file specified.ERROR: Cannot delete LaunchPermission value.
  The handle is invalid.(6)
  ERROR: Cannot delete AccessPermission value.
  The handle is invalid.

Related articles:

• (Microsoft) Firewall and Registry Settings for DCOM,
• (Microsoft) A Simple DCOM Client Server Test Application,
• Document KM992673 - Is there an integration matrix for ALM 11
• Document KM723551 - Is there an integration matrix for Quality Center 10
• Document KM826424 - Error : "Invalid value for registry" when executing BPT tests from Test Plan
• Document KM205794 - Error: "Access is denied" when running SAP scripts remotely