Today I was working on getting the System Center Essentials Agent to install on a Vista and Windows Server 2008 machine.  And every time I tried to do the deployment it would return an "RPC Server is unavailable" error message. 

<error text>

The MOM Server could not execute WMI Query “Select * from Win32_OperatingSystem” on computer <computername>

Operation: Agent Install

Install Account: <Service account Name>

Error Code: 800706BA

Error Description: The RPC server is unavailable.

<\error text>

After some digging I found how the "Windows Firewall" was to blame.  But all the options of "enable File and Printer Sharing exceptions" did not resolve the issue. 

After looking at the "Windows Firewall with Advanced Security" settings with the "Domain Profile" I found that all the required ports (http://technet.microsoft.com/en-us/library/bb437377.aspx) were allowed with the existing inbound rules. But the pfirewall.log file would still report a DROP of TCP ports 445 and 135 when an incoming request was received.

I found that in addition to enabling "Windows Firewall: Allow inbound file and printer sharing exception" you must also enable "Windows Firewall: Allow inbound remote administration exception".  Once the "remote administration" option was enabled the agent could be deployed without any issues. 

I was able to test configurations changes without going through the deployment wizard by executing a simple WMI query against the target server

<vbscript>

strComputer = "vistabox"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colQuickFixes = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering")
wscript.echo colQuickFixes.count

</vbscript>