Domain controllers fail to enroll for certificates. Following errors are logged in server application logs:
Event ID: 13
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from <Server FQDN>\<CA FQDN> (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
Event ID: 6
Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
Issue was resolved by adding Domain Controllers security group as a member to CERTSVC_DCOM_ACCESS security group.
Windows Server 2008 R2