RSAT tools on Windows 8.1/10 and Trend Micro Officescan

About a month ago I had to quickly provision and prepare a new domain controller for a remote site, this went smooth and quite fast they had a new DC for logon/DNS and also acting as DHCP. One thing we had noticed before the upgrade was that if we tried to use Active Directory Users and Computers from the Remote Server Administration Tools package against the domain controller, then we were getting a “RPC Server is unavailable”. Since we have multiple sites and this was the only site we’ve noticed this issue, then when we started having other issues regarding replication and so on, we were quite quick to determine that the server needed to be replaced.

After the new server was brought up and was prepared, I tried again to use the remote tools to administer the server, but to my “horror” I was still getting this error… Now with the upgrade, I went for a 2012R2 version where the old was 2008R2, so I started thinking if there could be an issue with this for the new server. At the time I didn’t have other remote 2012R2 domain controllers, so for a while I settled with this and decided to come back and try to resolve it when I got some spare time – the DC was running perfectly on all other measures.

Today, a little over a month later, I got this extra time on my hands and decided to give it another look. Now, since last month, I’ve got a brand new site that holds a 2012R2 DC and of course this works fine with the remote tools – so something had to be messed up on the other site. I tried a quick search for RPC and RSAT tools and got some old Windows Vista KB that didn’t help me much, but then the second result took me in the direction, that some antivirus clients(or rather the Realtime-scan part) had a tendency to block RPC calls – so I tried to unload the Officescan client and voila -> The connection in ADUC switched over to the server that it couldn’t connect to previously…

Now this is all fine and dandy, but what I cannot get around is – how can it work against the other site’s DC without any issues???

The only thing I see different between the 2 sites is that the brand new site is VPN connected through Cisco ASA, and the other site that needs me to turn of Officescan is connected through our company MPLS…

If anyone can explain this to me – please do so in the comments below!

/
Dan