What you will read?
- 1 1. Check RPC Services Status
- 2 2. Use Tasklist to Inspect RPC-dependent Services
- 3 3. Check Port 135 with PowerShell
- 4 4. Use TCPView to Monitor RPC Traffic
- 5 5. Use Registry to Confirm RPC Binding
- 6 6. Use Event Viewer for RPC Errors
- 7 7. Use WMI to Check RPC Functionality
- 8 8. Verify with PowerShell Remoting
- 9 9. Check Firewall Rules
To verify whether Remote Procedure Call (RPC) is functioning correctly on a Windows machine, you can use a mix of command-line tools, service checks, and network diagnostics. Here’s how to get started.
1. Check RPC Services Status
The RPC service relies on a few key services. To confirm they’re running, open Command Prompt as Administrator and run:
sc query RpcSs sc query DcomLaunch sc query RpcEptMapper
Look for STATE: 4 RUNNING in the output. If any of these are not running, the RPC system may not work properly.
You can also check using PowerShell:
Get-Service RpcSs, DcomLaunch, RpcEptMapper
2. Use Tasklist to Inspect RPC-dependent Services
Some services rely on RPC to communicate. Run:
tasklist /svc
Look for services like svchost.exe with RpcSs under the Services column. This confirms it’s tied to running services.
3. Check Port 135 with PowerShell
Port 135 is critical for RPC endpoint mapping. Use this to test if it’s open:
Test-NetConnection -ComputerName 127.0.0.1 -Port 135
If you get TcpTestSucceeded: True, RPC is listening.
To check it remotely:
Test-NetConnection -ComputerName YOUR_REMOTE_HOST -Port 135
Replace YOUR_REMOTE_HOST with the actual machine name or IP.
4. Use TCPView to Monitor RPC Traffic
Download TCPView from Microsoft Sysinternals. Run it and watch for connections to svchost.exe on port 135 or dynamic high ports (49152–65535). If you see activity, RPC is communicating.
5. Use Registry to Confirm RPC Binding
Open Registry Editor (regedit) and navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
Check that Start is set to 2 (Automatic). If it’s 4 (Disabled), RPC won’t start on boot.
Warning: Never edit the registry unless you’re sure what you’re doing.
6. Use Event Viewer for RPC Errors
Open Event Viewer and navigate to:
Windows Logs > System
Look for any errors with Source: Service Control Manager or DCOM or anything mentioning RPC. Double-click the event to get detailed information.
You can also filter log with this PowerShell command:
Get-WinEvent -LogName System | Where-Object { $_.Message -like "*RPC*" }
7. Use WMI to Check RPC Functionality
WMI heavily relies on RPC. Run this command:
Get-WmiObject Win32_OperatingSystem
If RPC is down, you’ll likely see an error like:
Get-WmiObject : The RPC server is unavailable.
This is a direct sign RPC isn’t working.
8. Verify with PowerShell Remoting
PowerShell Remoting uses RPC for initial handshakes. Run:
Enter-PSSession -ComputerName YOUR_REMOTE_HOST
If the RPC server isn’t working, you’ll receive an error like:
[YOUR_REMOTE_HOST] Connecting to remote server failed with the following error message : The RPC server is unavailable.
9. Check Firewall Rules
If you’re testing over the network, ensure the firewall allows inbound connections on port 135 and dynamic ports. Use:
Get-NetFirewallRule | Where-Object { $_.DisplayName -like "*RPC*" }
Make sure any relevant rules are enabled (Enabled: True).
