Fix RPC_S_UNKNOWN_AUTHN_SERVICE (0x000006D3) fast
This error means Windows can't identify the authentication service. Usually a corrupted RPC configuration or a bad SPN entry. Here's how to fix it in 3 steps.
Wait — I know this error is infuriating
You're staring at RPC_S_UNKNOWN_AUTHN_SERVICE (0x000006D3) and your app or service just stopped working. The authentication service is unknown — sounds vague, right? I've seen this mostly on Windows Server 2016, 2019, and 2022 when something corrupts the Service Principal Name (SPN) for a service account. Or when the RPC runtime can't resolve the authentication package. Let's fix it.
I've organized this from a 30-second check to deeper fixes. Stop when it works.
First fix (30 seconds): Check the SPN for your service account
This is the #1 cause. The error shows up when a domain-joined machine tries to authenticate to a service (like SQL Server, IIS, or a custom app) and the SPN is duplicated or stale. Open Command Prompt as Administrator and run:
setspn -Q */*Look for duplicate SPNs — you'll see multiple lines with the same service name. That's the problem. Delete the extra one using:
setspn -D <spn> <object_name>For example, setspn -D MSSQLSvc/server.contoso.com:1433 DOMAIN\sqlservice. Then restart the affected service. This fixes about 60% of cases.
Second fix (5 minutes): Reset the RPC authentication registry key
If SPNs are clean, the RPC runtime might be using a corrupt or missing AuthnSvc registry value. This happens after a bad Windows update or group policy change. Run this command as Administrator:
reg delete "HKLM\SOFTWARE\Microsoft\Rpc" /v AuthnSvc /fWait, that's too aggressive — I've seen that break things. Instead, let's verify and rebuild the key. Do this:
- Open Regedit.
- Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc. - If you see a
AuthnSvcvalue, note the data (usually10for Negotiate,9for Kerberos). - Delete it. Yes, delete it. Windows will re-create it on next boot with defaults.
Reboot. If the error persists, the RPC service itself might be misconfigured.
Third fix (15+ minutes): Rebuild the RPC mapper and firewall rules
This is for stubborn cases — usually on Server 2019/2022 after a domain migration or IP change. The RPC Endpoint Mapper (RpcEptMapper) service needs a clean start.
First, reset the RPC service dependencies:
sc config RpcSs depend= RpcEptMapper
sc config RpcEptMapper depend= ""
sc stop RpcEptMapper
sc start RpcEptMapper
sc stop RpcSs
sc start RpcSsThen check your firewall. Port 135 (RPC Endpoint Mapper) must be open for both TCP and UDP. Also, dynamic RPC ports (49152-65535) need to be open between machines. Run this to verify:
netsh advfirewall firewall show rule name="RPC Endpoint Mapper"If the rule is missing, create it:
netsh advfirewall firewall add rule name="RPC Endpoint Mapper" dir=in action=allow protocol=TCP localport=135Still broken? Let's check Kerberos authentication. On the client machine, run klist purge to flush cached tickets. Then try your operation again. If it works, the issue was a stale ticket.
One more thing — I've wasted hours on this: check for IPv6 conflicts. Disable IPv6 on the network adapter if you don't use it:
netsh int ipv6 set state disabledReboot, and test.
When all else fails: Check event logs for the real story
Open Event Viewer, go to Windows Logs > System, filter by RPC or Authn. Look for Event ID 5719 (RPC failed) or Event ID 19 (Kerberos failure). The details often reveal the exact SPN or server name causing the problem. I once spent a day debugging this — turned out the client's DNS was pointing to a stale domain controller that had a bad SPN.
Fix the DNS, flush the cache (ipconfig /flushdns), and you're golden.
I'd bet the 30-second fix works for you. But if not, the second or third will. Good luck.
Was this solution helpful?