Certification Authority & Windows Firewall

Hi folks

I have recently set up an Enterprise Certifcation Authority on a Windows
2003 server running Windows firewall.

My domain controllers are now failing AutoEnrollment with the following
error in the Apllication log:-

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 13
Date: 08/11/2007
Time: 13:45:12
User: N/A
Computer: DC1
Description:
Automatic certificate enrollment for local system failed to enroll for one
Domain Controller certificate (0x800706ba). The RPC server is unavailable.

In addition, when I use the Certification Authority mmc to connect to the CA
server I get an error saying the RPC server is unavailable with an
acompanying System Log error referring to the CertSrv.Admin server:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10006
Date: 08/11/2007
Time: 13:07:55
User: N/A
Computer: JANE
Description:
DCOM got error "The RPC server is unavailable. " from the computer freddy
when attempting to activate the server:
{D99E6E73-FC88-11D0-B498-00A0C90312F3}

I have TCP port 135 for the RPC Locator service open on the CA server and
there don't appear to be any dropped packets in the firewall log, however
when I disable windows firewall the above errors go away.

Am I right in thinking that despite the lack of logged dropped packets I'll
have to open the ephemeral ports on windows firewall for this to work or is
there a way to fix the ports that the CA service uses (I have so far failed
to find one)?

If so this is a lot of firewall exceptions to set up, even if I limit the
number of ports RPC can use to the minimum recommended (100). Is MS ever
going to allow port ranges in Windows Firewall ?

Cheers

Tony