Quantcast
Channel: Active Directory Rights Management Service(On premise) forum
Viewing all 1025 articles
Browse latest View live

AD RMS Policy Apply Failed

July 16, 2013, 6:50 am
$
0
0

Hi,

Greetings!!!

I Have installed AD RMS in windows 2008 R2 SP1 Server with another DB Server . We need to enable IRM in Exchange 2010 SP2 RU3.

we have enabled IRM in Exchange 2010 but while access Default "Do Not Forward " policy in OWA , which are mail sent with this template user received mail as attachment and this is not working.

when we open the mail following message is coming : "The message you tried to open is protected with Information Rights Management. The RMS server isn't set up correctly. To resolve this problem, contact your helpdesk."

Policy Share folder is having Everyone Full Access / AD RMS Service Account having full access.

we are not use any of group policy in our network.

Is there anything we missed to complete the setup.

Thanks in Advance

Thanks & Regards, Kesa_Kara

Search

Restrict Access to a folder by anyone, but sertain application

May 25, 2013, 7:35 am
$
0
0
Good Day! I have a pretty straightforward task: to restrict the access to a folder by anyone but a certain application. That folder contains database and text and image files. Is there a way or a trick to do it. Respectfully thank you for your advise!

User still open protected file while he/she was removed from group

July 15, 2013, 2:53 am
$
0
0

Hi all,

My scenario is: AD RMS Template Policy P1 apply for group G1. User U1 is a member of group G1.

Step1: remove U1 from G1

Step2: create a document and protect it by Policy P1

Step3: logon by user U1 and open the protected document

=== Actual result ===

Step3: U1 open the document normally

=== Expect result ===

Step3: U1 cannot open the document because user is removed from G1

RMS Team, please confirm this is an issue or I'm missing something



UAC rights in windows 8

May 31, 2013, 5:05 am
$
0
0

how to give UAC login Right to the domain user, because in domain, we are not possible to disable UAC in system. and give local admin right to user. 

How to remove permission on document applied by RMS

April 30, 2012, 9:56 pm
$
0
0

Hi All,

We have hundreds of documents protected using RMS. So is there any way to remove all the permission applied to these documents once?

Dilshan


WinXP app is getting 8004cf3b but Office is working

July 23, 2013, 4:00 am
$
0
0

Hi all,

I have a rms production server running with non-domain workstations for a self developed application (registry key for serivce discovery and added rms location to local intranet sites).

I Win7 all is working right but in WinXP (SP3 with rms client installed) the application is not working. The strange is that Office is working OK with RMS on those WinXP (using the same user) but our app is hitting the same error always.

All logs on IIS rms server are normal and RMS logs state that CLC have been created with sucess.

Any help is greatly appreciated.

Regards,

Joao

This is part of the debugview on XP client :

0000020679.47151947[904] [msdrm]:+DRMAcquireLicense wszOptionalLAUrl=(null),uFlags=0    
0000020779.47159576[904] [msdrm]:+AcquireLicense
0000020879.47341919[904] [msdrm]:-AcquireLicense
0000020979.47344971[904] [msdrm]:-DRMAcquireLicense HR=0
0000021079.47358704[904] [msdrm]:+AcquisitionProc
0000021179.47364044[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
0000021279.47384644[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000021379.47388458[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
0000021479.47411346[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000021579.47415924[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
0000021679.47444916[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000021779.47448730[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
0000021879.47483063[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000021979.47486115[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 1
0000022079.47517395[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000022179.47520447[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 1
0000022279.47553253[904] [msdrm]:-DRMDeconstructCertificateChain HR=0
0000022379.47555542[904] [msdrm]:+DRMDeconstructCertificateChain iWhich = 2
0000022479.47586823[904] [msdrm]:-DRMDeconstructCertificateChain HR=80070057
0000022579.53129578[904] [msdrm]:CHttpBase::DispatchRequest returned hr:8004cf3b,ErrorCode=12007 when hitting Url=http://xxx.yyyy.local/_wmcs/licensing/License.asmx with Post size=22949
0000022679.53136444[904] [msdrm]: FAILED : 8004cf3b
0000022779.53144836[904] [msdrm]:-AcquisitionProc
0000022879.82717133[904] [msdrm]:+DRMCloseSession
0000022979.82724762[904] [msdrm]:+DRMAcquireLicense wszOptionalLAUrl=(null),uFlags=4 DRM_AL_CANCEL    
0000023079.82727051[904] [msdrm]:-DRMAcquireLicense HR=0
0000023179.82730865[904] [msdrm]:-DRMCloseSession HR=0


AD RMS SDK 2.1 "The system cannot find the file specified"

July 23, 2013, 12:30 pm
$
0
0

I'm new at RMS and I'm developing an application to rms encrypt some documents.

I'm trying to get started with the interop example posted some time ago, but when I run the application, it fails with the following error:

InformationProtectionException was unhandled.

The system cannot find the file specified. HRESULT: 0x80070002

At no point it says which file it's trying to find. This is part of the code I'm trying to run:

SafeNativeMethods.IpcInitialize();
SafeNativeMethods.IpcGetTemplateList(null, true, true, false, true, null, null);

The initialization goes ok, but when I try to get the templates (or the issuers via SafeNativeMethods.IpcGetTemplateIssuerList), it throws the file not found exception.

Has anybody faced this issue? What am I doing wrong?

Thank you all in advance!
Alejandro

Print RMS document with template warning / info / label is it possible ?

July 24, 2013, 11:04 am
$
0
0

Olá,

Print RMS document with the template label information is it possible ?

Thanks,

Miguel Ângelo Saragoça Soares

Search

AD RMS Installation in Forest with multiple Domains

July 24, 2013, 2:08 am
$
0
0

Hi,

I'm going to install AD RMS in an environment with several domains within a forest. In this environment exist a parent domain and four child domains. So, there are my questions:

- In which domain I have to install AD RMS? In the one with the Global Catallog? 

- AD RMS works at forest level? I mean that if you install AD RMS in the forest, all users, regardless of the domain they belong to, can use this tool.

- If I were to install AD RMS in a child domain, I assume that the SCP would be created in its AD. Users in other domains could use AD RMS in this scenario?

Thanks,

Miguel

What permissions do I need to restart a service?

July 26, 2013, 4:28 am
$
0
0

Hi,

I have a scheduled task that runs a PowerShell script to restart a Windows Service. I use a domain account to start this scheduled task and have given that account the "Log on as a batch job" permissions in the Local Security Policy. However, it does not have the correct permissions yet to restart a service.

So my question is, what permissions do I need to run the PowerShell command "Restart-Service MyService" (except making the user local administrator)?

Thanks in advance!

MMC Crashes when trying to add role: AD Rights Management Services

July 26, 2013, 8:46 am
$
0
0

Hi,

The moment I select AD rights management Services role to add, mmc crashes.

I was able to install the role via powershell.

I see the error below:

MMC has detected an error in snap-in error 

and another screen says: System.Reflection.TargetInvocationException

I was also able to select another role and mmc didn't crash.

Thanks for the help!

Kuby

Can't install addtionnal AD RMS ???

May 27, 2013, 5:57 am
$
0
0

 My company has 3 sites at 3 cities.

 First, I installed AD RMS (Windows Server 2K8 R2 SP1) at HO (head office).

 Now, when I install a second (addtionnal) AD RMS at 2 brand office and want to join them into the same cluster with guideline:

http://technet.microsoft.com/en-us/library/cc754578%28v=ws.10%29.aspx

 And so I get error:

********************************

 Warning: Windows automatic updating is not enabled. To ensure that your newly-installed role or feature is automatically updated, turn on Windows Update in Control Panel.

Active Directory Rights Management Services: Installation succeeded with errors
   Error: Attempt to configure Active Directory Rights Management Server failed.  There is a problem logging in as the service account.  Either the entered domain, user name, and password are incorrect, or the user does not have permissions to log in to the local machine. Verify your user configuration and try again.    at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.VerifyServiceAccountCredentials()
   at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.CheckInstallationEnvironment(String strDatabaseName, String strDBServerName)
   at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run()
   at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()
   at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data)
   at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()
Remove and re-install AD RMS to attempt provisioning again.
   Warning: Before you can administer AD RMS on this server, you must log off and log on again.
   Informational: <a href="rms_help.chm|html/a928c435-77a8-49fe-b08e-bfdc6bcc1fa7.htm">If the AD RMS cluster has been configured for SSL, you must import and configure the cluster's SSL certificate on this server.</a>
   The following role services were installed:
   Active Directory Rights Management Server
**************************************

I'm sure the user and password are correct. But I dont know why???

Someone help me to fix it.

Thanks !!!

Local admin password for Desktop and servers.

May 23, 2013, 5:09 am
$
0
0

hi,

What is best practice to chnage local admin password on desktop and servers within your domain.

We have different password windows 7,XP and different password for Windows 2003/2008

file sharing without synchronization

July 27, 2013, 10:03 am
$
0
0
I need help because I am not a windows guru.
My home business was set up with XP pro and a lan so my wife could wifi into my desktop from her laptop and select  embroidery  files to load on her embroidery machine to create orders.
I had folders that I could right click on and allow her access to finished files and folders with not completed files in that she was restricted from to eliminate mistakes.
I have had an automatic MS update and I can no longer have share files as I once could.
Now when I right click on a folder and expect the ability to set file sharing I get file synchronization options that I don't want. and I have lost the ability to set file sharing.

Microsoft Office Not Connecting to AD RMS Server

July 29, 2013, 9:06 am
$
0
0

HELP!!!!

I recently Deployed AD RMS to my Network and all configurations completed.

When I try to protect a document, I select Manage credentials and select the option to Use a Microsoft Windows Account as shown below

.

It prompts for my credentials and the dialog box shows that it is pointing to the deployed server.

upon entering my credentials it displays accessing Rights Management Server for a couple of seconds and then returns

"A problem occurred while contacting the restricted permission service. please try again later or contyact your administrator for more details...

Please Helps as this is delaying the completion of this project. Below are my Servers Info:

I have 2 mail servers hosted On-Premise running Exchange 2010 and Exchange 2013

AD RMS SERVER

Windows Server 2012

SQL 2012

EXCHANGE SERVERS

1.Windows Server 2012/ Exchange 2013 

2.Windows Server 2008R2 SP1/Exchange 2010 SP3.


Search

Set-IRMConfiguration failing with 401. Using AD RMS 2012 member server and Exchange 2010 SP2

August 1, 2013, 1:49 pm
$
0
0

We have a new AD RMS 2012 member server in a Win08R2SP1 Native domain.

We have Exchange 2010 SP2 Rollup 4v2.

I put exchange fed mailbox in a rmssuper group and enabled this group in ad rms.

I gave Exchanger Servers group acl access to servicelocater.asmx, server.asmx, and servercertification.asmx.

Office 2013 clients can access and use policy templates from this AD RMS server.

Trying to enable irm on the Exchange server and I am getting

[PS] C:\Windows\system32>Set-IRMConfiguration -InternalLicensingEnabled $true
The request failed with HTTP status 401: Unauthorized. ---> Failed to get Server Info from https://rms.juf.org/_wmcs/ce
rtification/server.asmx.
    + CategoryInfo          : InvalidOperation: (:) [Set-IRMConfiguration], Exception
    + FullyQualifiedErrorId : FECD1A6C,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration

Running the test-irm, I get this:

Results : Checking Exchange Server ...
              - PASS: Exchange Server is running in Enterprise.
          Loading IRM configuration ...
              - PASS: IRM configuration loaded successfully.
          Retrieving RMS Certification Uri ...
              - PASS: RMS Certification Uri: https://rms.juf.org/_wmcs/certification.
          Verifying RMS version for https://rms.juf.org/_wmcs/certification ...
              - WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
          hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
           or AD RMS on Windows Server 2008 R2.
          ----------------------------------------
          Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
          //rms.juf.org/_wmcs/certification/server.asmx. ---> System.Net.WebException: The request failed with HTTP sta
          tus 401: Unauthorized.
             at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebRespons
          e response, Stream responseStream, Boolean asyncCall)
             at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
             at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
          uests)
             at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
          )
             --- End of inner exception stack trace ---
             at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
          )
             at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
          rviceType serviceType)
             at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
          ----------------------------------------

          OVERALL RESULT: PASS with warnings on disabled features

IIS Log on RMS shows:

2013-08-01 20:38:46 ADrmsIP# POST /_wmcs/certification/server.asmx - 443 - cashubIP# Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5466) - 401 2 5 0

Information Rights Management trial service for Office is disrupted by certification error

September 24, 2012, 2:27 am
$
0
0

The problem is as described in this link:

http://support.microsoft.com/kb/2711170

I cannot open my Excel 2010 document which has been protected by IRM.

"Your computer cannot be configured at this time because the Account Certification Service is not available. Please run this wizard again later. To close this wizard, click Cancel."

I have been using this protected document under IRM for months, suddenly not able to access.

Please help.

Cheers

Amala Singh

Can not access my Windows Rights Management

August 8, 2012, 11:28 am
$
0
0
I cannot access my excel file that I set-up restricted access through Windows Rights Management (WRM). I have a Windows Live ID but when I follow the  WRM configuration wizard a 'Security Alert' pop-up appears'A secure connection with this site cannot be verified. The certificate you are viewing does not match the name of the site you are trying to view. would you like to proceed?' when I continue I am told thatthe 'Account Certification is not available' and an 'error has occurred'. I have tried accessing my file over 12X. Please help.

Has the trial expired (6 months), I cant recall receiving an email reminding me? If I received an email, it may have gone directly to 'Junk' and I didn't read it. If this has happened, how can I get access to my file. I need this spreadsheet for work? I use it daily.

I've been advised that Windows may need to up-date their account certificate for this program to enable log-in? is this correct?

AD RMS on Server 2012 not working with Office 2010 but works with 2013.

August 3, 2013, 9:59 pm
$
0
0

Hello,

We are testing ADRMS for use in our infrastructure. I have the RMS server running on Server Standard 2012, and it is configured and everything is working properly. I have a couple of test templates that I am deploying.

The issue I am running into is that When I try to change the Permissions to use IRM in Word 2010, I get the following error:

A problem occurred while contacting the restricted permission service. Please try again later or contact your administrator for more details.

However, in Word 2013, it works perfectly. I can create a document, apply the policy to it and it works. I can open the document in Word 2013 and the restrictions apply. However, if I try to open the document in Word 2010, I get the above error again.

The clients are all Windows 7 64-bit. All I did to configure them was add the URL to the Intranet Sites in the Internet Settings Control Panel, and enabled/started the RMS Scheduled Task (automatic).

One thing I have noticed is that in the %localappdata%\Microsoft directory, I have an MSIPC folder on the systems running Office 2013 with my templates and all applicable settings, where on the boxes with Office 2010, I have a DRM folder with just a CERT-Machine.drm file.

Any help would be greatly appreciated. If you need more information, please let me know.

Thank you!

AD RMS - Plan

August 4, 2013, 3:32 am
$
0
0

Dear All ,

Our company wants to have AD RMS

As- Is of the company

- We have a windows CA infrastructure in place 

- Multiple applications , VPN

- Users access documents even over the internet

Can AD RMS provide the following

- Deloy Rights Management system that works even outside our network perimeter

- RMS should be Integrable with existing Windows CA infra

- RMS that is platform independent - device , OS , etc

Viewing all 1025 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>