Windows Rights Management -Account Certification Service

August 3, 2013, 4:53 am

≫ Next: Protected Document for External Client

≪ Previous: AD RMS - Plan

$

0

0

I have been using Windows Rights Management for some years to protect  some files. Occasionally I am asked to sign in and it works again, however I am now completely unable to access my files. I get a box headed Windows Rights Management, which sometimes stays blank and other times asks if I have a Live ID. I select Yes, and get the sign in screen. It then asks if this is a private or public computer. I select Private and it starts to load the Account Certification service. I then get the error message:

"Information Rights Management Configuration Wizard cannot Complete

An error has occurred

Your computer cannot be configured at this time because the Account Certification Service is not available. Please run the wizard again later.

To close this wizard, click Cancel."

I have been trying to access my files for three days now and continually get this problem. It worked a week ago.

Would be grateful for any help in solving this as it is urgent that I get access to the files.

Thanks.

---

Protected Document for External Client

August 6, 2013, 1:39 am

≫ Next: Some issues when using Microsoft Rights Management sharing application

≪ Previous: Windows Rights Management -Account Certification Service

$

0

0

Dear All,

I've Implemented AD RMS 2012 in my Environment and its working perfectly, I'm planning to Make it exposable to External clients, My Question is , If I protected a Document using ADRMS and this Docuemnt has been sent to a user outside of my Organization (Doesn't Have credentials in My domain), will he be able to open and edit this Document ?

Thanks,

Some issues when using Microsoft Rights Management sharing application

August 7, 2013, 2:32 am

≫ Next: End of RMS 1.0 SP2 service?

≪ Previous: Protected Document for External Client

$

0

0

Hi all,

I've just downloaded "Microsoft Rights Management sharing application". 

The 1st issue: I try to use new feature Share Protected (by menu context) but error happen "An internal error occurred. Error code: 0x8007054F"

The 2nd issue: I saw the Microsoft RMS Office Addins installed. But no button added in Office Toolbar as this link mentioned http://technet.microsoft.com/en-us/library/dn339006(v=ws.10).aspx

Any ideas or suggestions are appreciated, thanks

End of RMS 1.0 SP2 service?

August 8, 2013, 5:13 am

≫ Next: Feature "Share Protected" not working when using Microsoft Rights Management sharing application

≪ Previous: Some issues when using Microsoft Rights Management sharing application

$

0

0

Is it true that the RMS 1.0 SP2 will stop working for customers at the end of this year?

And if it is, where can I find an article or announcement or some paper that confirm this so I can deliver it to customer?

Best Regards,

Feature "Share Protected" not working when using Microsoft Rights Management sharing application

August 7, 2013, 2:32 am

≫ Next: User authentication before protect a document by AD RMS

≪ Previous: End of RMS 1.0 SP2 service?

$

0

0

Hi all,

I've just downloaded "Microsoft Rights Management sharing application". 

The 1st issue: I try to use new feature Share Protected (by menu context) but error happen "An internal error occurred. Error code: 0x8007054F"

The 2nd issue: I saw the Microsoft RMS Office Addins installed. But no button added in Office Toolbar as this link mentioned http://technet.microsoft.com/en-us/library/dn339006(v=ws.10).aspx

Any ideas or suggestions are appreciated, thanks

User authentication before protect a document by AD RMS

August 8, 2013, 2:09 am

≫ Next: Any available beginner guide to coding AD RMS in C#?

≪ Previous: Feature "Share Protected" not working when using Microsoft Rights Management sharing application

$

0

0

Hi all, 

I searched on google flowchart of user authentication before protect a document by AD RMS, but no article found.  I only found the article for AD RMS server and client boostrapping and article for Licenses and Certificate

I want to know the detail of authentication user phase:
- What component do this task?
- What happen when user enter the credential (username and password), how client verify user has email on LDAP or not? 

The more details for user authentication phase is better for me.

Thank you in advance.

Any available beginner guide to coding AD RMS in C#?

May 13, 2013, 2:12 am

≫ Next: Create new AD-RMS Licensing only cluster is not showing

≪ Previous: User authentication before protect a document by AD RMS

$

0

0

Hi all,

I am very new to AD RMS and C#. I have downloaded AD RMS SDK 2.1 and found it to be coded in C++.

I would like to create an application in C# which is able to protect (Encrypt/Decrypt) an Office document. Is there any helpful beginner or simple guide around? Thanks in advance!

Create new AD-RMS Licensing only cluster is not showing

May 16, 2013, 10:17 pm

≫ Next: Test-IRM Failed.

≪ Previous: Any available beginner guide to coding AD RMS in C#?

$

0

0

I am trying to configure AD RMS for Sharepoint Server 2010 on window server 2012 by using below reference :

http://msmvps.com/blogs/ivansanders/archive/2012/06/08/check-out-the-weather-forecast-for-teched-2012.aspx

I have created separate server and installing AD-RMS service using Enterprise Admins Account . It is successfully installed . But at the time of configuring the option Create new AD-RMS Licensing only cluster is not showing .

We already have separate existing server for AD . And I am configuring RMS on another server .

Warning It is showing as below .

 

"The SCP is Registered but the root cluster can not be contacted . Yo can still join an existing cluster . The Remote name could not be resolved :'wrmserver'"

---

Test-IRM Failed.

May 30, 2013, 2:09 am

≫ Next: IRM: This content cannot be displayed in a frame

≪ Previous: Create new AD-RMS Licensing only cluster is not showing

$

0

0

Hi All,

Please help,

OS I am using is windows server 2012 for adrms.

Exchange is running on 2008 r2 sp1.

Exchange is 2010 sp3.

Cryptographic mode on adrms server is set to 2.

I already assigned permissions on servercertification.asmx and publish.asmx files.

Added super users group to federated mailbox.

Exchange 2010 sp3, adrms cryptographic mode 2 i am using. Please help. 

Following error I am getting.

Results : Checking Exchange Server ...
              - PASS: Exchange Server is running in Enterprise.
          Loading IRM configuration ...
              - PASS: IRM configuration loaded successfully.
          Retrieving RMS Certification Uri ...
              - PASS: RMS Certification Uri: https://rms.easeblr.com/_wmcs/certification.
          Verifying RMS version for https://rms.easeblr.com/_wmcs/certification ...
              - PASS: RMS Version verified successfully.
          Retrieving RMS Publishing Uri ...
              - PASS: RMS Publishing Uri: https://rms.easeblr.com/_wmcs/licensing.
          Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC) ...
              - FAIL: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC).
          This failure may cause features such as Transport Decryption, Transport Protection Rules, Journal Report Decr
          yption, IRM in Outlook Web App, IRM in Exchange ActiveSync, and IRM Search to not work. Make sure that the Ex
          change Servers Group is granted "Read" and "Read & Execute" rights on the ServerCertification.asmx and Publis
          h.asmx pipelines on your AD RMS server. For details, see "Set Permissions on the AD RMS Certification Pipelin
          e" at  http://go.microsoft.com/fwlink/?LinkId=186951.

Please help. Any help will be highly appreciated.

---

Manish Kumar MCSA, MCITP Enterprise Admin. MCTS Exchange server 2007, MCITP Virtualization Admin.

IRM: This content cannot be displayed in a frame

May 7, 2013, 2:41 pm

≫ Next: How to RE-setup a new AD RMS in window server 2012 for SharePoint 2013?

≪ Previous: Test-IRM Failed.

$

0

0

The same with my excel file  .. I confirm that I have a windows live account the next part fails to load displaying 'This content cannot be displayed in a frame'.......

How to RE-setup a new AD RMS in window server 2012 for SharePoint 2013?

May 29, 2013, 3:03 am

≫ Next: AD RMS Office 2010 does not give right restriction options

≪ Previous: IRM: This content cannot be displayed in a frame

$

0

0

How to re-setup a new AD RMS in window server 2012 for SharePoint 2013?

Previously I have configured my server by Adding roles and features and checked the AD RMS features.
Now I want to delete the AD RMS Root Cluster, where and how can I delete the AD RMS Root Cluster.
I have referred to this guide http://www.scribd.com/doc/5987753/Removing-Active-Directory-Rights-Management-Services-StepByStep-Guide but I couldn't do it because IN:

Step 1: Decommission AD RMS Root Cluster

To enable the decommissioning service

1. Log on to ADRMS-SRV as cpandl\adrmsadmin.
2. Click Start, point to Administrative Tools, and then click Active DirectoryRights Management Services.
3. If the User Account Control dialog box appears, confirm that the action itdisplays is what you want, and then click Continue.
4. Expand the AD RMS cluster, expand Security Policies, and then click Decommissioning.
5. In the Actions pane, click Enable Decommissioning.
6. Click
7. Decommission

I can't see step 3, expand security policies. I want to remove the AD RMS Root Cluster, is this the right way? If yes, please help me out.

AD RMS Office 2010 does not give right restriction options

May 18, 2013, 2:04 am

≫ Next: How to remove protection when employee (creator) left company

≪ Previous: How to RE-setup a new AD RMS in window server 2012 for SharePoint 2013?

$

0

0

Hi,

I have installed a AD RMS server role to a dedicated server and followed these instructions: http://technet.microsoft.com/en-us/library/cc753531(v=WS.10).aspx

I have a domain let say contoso.com and servers are: ADRMS.contoso.com(MS Server 2012), DC1.contoso.com(MS Server 2008 R2) and DB1.contoso.com(MS Server 2008 R2).

I have configured the AD RMS service to use URL https://rms.conto.com and redirections are done by network traffic controller and DNS which converts the requested address to specific IP(FQDN:ADRMS.contoso.com). It uses HTTPS/SSL. I can logon localy to ADRMS cluster console(Add Cluster>Remote Computer) from the server with the URL rms.conto.com(required a regedit) and also can connect from client machines to https://rms.conto.com/_wmcs/certification/certification.asmx and https://rms.conto.com/_wmcs/licensing/license.asmx. Though I am unable to logon locally to the cluster console using Add Cluster>Local Computer.

SCP is created to DC1 with serviceBindingInformation = https://rms.conto.com/_wmcs/certification

Problem is that when I open Word 2010 and create a document and try to do a Restrict Permission by People>Restrict Access, it only offers me Microsoft Live ID or Windows Account. If I choose Windows Account it has problem contacting "restricted permission service".

Have tried to clear DRM folder from %localAppData%\Microsoft\DRM but no help.

I also happed to notice a strange log at the ADRMS-server: 

This Active Directory Rights Management Services (AD RMS) cluster cannot perform an operation on one of the AD RMS databases. Ensure that all AD RMS databases are operating correctly on the network and that the AD RMS service account has read and write permissions to the databases.

Parameter Reference
Context: STATIC
RequestId: N/A
HelpLink.ProdName: Microsoft SQL Server
HelpLink.EvtSrc: MSSQLServer
HelpLink.EvtID: 18456
HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
HelpLink.LinkId: 20476
SqlError-0.State: 1
SqlError-0.Class: 14
SqlError-0.Server: DB1
SqlError-0.Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
SqlError-0.Number: 18456

Microsoft.RightsManagementServices.LowSeveritySqlException
        Message: The Database Engine threw this exception in response to an error that can be corrected by the user, such as a missing database object or entity, possible data inconsistency, transaction deadlock, security setting problems, or SQL command syntax error.  Please examine the SqlError details for more information.
        HelpLink.ProdName: Microsoft SQL Server
        HelpLink.EvtSrc: MSSQLServer
        HelpLink.EvtID: 18456
        HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
        HelpLink.LinkId: 20476
        SqlError-0.State: 1
        SqlError-0.Class: 14
        SqlError-0.Server: DB1
        SqlError-0.Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
        SqlError-0.Number: 18456
  + System.Data.SqlClient.SqlException
  +         Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
  +         HelpLink.ProdName: Microsoft SQL Server
  +         HelpLink.EvtSrc: MSSQLServer
  +         HelpLink.EvtID: 18456
  +         HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
  +         HelpLink.LinkId: 20476

Why it tries to connect to SQL server(DB1) with Anonymous -account? I have installed AD RMS with ADRMSADMIN -account(with correct permissions) and configured it to use ADRMSSRVC -account as service account.

Other thing is that I can't change that service account with ADRMSADMIN from the ADRMS -console because the "Next" is grey all the time. I always have to log in to management console using "remote" cause "local machine" gives me error message. Probably this is because the cluster address is different than the machine name that is hosting the service(AD RMS -server role).

Client computer have Windows7+Office 2010 Professional Plus. Client computers does not have these registry keys:HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM , HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\MSDRM but have this: HKEY_LOCAL_MACHINE\Software\Microsoft\DRMbut empty.

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRMis present and has "CachedCorpLicenseServer" and "ServiceLocations" with correct url values. Should the ServiceLocations be named like "1|2|" 2|2|?

How to remove protection when employee (creator) left company

June 18, 2013, 1:51 am

≫ Next: Support For Wireless ac band network cards

≪ Previous: AD RMS Office 2010 does not give right restriction options

$

0

0

Hi all,

In the scenario: the employee, who create protected document through AD RMS, leaf company. And when creator applied Policy Templates to documents, the Policy Templates has no Super User Group setting. How can the IT manager remove the protection from documents without creator right?

Thank you.

Support For Wireless ac band network cards

August 8, 2013, 11:55 pm

≫ Next: reading HKLM within dll causes error

≪ Previous: How to remove protection when employee (creator) left company

$

0

0

Asus Support said that you do not have support for Wireless ac bands. My software only shows 400mbps instead of the normal 866/1300mbps. They said that it was a limitation on Windows. When will it be fixed?

reading HKLM within dll causes error

August 12, 2013, 4:38 am

≫ Next: ADRMS Protected docuemnt

≪ Previous: Support For Wireless ac band network cards

$

0

0

Pre windows 7, all my written programs used read and write to the registry via separate user defined DLL without any problems,

Now all that happens is an access right error,

Is a way to set/check access rights within DLL, or am I missing something.  

---

ADRMS Protected docuemnt

August 13, 2013, 2:09 am

≫ Next: RMS to ADRMS migration - Contents are no longer protected

≪ Previous: reading HKLM within dll causes error

$

0

0

Hi 

We have migrated our RMS 1.0 to ADRMS 2008 R2 SP1. 

I have follow the below procedure.

1. .      backup the RMS Server.
2.       Export the SLC,TUD,TPD.
3.       Backup RMS pipe Line
4.       Remove the SCP.
5.       Install a new ADRMS Cluster.
6.       Install the Certificate server.
7.       Create a new template.

Now what is the problem is when a user tries to open existing RMS protected document. He is not able to open that. I have not decomisioned the previous RMS server as well as templates aslo.

Kinldy suggest what i have to do for opening the document

---

Thanks and Regards Deepak

RMS to ADRMS migration - Contents are no longer protected

April 8, 2013, 11:29 pm

≫ Next: Remove Smart Card from UAC Authentication...

≪ Previous: ADRMS Protected docuemnt

$

0

0

Hello,

I have performed RMS 1.0 sp2 migration to new server with ADRMS

Now users are able to open old content, create new contents with protection, but everything is opening

and not secured, what am I missing.

Remove Smart Card from UAC Authentication...

August 13, 2013, 11:27 am

≫ Next: In Place Upgrade AD RMS Windows Server 2012

≪ Previous: RMS to ADRMS migration - Contents are no longer protected

$

0

0

I'm servicing a business that uses Smart Card to reprogram for SentriLock. They've had problems in the past with users installing unauthorized software, so we locked the computers down (user account is Standard and we enabled the Administrator account, password protected). The problem is now that we've done that, whenever the UAC dialog box comes up it has "insert Smart Card" as an option. The little boogers just stick a smart card in and voila they gain admin clearance.

What's the best solution? I wanted to simply delete or disable a registry key. Is there something else?

In Place Upgrade AD RMS Windows Server 2012

September 13, 2012, 1:22 am

≫ Next: SSL Cerficate for configure the AD RMS Licensing-only Cluster

≪ Previous: Remove Smart Card from UAC Authentication...

$

0

0

Hi All,

Currently my AD RMS running on top Windows 2008 R2 SP1 and also there's a SQL 2008 in it. Is it possible to do an in place upgrade to AD RMS Windows Server 2012 ? Anyone try it ?

So I want to upgrade the OS to Windows Server 2012, is it also will upgrade AD RMS ?

---

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Krisna Ismayanto | My blogs: Krisna Ismayanto | Twitter:@ikrisna

SSL Cerficate for configure the AD RMS Licensing-only Cluster

August 14, 2013, 3:31 am

≫ Next: Domain Admin Rights

≪ Previous: In Place Upgrade AD RMS Windows Server 2012

$

0

0

Hi all,

I'm following this guide to set-up AD RMS Licensing-only cluster
http://technet.microsoft.com/en-us/library/cc771183(v=ws.10).aspx

But, at step 21: "Click the Choose an existing certificate for SSL encryption option, click the certificate that has been imported for this AD RMS cluster, and then click Next.". Is certificate is AD RMS root cluster certificate? Where does this certificate locate in AD RMS root cluster?

Thank you.