Hello, I recently posted this question in both the Azure and Office 365 forums and was referred here. We are currently using Office 365 and have enabled E3 licenses to use IRM in Office through Azure. We would like to encrypt a lot of documents using the AD RMS Bulk Encryption tool, however it requires an RMS template. Azure provides two (Confidential, and Confidential Read-only). These work using the tool, but when I try to modify the XML to customize the templates it breaks them and since I don't have access to the AD RMS MMC I cannot generate my own. Does anyone know how I can make this work?
↧
Azure RMS Templates
↧
Out of ideas
Basically a client is asking for AD RMS yesterday (as always) when none of us have had any training whatsoever for the installation/configuration of it...
Server 2008R2 with AD RMS role installed using SQL 2008R2 with W7 x64 clients. RMS, IIS, the SCP, the certs all "look" good: I can reach the IIS website(https://mydomain/_wmcs/certification/certification.asmx& https://adrms.prv/_wmcs/licensing/license.asmx without any errors, no certs issues. SQL databases seem correct (logging & configuration)
It just that whatever I do, the client will never, ever recognize that there is a RMS server online (using Word basically). IRMCHECK says is all green except for the activation & user cert, and those see like they are the issue.
I've tried the multiple manual registry keys (MSIPC for 2.0+ & MSDRM for 1.0, the Office keys, etc...).
The scheduled tasks to suck in the templates work fine as it downloads them to the correct folder ((...)\Microsoft\DRM\Templates)
Anybody have any idea at all what I can try?
Thanks
↧
↧
AD RMS Error 139
Hi,
i get Error 139 in AD RMS when I try to protect a word document with RMS.
I checked connectivty of client and server, also I checked nslookup on client and server.
When I open ADSIEdit and go to CN=Services,CN=Configuration,DC=domain,DC=com, there is CN=RightsManagementServices and then CN=SCP, but no other entries. Is something wrong with my Configuration?
Hope you can help
↧
"A problem occurred while contacting the restricted permission service."
I have setup AD RMS in a test environment. The RMS server is running Windows 2012 and the domain is a 2008. My client PC is a Windows 7 machine with Office 2007 Pro Plus.
When attempting to protect a document (Word or Excel, same issue), I get prompted for credentials. I enter in my user name (which also has an email address tied to the account in AD). It then asks me to use a Windows Live ID or use a Windows account. I chose 'Windows account'. I then get an error message 'A problem occurred while contacting the restricted permission service. Please try again or contact your administrator for more details.' I've attempted this with another test user account and get the same issues. I've also noticed that the one test policy I've created doesn't appear in the list either, and I have gone through the steps to publish it via a GPO.
I can access the Licensing and Certification URLs from the client machine. However, on the licensing page I get a 'HTTP Error 403.14 - Forbidden' error. Could this be part of the issue? The Certification page comes up just fine after I enter in my test user credentials.
Any help would be appreciated!
↧
Remove AD RMS Cluster
Hi,
how can I remove my AD RMS Cluster to create a new one?
I have some VM´s an which I try to install an RMS Test Environment. I installed RMS a time ago, but it did not work correctly. So I restored the "empty" Snapshots off the RMS and the SQL-VM. Now, when I want to install RMS and create a new cluster, i cannot, becaue it says there is an existing cluster. But I cannot install the server in this existing cluster, because the configuration database is not longer avaiable.
What can I do?
↧
↧
AD RMS on Windows 8
Hi,
I have installed AD RMS Cluster with Windows 2012 with Certificate singed by inter CA, now its work for most of the user but come user can't acquire user Certificate, these are the IRM results :
Operating system: Windows 7 Professional [6.1.7601.win7sp1_gdr.130828-1532] ( 64-bit OS )
Target: RM Production Environment
RM Hierarchy: [Production_Hierarchy]
Check Status Detailed information
1. Office System SUCCESS Microsoft Office System (build 14.0.7113.5005) is installed
2. Operating system SUCCESS Windows 7 Professional (build 6.1.7601.win7sp1_gdr.130828-1532) is installed. ( 64-bit OS )
3. RM client SUCCESS Microsoft Rights Management client (build 6.1.7601.18332)
is installed [ Production_Hierarchy ]
4. Kernel Debugger SUCCESS The kernel debugger is not present
5. Registry overrides SUCCESS No incorrect registry key overrides was detected
6. Service URLs SUCCESS The Enterprise RM service is in the Local Intranet or Trusted Sites zone
7. IRM manifests SUCCESS IRM application manifests are correct
8. Machine activation SUCCESS The machine is activated correctly: 6.1.7601.18332 (RMS Client v3.0 Desktop Security Processor), file:///rmactivate.exe, 2/17/2014
2:58:00 PM [UTC]
9. User certificates WARNING No user certificates found
10. System clock SUCCESS The system clock is correct
11. Pending Reboot WARNING Pending reboot detected
Action:Please reboot as soon as reasonably possible
12. Product SKU SUCCESS
13. Network Connectivity SUCCESS The computer is online
14. Domain Membership SUCCESS Member of Company domain
15. Temporary Directory SUCCESS Temporary directory set to C:\Users\ntrujil\AppData\Local\Temp\
16. Incompatible applications SUCCESS No known incompatible applications found.
17. User Email in AD SUCCESS The logged on user's email found in the AD: Useremail@Company.com
Certificates
Type Valid Account Account Type SID Issued On Duration Service URLs
Machine Y 2/17/2014 Always Issued By:file:///rmactivate.exe
Registry Information
Office Activation Service registry entry absent
Office Enterprise Certification Service registry entry absent
Office Enterprise Client Enrollment Service registry entry absent
Office Cloud Certification Service registry entry absent
Office Cloud Client Enrollment Service https://licensing.drm.microsoft.com/licensing
Office RM Client Setup URL registry entry absent
Office IRM Disable registry entry absent
Office IRM DisablePassportCertification registry entry absent
Office IRM DisableCertificateValidation registry entry absent
Office IRM Permission Policy Path registry entry absent
Office Cached Enterprise Client Enrollment Service https://<AD RMS URL>/_wmcs/licensing
RMA Activation Service registry entry absent
RMA Enterprise Certification Service registry entry absent
RMA Cloud Certification Service registry entry absent
RM Activation Service registry entry absent
RM Enterprise Client Enrollment Service registry entry absent
RM Cloud Client Enrollment Service registry entry absent
Use Proxy Server 0
Proxy Server registry entry absent
Don't use proxy server for *.l
Use proxy autoconfig script from registry entry absent
IE Enhanced Security registry entry absent
The Enterprise Service Discovery results:
RM Activation Service https://<AD RMS URL>/_wmcs/certification
RM Certification Service https://<AD RMS URL>/_wmcs/certification
RM Online Publishing Service https://<AD RMS URL>/_wmcs/licensing
RM Client Enrollment Service https://<AD RMS URL>/_wmcs/licensing
User Shell Folders registry entry present: Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Ripu Daman Mina | MCSE 2003 & MCSA Messaging | MCC
↧
AD FS 2.1 with AD RMS not able to open the Protected Documents
Hello,
i have problem with AD RMS with AD FS.
Domain 1
dc.domain1.com (Server 2012 R2 - DC/ADRMS/ADFS)
client.domain1.com (Windows 8.1 pro + Office 2013 Pro)
Domain 2
c.domain2.com (Server 2012 R2 - DC/ADRMS/ADFS)
client.domain2.com (Windows 8.1 pro + Office 2013 Pro)
Internally both domain Clients can protect and open the document. But between two domains, i am not able to open the protected documents.keeps password prompting.
I followed the below document and configured ADFS
http://technet.microsoft.com/en-us/library/adfs2-sharepoint-federated-collaboration-step-by-step-guide-11(WS.10).aspx
When i try to open https://adrms.domain1.com/_wmcs/licensingexternal from DC1.domain1.com it is redirecting to https://fs.domain1.com/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fadrms.domain1.com%2f_wmcs%2flicensingexternal%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f_wmcs%252flicensingexternal&wct=2014-02-18T14%3a34%3a10Z then i get the below error
An error occurred
An error occurred. Contact your administrator for more information.
Error
details- Activity ID: 00000000-0000-0000-0300-0080030000f3
- Error time: Tue, 18 Feb 2014 14:34:11 GMT
- Cookie: enabled
- User agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
In the event viewer, i get Event ID 364
Encountered error during federation passive request.Additional Data
Protocol Name:
wsfed
Relying Party:
https://adrms.domain1.com/_wmcs/certificationexternal/
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://adrms.domain1.com/_wmcs/certificationexternal/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
FYI: There is no certificate or DNS error.
Please help me to solve this ADRMS problem.
Regards
Ranjithbabhu R
↧
How AD RMS and MS Outlook/MS Exchange perform authentication
Hi Support,
I like to seek your advice on the authentication method between AD RMS and MS Outlook:
1. Will the changes of SMTP address or even renaming the logon name will affect RMS permissions assigned in MS Outlook context?
2. Is the permission tied to SID or SMTP address or both?
3. If a User A send an email to User B: SMTP address: UserB@abc.com with the RMS “Do-not-forward” permission on 1 January 2014, what will happen if UserB changed SMTP address to UserBNewAccount@abc.com on 14 Feb 2014?
What will be the impact to the UserB when access old emails with RMS “Do-not-forward” persmission? E.G> Can they still reply those emails?
For your advice please.
Regards, Jason Chan
↧
adRMS external client problem - License aquisition failed
Hi all,
I have a adRMS server with external address working with several external computer (non-domain joined but with AD accounts).
A new PC (Win7 x86) has gone wild and does not aquire licenses to open protected content.
I've double checked registry and all that (have deployed several pc's with same config) and nothing is wrong.
No error on server side and all other clients (with same config) working fine.
Using debugView on client side i get to this point and the weird is that the MSDRM does not attempt external link as in previous operations...
In the same log, on previous operations (checked also on working PC) the MSDRM tries internal and when it fails tries external link.
Any clues will be greatly appreciated ;)
00000219 410.47552490 [2728] [msdrm]:+AcquisitionProc00000220 410.47558594 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
00000221 410.47570801 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000222 410.47570801 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
00000223 410.47586060 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000224 410.47592163 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
00000225 410.47607422 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000226 410.47613525 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 0
00000227 410.47634888 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000228 410.47637939 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 1
00000229 410.47659302 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000230 410.47659302 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 1
00000231 410.47680664 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=0
00000232 410.47683716 [2728] [msdrm]:+DRMDeconstructCertificateChain iWhich = 2
00000233 410.47705078 [2728] [msdrm]:-DRMDeconstructCertificateChain HR=80070057
00000234 410.47714233 [2728] [msdrm]: PostServerRequest: Trying internal licensing server: http://rmssrv01.standexlib.local/_wmcs/licensing
00000235 410.63528442 [2728] [msdrm]:CHttpBase::DispatchRequest returned hr:8004cf43,ErrorCode=403 when hitting Url=http://localxxx.localdomainxxx.local/_wmcs/licensing/License.asmx with Post size=22955
00000236 410.63534546 [2728] [msdrm]: DispatchRequest to licensing server FAILED : 8004cf43
00000237 410.63537598 [2728] [msdrm]:-AcquisitionProc
00000238 410.64190674 [2728] [msdrm]:+DRMCloseSession
00000239 410.64190674 [2728] [msdrm]:+DRMAcquireLicense wszOptionalLAUrl=(null),uFlags=4 DRM_AL_CANCEL
00000240 410.64193726 [2728] [msdrm]:-DRMAcquireLicense HR=0
00000241 410.64199829 [2728] [msdrm]:-DRMCloseSession HR=0
00000242 410.66409302 [2728] [msdrm]:+DRMCloseHandle
00000243 410.66409302 [2728] [msdrm]:-DRMCloseHandle HR=0x0
00000244 410.66415405 [2728] [msdrm]:+DRMCloseEnvironmentHandle
00000245 410.66461182 [2728] [msdrm]:-DRMCloseEnvironmentHandle HR=0x0
00000246 410.66467285 [2728] [msdrm]:+DRMCloseSession
00000247 410.66470337 [2728] [msdrm]:-DRMCloseSession HR=0
Regards,
Joao
↧
↧
AD RMS - trusted publishing domain
Hello,
i am working on integration of two AD RMS servers between two forests. I have to use trusted publishing domain because client from Domain_A cannot communicate directly with AD RMS server in Domain_B and vice versa.
I have exported TDP from Domain_B and added it to AD RMS server in Domain_A. Also, i have added to test client a registry file to redirect it to his domain AD RMS server. Registry file contain this settings:
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM\LicenseServerRedirection]
"https://domainB.ad.rms.server.url/_wmcs/licensing"="https://domainA.ad.rms.server.url/_wmcs/licensing"
I am able to open documents that are protected on remote AD RMS server, but have this thing that I need to choose change user, that choose my own user, and then it open documents. See images bellow:
Does anyone know, do I need to add any other registry settings, or something else?
Thanks!
BR,
↧
CAL requirement for AD RMS Windows 2012 R2
Do we need to install RMS CALs on RMS server or they are just required for compliance ?
↧
Office Prof Plus 2013 connectivity to on-prem ADRMS
Hello,
I have an ADRMs server running on Windows Server 2012 R2 x64. I have Office Prof Plus 2013 (vol lic) installed on Windows 8, x64. I have set both the server and client on pre-production mode as we are using this just to evaluate. We have ADRMS client& SDK 2.1 installed and the appropriate registry settings done.
On trying to Protect Document->Restrict Access it shows a menu item "Connect to DRM servers to get templates". But on clicking that it just shows an error "Sorry something went wrong opening IRM protected content. The system cannot find the file specified"
Any idea what may be causing this?
Thanks
SN
↧
AD RMS setup failed because of invalid configuraion setting
HI,
when I configure AD RMS configuration it gives me error that "one or more ADRMS role services could not be configured: AD RMS setup failed because of invalid configuraion setting". The user which I try to install is an administrator of DC and also the service account is a member of enterprise domain group. When I tried this on test environment it works perfectly but on production environment it didn't. pls help me with this....
I am using windows 2012 standard Server..
Thanks......
↧
↧
AD RMS Ad-hoc policy
In ad-hoc policy creation, how may(maximum) users allowed for single policy.
↧
AD RMS Issue on MS Office 2013 & Workgroup workstations
Dear All,
I've been trying to test DRM server with an internal database by distributing templates manually while triggering task scheduler on each clients PC's. Below are some of the issue which I'm facing;
- I'm planning to expand this externally so that users can connect to the DRM from outside. Will this work by using an internal database & how am I suppose to achieve this
- One user who has signed into his surface using a gmail account though the PC is connected to the domain. User cannot open a protected IRM document as the error says to open one.
- I'm currently adding an expanded registry value pointing the DRM templates location for MS office 2010 users who're on windows 7. I do not know how to apply these to work with the automated task scheduler using a group policy where the available steps on microsoft site is pretty confusing.
- For office 2013 users, at initial step it gets the templates from the DRM server while trying to open a IRM protected document. But the problem is that still I'm pushing templates through task scheduler manually.
How am I suppose to over come this as this has been a big hassle for me to fix such issues. Also, which URL should I add to the template for a user to request permission when he/she doesn't have the privileged to open a document. Also, I cannot access IIS server to request/view license as I'm receiving below error.
↧
AD RMS policy templates recieve a "no longer exists error" when they are there
Recently we added in a few new policy templates to AD RMS but when we try to apply them in FSRM they receive a no longer available error. When I try to apply the template to a folder structure I can see the newly create template on the other server but when I run the management task it fails and says that it no longer exists and to use another template. Now I can apply a template that has already be in place and it will work just fine but anything newly create will fail.
ERROR: 0x80045380 <-- Means RMS template dosn't exist anymore.
Any help would be greatly appreciated.
↧
"one or more ADRMS role services could not be configured: AD RMS setup failed because of invalid configuraion setting"
HI,
when I configure AD RMS configuration it gives me error that "one or more ADRMS role services could not be configured: AD RMS setup failed because of invalid configuraion setting". The user which I try to install is an administrator of DC and also the service account is a member of enterprise domain group. When I tried this on test environment it works perfectly but on production environment it didn't. pls help me with this....
Thanks......
I am using windows 2012 standard Server..↧
↧
AD RMS Role Service configuration failure with 'Some or all identity references could not be translated.'
I see there are several threads concerning the error message 'Some or all identity references could not be translated' but all are related to SharePoint. This is NOT related to SharePoint.
I am merely trying to configure the Active Directory Rights Management Service immediately after adding the role to my Windows 2012 Server.
My install account is a Domain Administrator. The SQL Server I am pointing to is on the local box. I can connect to the local SQL server and make a new database manually (just to prove my account has the permission). I have a new domain account (svcADRM) that I am specifying for the RM service account. IIS is running on the local box. There are 3 websites defined on the local box (HTTP80, HTTP809, and MyWebsite). This server is running the Office Web Documents service and provides the web translation services for SharePoint 2013 farm.
I am choosing to use Crypto Level 1, to use AD RMS Centrally Managed Key Storage, to use SSL with a self-signed certificate, to use the local machine FQDN as the endpoint (https : win-12srv-sp13d.acme.com), and to register the SCP now.
The installation of the role itself completes with a "success" message. It's the configuration that fails with the above message. How do I troubleshoot this? One would think it is a common error yet there is very little information about it online. So, either a) not many people are trying to use this or, b) there is something very unique about my situation.
I appreciate any help someone might provide. Hopefully, I can get this going as the technology looks very interesting and useful to us.
↧
unable to run AD RMS Console because of the error
hi friends
i am new to AD RMS and i have faced a problem at the start :-)
i followed the steps which exist in ADRMS step-by-step guide.. after installation it gives msg as installation completed with warning. event id is 190.
and when i add cluster to adrms it gives error :
A connection with the specified AD RMS cluster could not be established for the following reason:
The request Failed with http status 404 : not found
ensure that your conection is correct prtocol,such as HTTP or HTTPS , and the port number is correct.
↧
Prevent Document Preview Outlook AD RMS 2012
Hi
I am trying to prevent document preview in AD RMS 2012 , we have found that users can still do a print screen of the documents if they preview it in outlook .
also we have found that a 3rd party tool Snagit can still do screenshots even thou it has been set to prevent screenshot and printing
↧