ADRMS & Office365 Hybrid Setup

November 6, 2013, 6:01 am

≪ Previous: Prevent Document Preview Outlook AD RMS 2012

Hello,

We have Windows 2008 R2 ADRMS server.

Lately we have experiencing a very strange behaviour. We can protect the documents with RMS. But if we want to reopen the file to modify the list of people there, after adding people and saving the rights some of the people are disappearing from the list.

After some investigation we found that their email address somehow is being changed to X500 address rather then classic SMTP format.

So from the list of 40 users half of them still have their "user@domain.com" and others have "/O=Organization...."

Any idea ?

↧

ADRMS and Distribution Groups

March 4, 2014, 8:08 am

≫ Next: Right protected Microsoft Office 2013 office documents can not open

≪ Previous: ADRMS & Office365 Hybrid Setup

Hello,

I have a strange behaviour with my AD RMS server.

When a person to restriction it works perfectly.

When adding a group, the members of this group cannot open the document.

If i add them individually, all works fine.

Any idea ?

↧

Right protected Microsoft Office 2013 office documents can not open

March 5, 2014, 5:40 am

≫ Next: Unable to save Excel file with RMS feature enabled.

≪ Previous: ADRMS and Distribution Groups

Hello,

I am facing a problem with opening right protected Office 2013 documents. I can right protect Office 2013 documents with Windows 2008R2 ADRMS servers but when i email it to another user who is having Office 2013, document will not open and "configuring your computer for information rights management" dialog box appear for long time without any change. I have attached the screen shot aswell.

Kindly help me to rectify this issue ASAP

Dilshan

↧

Unable to save Excel file with RMS feature enabled.

December 10, 2013, 11:43 am

≫ Next: (2008 R2) AD RMS Installation Failure: ALTER DATABASE failed because a lock could not be placed on database

≪ Previous: Right protected Microsoft Office 2013 office documents can not open

We have a client who is unable to save a protected workbook. If he disables RMS he is able to save. I have tested this and it is not system wide. I have included a few errors he was getting. This user has Office 2010 running on Windows 7. He has verified he is connected to the Domain.<v:shapetype coordsize="21600,21600" filled="f" id="_x0000_t75" o:preferrelative="t" o:spt="75" path="m@4@5l@4@11@9@11@9@5xe" stroked="f"><v:stroke joinstyle="miter"><v:formulas>h

<v:f eqn="if lineDrawn pixelLineWidth 0">
  <v:f eqn="sum @0 1 0">
  <v:f eqn="sum 0 0 @1">
  <v:f eqn="prod @2 1 2">
  <v:f eqn="prod @3 21600 pixelWidth">
  <v:f eqn="prod @3 21600 pixelHeight">
  <v:f eqn="sum @0 0 1">
  <v:f eqn="prod @6 1 2">
  <v:f eqn="prod @7 21600 pixelWidth">
  <v:f eqn="sum @8 21600 0">
  <v:f eqn="prod @7 21600 pixelHeight">
  <v:f eqn="sum @10 21600 0">
</v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:f></v:formulas>
<v:path gradientshapeok="t" o:connecttype="rect" o:extrusionok="f">
<o:lock aspectratio="t" v:ext="edit">
</o:lock></v:path></v:stroke></v:shapetype><v:shape alt="" id="Picture_x0020_1" o:spid="_x0000_i1025" style="width:881.25pt;height:135.75pt;" type="#_x0000_t75">
<v:imagedata o:href="cid:image001.png@01CEF0D7.A4356280" src="file:///C:\Users\btate\AppData\Local\Temp\msohtmlclip1\01\clip_image001.png">
</v:imagedata></v:shape>

↧

(2008 R2) AD RMS Installation Failure: ALTER DATABASE failed because a lock could not be placed on database

March 5, 2014, 6:44 pm

≫ Next: AD RMS 2012 R2. Workgroup users not working.

≪ Previous: Unable to save Excel file with RMS feature enabled.

First-time install on a SBS 2011 server, name replaced as <SERVER> for this post. I had created a separate IIS site rather than using the Default Web Site and I am guessing this might be a permission issue on the folder...

Installation failed with Event ID 110 and a repeating error that states, "<Error>: Attempt to configure Active Directory Rights Management Server failed. The provisioning process failed to create the Configuration database due to the following error from Sql Server: System.Data.SqlClient.SqlException: ALTER DATABASE failed because a lock could not be placed on database 'DRMS_Config_adrms_<SERVER>_local_443'. Try again later. ALTER DATABASE statement failed. ALTER DATABASE failed because a lock could not be placed on database ." Configuration as follows:

<Informational>: This server might need to be restarted after the installation completes.

Active Directory Rights Management Services

Cluster Type

Root cluster

Trust Hierarchy

Production

Configuration Database Server

Windows Internal Database

Service Account

<SERVER>\adrms

Cluster Key Storage

AD RMS centrally managed key storage

Cluster Web Site

Active Directory RMS

Cluster Internal Address

https://adrms.<SERVER>.local:443/

SSL Certificate

Create a self-signed certificate

Licensor Certificate Name

↧

AD RMS 2012 R2. Workgroup users not working.

March 6, 2014, 9:09 am

≫ Next: Windows 2012 R2 ADRMS domain controller version and Non-domain-joined Mac Client with outlook 2011

≪ Previous: (2008 R2) AD RMS Installation Failure: ALTER DATABASE failed because a lock could not be placed on database

Hi everyone, I've looked at several threads about this topic and haven't been able to make this work so far.

My infrastructure is:

One AD RMS installed on Windows 2012 R2. Internal URL's and external URL's are the same. They are configured with SSL.

A domain computer works fine.

My first test is using a computer connected to my network but no joined to the domain. This would be a Windows 7 SP1 64bits with Office 2010 64Bits.

On this Windows 7 computer I log on with a local account (same username and password as an existing domain account) and I do three things:

Copy from a pendrive a Word 2013 document protected with RMS.
Configure the https://rms.company.com as local intranet inside IE
Configure the registry keys HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation and HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing with my infrastructure values.
Install CA of my domain in the computer repository.
Check that I can connect to https://rms.company.com/_wmcs/certification/certification.asmx. Which I can if I provide the domain credentials when the webpage prompts me.
Check that I can connect to https://rms.company.com/_wmcs/licensing/license.asmx. Which I can. Doesn't ask for domain credentials because anonymous authentication is enabled on https://rms.company.com/_wmcs/licensing.

When I try to open the Word document I get the next message. "Cannot verify user information at this time. Do you want to open this document using a different set of credentials?

Shouldn't it be asking for my domain credentials at some point?

In my local profile under Microsoft/drm it creates cert-machine.drm and cert-machine-2048.drm.

I've also tried with a Windows 208 R2 in workgroup with office 2013 and get the same result.

I have the next debug in case some guru can help.

Thanks to everyone,

Ivan Mckenzie

↧

Windows 2012 R2 ADRMS domain controller version and Non-domain-joined Mac Client with outlook 2011

March 7, 2014, 7:24 am

≫ Next: Old AD RMS template still displayed in OWA which were already deleted

≪ Previous: AD RMS 2012 R2. Workgroup users not working.

Hi,

What is the AD version for Windows 2012R2 ADRMS? Is it possible to have Windows 2003 R2 DC with Windows 2012R2 ADRMS?

Any installation guide Non-domain-joined Mac Client with outlook 2011?

What is the SQL version for Windows 2012R2 ADRMS?

Please advise. Thanks.

Kelvin Teang

↧

Old AD RMS template still displayed in OWA which were already deleted

April 3, 2012, 2:52 am

≫ Next: minimum domain name length required for AD RMS installation

≪ Previous: Windows 2012 R2 ADRMS domain controller version and Non-domain-joined Mac Client with outlook 2011

Hi,

Currently, I'm having a problem where a deleted template still can be view & select when trying to apply RMS protection. I have checked the template distribution folder & run the Get-RMSTemplate to see whether the template is presented or not (which is not)

As you can see from the picture above. I have already disabled the rms, still we can see the template. Some of the template listed above have been already deleted & some just come pop in out of no where. Please, i really need some help here. Thanks in advance

↧

minimum domain name length required for AD RMS installation

March 9, 2014, 11:56 pm

≫ Next: AD related problem

≪ Previous: Old AD RMS template still displayed in OWA which were already deleted

Hi,

I am trying to configure AD RMS on windows 2012 server. On a post deployment task it fails saying "one or more AD RMS role services could not be configured: AD RMS setup failed because of invalid configuration setting". So when I ran setup with some debugging option then I come to know the exact error which says "Message: The 'http://tempuri.org/RMProvisionSettingsSchema.xsd:Domain' element is invalid - The value 'D' is invalid according to its datatype 'http://tempuri.org/RMProvisionSettingsSchema.xsd:WindowsDomainName' - The actual length is less than the MinLength value."

My domain name is d.local..

Can someone has the solution for this, because nowhere is documented about the domain name length.

Thanks

Mukul

↧

AD related problem

March 10, 2014, 9:57 pm

≫ Next: AD RMS Philosophy.

≪ Previous: minimum domain name length required for AD RMS installation

i installed active directory on server 2012 standard edition build 9200 on hyper-v and on another hyperv i installed another server 2012 standard edition and made that as a secondary dns server.but after creating that,the reverse look up zone took records from master but the forward look up zone could not get records from master or primary server.i have enabled zone transfer option on both zones on the dnses of both the servers.but the problem can not be solved.please help

↧

AD RMS Philosophy.

March 13, 2014, 9:19 am

≫ Next: Is that possible to do the cross domain migration for AD RMS Services?

≪ Previous: AD related problem

Hi everyone, how do people work with RMS in the real world?

I’m going to make the presumption that in a company you can’t guarantee people not to steal documents. You can only make it more difficult for people to steal documents. When I say steal I mean that a person that has permission to a document, simply copies-mails, drop box, etc, this documents to someone outside the company without authorization to read this document. Assuming this let’s get to the point.

I have a client who has thousands of documents that are stored of lots of files shares. Inside these file shares there are many folders and subfolders and many of these subfolders have inheritance disabled.

The client wants to protect every existing document and new documents, so that if the documents leave the company, these will be RMS protected.

One simple way to do this is with File Server Resource Manager and File Management Tasks. With these tools you could apply a RMS policy template to the existing files and new files under a certain folder. Not sure of the performance impact on the file servers for thousands of files. The policy template would have the read, edit,save permisions plus the NTFS permissions (the combination of most restrictive would win). Inside the company the users would work as usual. If someone manages to bypass company’s protection and steal a document, it would be useless because it has RMS and the RMS server is not published to the internet.

Would this be a correct approach?

Any suggestions greatly appreciated.

Regards,

Ivan Mckenzie

↧

Is that possible to do the cross domain migration for AD RMS Services?

March 14, 2014, 5:54 am

≫ Next: Implementing IRM with SharePoint

≪ Previous: AD RMS Philosophy.

Sorry Guys i have post this thread again

Hi guys, recently i am doing a cross domain migration, when i listing out the server, i found the server have AD RMS services which is still active.

but after my migration is complete, it is planned to do the decommission on all the old server

After my checking, i believe the AD RMS have trust establish with a cross site domain already. What i am planning to do is try to do a migration on it.

i have do some research on it an i found "Cross forest Migration of AD RMS document"

what i found in the document, it have mention about

In the event when one cluster running AD RMS is to be discontinued, users may still want to access previously protected content that was issued a publishing license by that computer. Servers in other clusters can then add the to-be-discontinued server as a trusted publishing domain.

So i was wondering if there is an option for Ad RMS services to select a server or host to discontinued?

The scenario in my head now,

1.Build trust between in my new domain AD RMS with the existing AD RMS. update the certificate between the trusted domain as i mention above with my new domain AD RMS.

but i was wondering if i power down or decommission the server what will happen?

2. the worst case scenario will be decommission the old AD RMS service, and publish the new AD RMS services in new domain, simply build trust with the cross site domain.

any suggestion on this? which case is more workable?

Thanks

Dave

Please also help to remove or move the thread

http://social.technet.microsoft.com/Forums/windowsserver/en-US/44e0e67a-bba6-4766-9fd5-89d7c2a02431/is-that-possible-to-do-the-cross-domain-migration-for-ad-rms-services?forum=winserverMigration#44e0e67a-bba6-4766-9fd5-89d7c2a02431

↧

Implementing IRM with SharePoint

March 14, 2014, 11:33 am

≫ Next: Remote Blob Storage for SharePoint 2013

≪ Previous: Is that possible to do the cross domain migration for AD RMS Services?

Hi,

We are trying to implement IRM or AD RMS with SharePoint. We already have have the SharePoint environment up and running. I read in few articles that we need to have dedicated AD RMS server in order to use this service since its a best practice.

My question here is do we need to have a dedicated SQL server or we can have SQL services installed with AD RMS server? If Yes what version of SQL do we need?

And also it looks like Windows 7 and windows vista operating systems comes with in built AD RMS client services. What if the users are on previous Operating Systems like Windows XP, etc?

Thanks in Advance
Ali

↧

Remote Blob Storage for SharePoint 2013

March 14, 2014, 12:17 pm

≫ Next: Windows2008 AD RMS support office Mac 2011

≪ Previous: Implementing IRM with SharePoint

Hi,

We have a Site Asset library in SharePoint 2013 for which we would like to connect it to the external storage or network shared drive. I read few articles related to RBS, most of them talks about using the same sql server hard drive as a external storage instead of Content Database. Here we would like to connect it to the shared drive which is completely on the different server. Is it possible?

My other question is what edition of SQL server do we need to have in order to enable the RBS?

Thanks in Advance

Ali

↧

Windows2008 AD RMS support office Mac 2011

August 25, 2011, 12:13 am

≫ Next: How to run GINA when windows log off ?

≪ Previous: Remote Blob Storage for SharePoint 2013

Dose Windows 2008 ADRMS will support office Mac 2011 clients? as i understand from this link for mac office 2011 required windwos 2008R2 AD RMS . please let me know if you have alternative solution or setting for existing windows 2008 AD RMS to support Mac office 2011 clients .

Thanks in Advance .

Thanks Vino ------------------------------------------------------------------------------------------------------------------------Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click“Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ------------------------------------------------------------------------------------------------------------------------

↧

How to run GINA when windows log off ?

March 19, 2014, 7:07 am

≫ Next: RMS Service Account ConnectionString

≪ Previous: Windows2008 AD RMS support office Mac 2011

I test pGina program which was create from GINA. I wonder when user log off windows why pGina can run application for login windows. I think application can run when start windows only . How pGina can run program when user click log off button ?

↧

RMS Service Account ConnectionString

December 6, 2013, 5:22 am

≫ Next: Licensing for RMS Client or IRM

≪ Previous: How to run GINA when windows log off ?

Hi All

Windows 2003 SP2, RMS 1.0 SP2, Microsoft SQL Server 2008

I am unable to change the RMS Service Account via the Admin page. Submitting the change fails with 'The ConnectionString property has not been initialized'. I'm logged on with a Domain Account and have SA on the DB.

Cheers

MSR

↧

Licensing for RMS Client or IRM

March 24, 2014, 10:55 am

≫ Next: Promptless authentication of rms client using X509 Credential

≪ Previous: RMS Service Account ConnectionString

Hi All,

We are trying to implement the IRM on top of the SharePoint environment which is up and running. My question here is do we need to buy the licensce for all the end users in order to use the AD RMS client services or else its a part of in built Operating which just required an update?

My other question is I read that AD RMS client is not supported for the Operating Systems before windows XP, Is it true? If yes what is the alternative way to use the IRM for the users who are on the previous Operating Systems before Windows XP.

Thanks in Advance

↧

Promptless authentication of rms client using X509 Credential

March 23, 2014, 10:36 am

≫ Next: Required settings in AD USER Client machine

≪ Previous: Licensing for RMS Client or IRM

Hello

I have a need to do prompt-less authentication of my rms client. We have an on-premise ADRMS server. I believe the only option for doing this is to use x509 credentials.

* Is there any other way?

* Has anyone used this? If so, can you show/point me to some sample implementation please.

Thanks

↧

Required settings in AD USER Client machine

March 26, 2014, 10:05 pm

≫ Next: DRM Folder not available in Windows Server 2008

≪ Previous: Promptless authentication of rms client using X509 Credential

After configuring AD RMS, what are required settings in Regedit, MSIPC to encrypt the data using Templates and AD hoc policies in newly created AD USER client machine.

↧