Hi,
I am implementing AD RMS and the company has computers with Office 2010 and some computers with Office 2013. I know that Office 2013 works witch AD RMS Client 2.x. My question is If Office 2010 can works with AD RMS Client 2.x or only it works with AD RMS Client 1.0?
Thanks,
Hi,
I am implementing AD RMS on Windows Server 2012 with SQL Server 2012 and I want to estimate the size of database for approximately 3000 users.
All users have e-mail.
Can you help me toestimate the size ofdatabaseaccording totheir experiences? Is there some method for this?
Thanks,
We have a new AD RMS 2012 member server in a Win08R2SP1 Native domain.
We have Exchange 2010 SP2 Rollup 4v2.
I put exchange fed mailbox in a rmssuper group and enabled this group in ad rms.
I gave Exchanger Servers group acl access to servicelocater.asmx, server.asmx, and servercertification.asmx.
Office 2013 clients can access and use policy templates from this AD RMS server.
Trying to enable irm on the Exchange server and I am getting
[PS] C:\Windows\system32>Set-IRMConfiguration -InternalLicensingEnabled $true
The request failed with HTTP status 401: Unauthorized. ---> Failed to get Server Info from https://rms.juf.org/_wmcs/ce
rtification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : FECD1A6C,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Running the test-irm, I get this:
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://rms.juf.org/_wmcs/certification.
Verifying RMS version for https://rms.juf.org/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
----------------------------------------
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//rms.juf.org/_wmcs/certification/server.asmx. ---> System.Net.WebException: The request failed with HTTP sta
tus 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebRespons
e response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
----------------------------------------
OVERALL RESULT: PASS with warnings on disabled features
IIS Log on RMS shows:
2013-08-01 20:38:46 ADrmsIP# POST /_wmcs/certification/server.asmx - 443 - cashubIP# Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5466) - 401 2 5 0
I have setup AD RMS in a test environment. The RMS server is running Windows 2012 and the domain is a 2008. My client PC is a Windows 7 machine with Office 2007 Pro Plus.
When attempting to protect a document (Word or Excel, same issue), I get prompted for credentials. I enter in my user name (which also has an email address tied to the account in AD). It then asks me to use a Windows Live ID or use a Windows account. I chose 'Windows account'. I then get an error message 'A problem occurred while contacting the restricted permission service. Please try again or contact your administrator for more details.' I've attempted this with another test user account and get the same issues. I've also noticed that the one test policy I've created doesn't appear in the list either, and I have gone through the steps to publish it via a GPO.
I can access the Licensing and Certification URLs from the client machine. However, on the licensing page I get a 'HTTP Error 403.14 - Forbidden' error. Could this be part of the issue? The Certification page comes up just fine after I enter in my test user credentials.
Any help would be appreciated!
HELP!!!!
I recently Deployed AD RMS to my Network and all configurations completed.
When I try to protect a document, I select Manage credentials and select the option to Use a Microsoft Windows Account as shown below
.
It prompts for my credentials and the dialog box shows that it is pointing to the deployed server.
upon entering my credentials it displays accessing Rights Management Server for a couple of seconds and then returns
"A problem occurred while contacting the restricted permission service. please try again later or contyact your administrator for more details...
Please Helps as this is delaying the completion of this project. Below are my Servers Info:
I have 2 mail servers hosted On-Premise running Exchange 2010 and Exchange 2013
AD RMS SERVER
Windows Server 2012
SQL 2012
EXCHANGE SERVERS
1.Windows Server 2012/ Exchange 2013
2.Windows Server 2008R2 SP1/Exchange 2010 SP3.
Hi,
In the previous version RMS 1.0, there was a requirement to renew the RMS DRM certificate once a year by going into RMS Global Administration page, then drill down to the cluster resources and hit the renew button. I haven't been able to find the same thing in AD RMS, I did find the WMSvc-Server certificate and that appears to expire every 10 years. Is the DRM certificate renewal still a requirement and where do I find this?
Thanks
I created an OU in AD 2008 r2 named CC-Computers in order to test GPO.
I completed the test and went to delete the OU from GP management I received the message "The server is unwilling to delete"
The OU is NOT protected from deletion.
There's no delete option in ADUC
ADSIEdit error
Powershell
Is there any way to delete this OU?
Hi everyone,
I'm looking for AD RMS Client (MSIPC.DLL) which can be applied to Windows Server 2012. I have tried to install Windows RMS Client Service Pack 2 but it doesn't support. I'm having an error that says "The required Active Directory Rights Management Service Client MSIPC.DLL is present but could not be configured properly. IRM will not work until the client is configured properly". So I think something needs to be installed in my client before connecting and using IRM protector.
Update: I have completely installed AD RMS Client 2.0 but still get the error above.
---------------------------------------------
Information Rights Management (IRM): There was a problem while creating the generic issuance license template.
All issuance licenses for protected documents are constructed from a generic, base issuance license template.
Additional Data
Error value: 0x8004020A
---------------------------------------------
Has anyone encountered the same error? I really appreciate you helps.
Regards,
-T.s
Thuan Soldier
SharePoint Vietnam |
Blog | Twitter
Hey everyone; I am hoping someone might be able to help out. We are currently working on upgrading our domain controllers as well as creating a new domain. Our old domain is "example.com" and the new domain is "ad.example.com." I have also created a parallel environment in AD so the user objects, groups and OUs are identical in new and old as far as names (I did not migrate SID-history).
So now, I want to unjoin a server in our development-environment and re-join to the new domain. I am able to successfully join 'ad.example.com' (new domain) and log in using the local admin account. General functionality seems fine with local accounts. However if I try to log in with my domain account, my domain-admin account, or any test accounts on the domain "ad.example.com" it is hanging on: "Please wait for User Profile Service" - after a minute of spinning, it times out and boots me from my attempted RDP session with the error: "The User Profile Service failed the sign-in. User profile cannot be loaded" . Meaning there doesn't seem to be network issues, the server is acknowledging my request but it does not log me in.
Here is the snippet from Event Viewer regarding the error:
Product Name: Microsoft Windows Operating System
Product Vers: 6.2.9200.16384
Event ID: 1500
Event Source: Microsoft-Windows-User Profiles Service
Locale ID: 1033
General: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
I have attempted multiple restarts of the machine, joined and unjoined to the domain, explicity added user accounts to the remote access security group. In all, I am not exactly sure where to go from here, so if anyone had any advice it would be very much appreciated.
-Ryan S
Hello Experts,
Our one of the customer has requirement for AD RMS 2012 R2 for sharing protected documents and email when partners do not have an AD RMS Installation in their environment. They want to deploy second AD forest and AD RMS infra for external users. They don’t want to use WLID
In the above scenario the main drawback to an organization hosting external users is the operational cost, as account provisioning, account de-provisioning, password management and help desk services can demand significant resources.
Please help us to understand can we automate the user provision and de-provisioning with self-service portal. E.g. when external user will try to open AD RMS protected document it will open self-services portal to create account with password for access protected document or email and once ID created it will open AD RMS protected document or email.
Regards,
Nitin Dongre
Regards, Nitin Dongre
Hi Everyone,
In the process of migrating our SQL DB from 2005 to 2012. What permissions will the AD RMS service account need on each of the three databases (Config, Logging, Directory Services)? I was also looking over a technet article Migrating the RMS Database (http://technet.microsoft.com/en-us/library/cc747607(v=ws.10).aspx) and when looking at the tables within my Databases i do not see an entry for DRMS_ClusterPolicies.
Thank you,
Hi;
For test purposes i was installed and successfully deployed RMS server few mounts before. (2008 R2) (windows7 office 2010)
But cuz of it doesnt work on portable devices we decide to cancel that project.
But now problem is my clients office programs still tries to connect my old server.
i was tried that http://social.technet.microsoft.com/wiki/contents/articles/7697.ad-rms-troubleshooting-reset-the-client.aspx
article but every time i delete DRM folder contents and other registry keys, every time when any office program opens recreates that old server parameters. and office not able to use restrict permissions. I was checked 3 times already all my gpo s (maybe it took it from gpo ) but not there too
If any one has any idea could be perfect.
Thanks in advance.
Hi,
I have successfully configure the AD RMS with lots of work around. now i want to use multi tenant domain environment. i have multiple domains running on my production env. Now can anyone help me out to configure the RMS Server to add multiple URLs for licensing and certifications in AD RMS Server on windows Server 2012. i need a proper step by step configuration roles to activate on immediate basis.
Any help in this regards will be highly appreciated,
Attahcments screent shots might help you what i want ;)
Regards,
Imran Bashir
MCSA 2008, MCITP, MCTS, MCP
JNCIA ER,EX
Brocade Certified
Imran Bashir Network Administrator MCP, JNCIA-EX,ER,JNIOUS +92-333-4330176
I have AD RMS 2012 R2 deployed
On client computers I have deployed RMS Sharing App
Sharing App let allow me to add my company email address, however it refuse to add external email address
How can I resolve this issue
I have already enabled Federated trust with partner organization with ADFS and I am able to send him protected document and messages with native RMS client, its not working with RMS Sharing App
Please find below screen shot
Any Help would be highly appreciated
Thanks
Thanks Best Regards Mahesh
Hi, I've a problem with an AD RMS installation.
1. The digital certificate (ssl) is wrong, missed its private key
2. I replaced by a new certificate (ssl) and the Verification URL its Ok (certification and licencing).
3. I can't change the Cluster Key Password and the Password Service Account from AD RMS console and I cannot export the Trusted Publishing Domain to install a New AD RMS and import the "old" Trusted Publishing Domain:
I need to know which option I have to get my AD RMS and continue to open my documents and email(outlook) protected.
Camilo L
Hello, I couldn't find any information on this before, apologies if this is a duplicate response.
We have a server running AD RMS 2.1, it's currently set up in production mode. We have an API that runs on IIS in that box which protects documents, among other things. IIS is running using the ADRMSSVC user, our AD RMS install is running with the ADRMSAdmin user.
We have created 4 templates that we wish for the API to make use of when protecting documents, however those templates do not appear to be available to the application. In doing a SafeNativeMethods.IpcGetTemplateList call, we're only actually seeing one of them. The ADRMSAdmin user, while running powershell Get-RMSTemplates only sees the same template.
I have turned off every caching option I can find, but it appears that neither of these users "knows" about the templates that we have created through the server. I have even renamed the template which is showing up, and that name change is not being reflected through the API or powershell. If I displace the %allusersprofile%/Microsoft/MSIPC/Server/Templates directory, I get an error through both those means that "The operation being requested was not performed because the user has not been authenticated."
The machine is running in AWS - is it possible that resizing the machine has somehow voided the Machine Certificate, and therefore the machine cannot connect to ADRMS to get the new templates?
If it helps at all, I have exported the templates to a shared directory, and all 4 XML files that we have created show up there just fine.
Any help would be much appreciated.
Hi Experts
I am trying to integrate ADFS 2012 R2 with AD RMS 2012 R2
I am unable to install ADFS Web Agent on AD RMS 2012 R2 server because I don't find it any where
I need to install Claims aware agent on 2012 R2 RMS server to support ADFS-ADRMS integration just like previous OS version (i.e. 2008 R2)
Am i missing something ?
OR
It seems that web agents have been removed from ADFS ?
Can anybody please guide how to install claims aware agent on 2012 R2 AD RMS server
I am stuck here
Thanks in advance
Thanks Best Regards Mahesh
I keep getting this error when trying to connect my ADRMS server to SQL (for initial configuration). I just connected sharepoint pretty recently and it is functioning (the SQL server seems to be working fine with sharepoint). Any clue where to go from here (I have tried removing ADRMSADMIN and then recreating the user). The user is a local admin on SQL server and has dbcreator, securityadmin checked in SQL manager. What am I missing? Why wouldn't AD be able to verify? Error is as follows:
AD RMS setup could not validate the SQL server specified. Verify permissions and connectivity to SQL Server. Setup cannot connect to the specified database server because the server or instance name specified is invalid.Hi,
I am implementing AD RMS and the company has computers with Office 2010 and some computers with Office 2013. I know that Office 2013 works witch AD RMS Client 2.x. My question is If Office 2010 can works with AD RMS Client 2.x or only it works with AD RMS Client 1.0?
Thanks,