Hi,
I am implementing AD RMS on Windows Server 2012 with SQL Server 2012 and I want to estimate the size of database for approximately 3000 users.
All users have e-mail.
Can you help me toestimate the size ofdatabaseaccording totheir experiences? Is there some method for this?
Thanks,
We have a new AD RMS 2012 member server in a Win08R2SP1 Native domain.
We have Exchange 2010 SP2 Rollup 4v2.
I put exchange fed mailbox in a rmssuper group and enabled this group in ad rms.
I gave Exchanger Servers group acl access to servicelocater.asmx, server.asmx, and servercertification.asmx.
Office 2013 clients can access and use policy templates from this AD RMS server.
Trying to enable irm on the Exchange server and I am getting
[PS] C:\Windows\system32>Set-IRMConfiguration -InternalLicensingEnabled $true
The request failed with HTTP status 401: Unauthorized. ---> Failed to get Server Info from https://rms.juf.org/_wmcs/ce
rtification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : FECD1A6C,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Running the test-irm, I get this:
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://rms.juf.org/_wmcs/certification.
Verifying RMS version for https://rms.juf.org/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
----------------------------------------
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//rms.juf.org/_wmcs/certification/server.asmx. ---> System.Net.WebException: The request failed with HTTP sta
tus 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebRespons
e response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
----------------------------------------
OVERALL RESULT: PASS with warnings on disabled features
IIS Log on RMS shows:
2013-08-01 20:38:46 ADrmsIP# POST /_wmcs/certification/server.asmx - 443 - cashubIP# Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5466) - 401 2 5 0
Setup:
AD RMS on 2012 configured with https Crypto 1
Exchange 2010 SP3 RU6
Office 2013
I can open OWA and use IRM to protect a document but any Office application I open and try to protect gives me an error like this:No Logged on Office Users are configured for Information Rights Management (IRM).
I have googled and taken a look at all of the options out there and everything seems to be configured correctly.
Any ideas or other troubleshooting tips I can do???
Hi,
I would like to restrict access to AD RMS service to some specific user group. I am using it to protect MS office documents. So I don't want other users who have MS office Pro installed to use the Restrict document option to encrypt the documents.I know they can atleast use the default option to restrict documents. What is the best way to achieve it? Should i only give access to authorised users on the server and restrict all other users?
Vivek
I installed AD RMS role (but did not configure it) on a 2012 Domain controller in my lab then decided to do it instead on a 2012 member server. I uninstalled AD RMS from the DC but when I tried to configure it on the server, the "create a new AD RMS licensing only cluster" is greyed out and the error "The SCP is registered but the root cluster cannot be contacted". I suspect something is left over from the old ad rms install - is there a way to clean this up?
Thanks
Gary Olsen
I installed AD RMS role. When i try to install additional configuration, i got the following error message. The OS i am using is windows server 2012 R2 evaluation. But the evaluation has expired and it is not activated.
One or more AD RMS role services could not be configured:
Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: Index
Dawit Tesfaye
HI ,
I install RMS on standalone server
in our file server just we go to file management task and go to action : i find ( cannot retrieve RMS templates )
need suggestions.
MCP MCSA MCSE MCT MCTS CCNA
Event implement IRM File sharing for client with RMS on Windows 2012. Big challenge of end user is "They cannot identify MS Office suite file had encrypted or which file had encrypted.
- Need solution to change file icon or support information to clarification.
WR.
Hi all,
Please need your help for a step by step in AD RMS to restrict some users (or all of them if needed) to edit a received email body when they forward or reply to it.
Regards,
Hi guys
I'm having some trouble turning off the windows firewall for all the users on the domain. I want to set up a GPO that will turn off any and all PC/Laptop firewall that gets connected to the domain. How can i go about doing this? i have tried several methods on the forum but did not work.
HI All
I'm trying to create new file management task , when trying to select templates at action tab give me error that not able to retrieve RMS templates
Hi Everybody, i have a strange problem with my AD RMS Environment. Here is my configuration:
Server1: Windows 2012R2 -> AD & DNS
Server2: Windows 2012R2 -> CA, RMS
Client: Win7 64Bit, Office 2013
The Website https://drm-server.drm.local/_wmcs/certification/certification.asmx is viewable from all clients, but when i try to connect in Office viaInfo->Protect Document->Restrictet Access i get the following error message:
Sorry, something went wrong opening Informations Rights Management protected content. The directory service is unavailable
I´m NOT allowed to set the SCP, so i created following Group Polices:
<Properties name="" value="https://drm-server.drm.local/_wmcs/certification/certification.asmx" type="REG_SZ" key="SOFTWARE\Microsoft\DRMS" hive="HKEY_LOCAL_MACHINE" default="1" displayDecimal="1" action="U"/><Properties name="" value="https://drm-server.drm.local/_wmcs/Certification" type="REG_SZ" key="SOFTWARE\Microsoft\MSDRM\ServiceLocation\Activation" hive="HKEY_LOCAL_MACHINE" default="1" displayDecimal="1" action="U"/><Properties name="" value="https://drm-server.drm.local/_wmcs/Licensing" type="REG_SZ" key="SOFTWARE\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing" hive="HKEY_LOCAL_MACHINE" default="1" displayDecimal="1" action="U"/><Properties name="CorpLicenseServer" value="https://drm-server.drm.local/_wmcs/Licensing" type="REG_SZ" key="SOFTWARE\Microsoft\Office\15.0\Common\DRM" hive="HKEY_LOCAL_MACHINE" default="0" displayDecimal="1" action="U"/><Properties name="CorpCertificationServer" value="https://drm-server.drm.local/_wmcs/Certification" type="REG_SZ" key="SOFTWARE\Microsoft\Office\15.0\Common\DRM" hive="HKEY_LOCAL_MACHINE" default="0" displayDecimal="1" action="U"/><Properties name="" value="https://drm-server.drm.local/_wmcs/certification/certification.asmx" type="REG_SZ" key="SOFTWARE\Microsoft\DRM" hive="HKEY_LOCAL_MACHINE" default="1" displayDecimal="1" action="U"/><Properties name="CloudLicenseServer" value="https://drm-server.drm.local/_wmcs/licensing" type="REG_SZ" key="SOFTWARE\Microsoft\Office\15.0\Common\DRM" hive="HKEY_LOCAL_MACHINE" default="0" displayDecimal="1" action="U"/I´ve got the informations about the reg entries from following sites:
http://blogs.technet.com/b/rmssupp/archive/2007/07/13/rms-testing-rms-without-modifying-the-ad.aspx
http://realercheng.wordpress.com/2013/01/09/ad-rms-server-with-no-scp/
http://technet.microsoft.com/en-us/library/cc755112.aspx
Summary: All registry entries are set, there is no problems with connection to the certification website, the template path is also accessable for everyone.
I don´t know what to do know :( I´m very happy about any help from your side guys!!!
The RMS servers is deployed in the resource AD forest abc.com . My client also wants to let the users in other AD forests to use the RMS services. However, they only have “external trust” type with the resource AD. I can find Microsoft document to support the “forest trust” scenario.
http://technet.microsoft.com/en-us/library/ee918789%28v=ws.10%29.aspx
But I cannot find any document that Microsoft will support the “external trust” scenario. Can anyone confirm whether this scenario work and any potential issue?
Do note that we already deployed FIM for directory synchronization. There are contact objects in the resource forest to present users/groups in the account forests.
William Yang
The set-up in which the error occurs has the following details,
Server name : hcdc1.ad.com
RMS SCP : adrms.ad.com
http:// adrms.ad.com /_wmcs/licensing/license.asmx
http:// adrms.ad.com /_wmcs/certification/certification.asmx
Unable to protect the document and error as "An internall error occured error code 0X8007054F"
Hello everybody!
My SCOM server reports about prelicensing issue, and it's time for me to understand what is this actually. Now it is clear that Exchange server acquire Use License on behalf of end-user at the middle of delivering way. So, end-user don't really need anymore to contact RMS server to acquire Use Licence, it was ebeded to email. Also clear that this feature is active as soon as I activated InternalLicensing.
I did Test-IRMConfiguration -Sender xxxx -Recipient xxxx and commandlet said that prelicense succesfully was acquired from licensing servers for Recipient. So, from servers point of view everything works perfect.
Correct me if I wrong, but as I understood, prelicensing feature allows repicient to open IRM protected content (email and attachment) even being offline.Non-autoritative Prove . For my understanding "offline" means that end-user (recipient) has no access to URLs of RMS servers. It is actually easily done in test environment by modifying hosts file and loop RMS URLs to 127.0.0.1.
So, I sent from User1 to User2 email with attachment and protected it with custom RMS template.
User2 has no access to RMS server (RMS activation was done before, CLC, RAC - everything in a folder). User2 opens Outlook, and when it tries to open protected email, system says that it require to reach RMS server to acquire Use License to open protected content. Hey, but what about prelicensing?
User1 sends to User2 email with attachment and ptorects them with "Do not forward" template. User2 can open content even being offline. To tell the truth this mystery case with "Do not forward" template is out of scope of my interest, since this template is not going to be a part of production deployment.
What do I do wrong? Does anybody test RMS pure prelicensing feature?
Thanks.
Hi there,
I wanted to upgrade (migrate) our old 2003 RMS system to AD RMS by installing a new Server 2008 R2 and add it to the old cluster (consisting of only one 2003 server). I tried the whole procedure in our test environment (which is a copy of our domain incl. RMS server!) and there it worked fine. Now in our live environment I always get the following error after installing the new server and adding the role (connect the AD RMS to the old databases):
Active Directory Rights Management Services: Installation succeeded with errors
<Error>: Attempt to configure Active Directory Rights Management Server failed. Invalid URI: The hostname could not be parsed. at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) at Microsoft.DigitalRightsManagement.Utilities.NetworkUtilities.GetWebProxy(Boolean
required, String proxyAddress, Boolean byPassOnLocal, String byPassFilter, ProxyScheme authenticationScheme, String userId, String password, String domain) at Microsoft.DigitalRightsManagement.Configuration.ProxySettings.get_WebProxy() at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.SetInternetProxy()
at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run() at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision() at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType,
Object data) at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run() Remove and re-install AD RMS to attempt provisioning again.
<Warning>: Before you can administer AD RMS on this server, you must log off and log on again.
<Informational>: If the AD RMS cluster has been configured for SSL, you must import and configure the cluster's SSL certificate on this server.
Our RMS cluster is not configured to use SSL. I moved the databases to a new SQL 2005 SP4 instance and added the hostname to the HOSTS file on the old RMS, which seems to work fine. For the new instance I created a CNAME entry to point to the new server. The AD RMS server role accepts the CNAME and presents the databases as desired. Only at the end of the provisioning the above error occurs...
Hope that are enough information and somebody can help me with that :)
Best regards
Jens
Hi all,
I have a question when i try create a document using restricted access,
when i check name of user, the display is like picture below.
And when i'm Ok, there error like picture below.
Why this happened?
Some of my friend try same thing and they can protected their file with restricted access with no error.
May you help me resolve this?
Thanks,
Best Regards,
Henry Stefanus
Hi foks,
I hava a problem with AD RMS enable on sharepoint 2013. In Windows Logs I have an event 5823 error and 5144 error.
Enviroment description:
- Domain name: ad.medcore.pl
- dca.ad.medcore.pl - DC
- w12s2.ad.medcore.pl - SQL Server
- w12s3.ad.medcore.pl - Office Web Apps
- w12s9.ad.medcore.pl - SharePoint Server
- w12s10.ad.medcore.pl - AD RMS
I follow this steps: http://technet.microsoft.com/en-us/library/cc561052(v=office.12).aspx but it doesnt work.
- ServerCertification.asmx is configured (added w12s9 read&execute)
- ping to w12s10 response from w12s9
- on w12s9 I can open https://w12s10.ad.medcore.pl/_wmcs/licensing/license.asmx & https://w12s10.ad.medcore.pl/_wmcs/certification/certification.asmx (I had error with that CA is not valid I can ignore it and its working)
- %allusersprofile%\Application Data\Microsoft\DRM\Server\ is empty on w12s9 and w12s10
Please
help! What shoud I do? What should I check?
Do you need other information? Let me known.
Best regards and thanks for help.
Document owner is able to change the document expire date when document expired. But not supper user from what I tested. Anyone has any idea to configure support user same capability as document owner?
Jason