Hi All,
I am testing RMS in a Windows server 2012 R2 and Domain controllers installed in Windows 2003 R2. Client computers having office 2007 (Ultimate) installed. When I open outlook and try to protect a message it prompts for Windows live credentials. Is this is happening due to a RMS server connectivity issue? This is a test environment in VMware workstation.
Once I cancel it get this message "Cannot use this feature without credentials"
Pls help, thanks,
Kanishka.
Hi,
I'm currently trying to test RMS on Windows Server 2012 R2, all installed and URL's look good.
The issue i'm having is that no clients work, i've ran the RMS Analyzer and get a failure on My computer trusts the RMS SSL certificates, the attached screen shot shows the issue.
The problem looks like it's because i'm using a wildcard certificate but everything i've seen so far doesn't suggest that this should be an issue.
Any help would be appreciated.
Thanks
Adam
hello guys.
i've got a problem with my AD RMS server when i try to encrypt files.
it showed:"cannot use test manifests against production servers"
what can i do now? please.
Hi , after update MAC office from 2011 to 2016 , i cant configure Outlook exchange account below information may be will help
MAC OS : OS X yosemite 10.10.4 With MAC office 2016
Our Exchange server version 2010 R2 With SP3
Hi , after update MAC office from 2011 to 2016 , i cant configure Outlook exchange account below information may be will help
MAC OS : OS X yosemite 10.10.4 With MAC office 2016
Our Exchange server version 2010 R2 With SP3
Hello,
What is the meaning of "protecting with RMS"? Means it that a file can be encrypted with AES?
Is it possible to protect whole Folders in an AD with RMS?
Is it possible to protect each file or only microsoft files and pdf?
Is it possible to read the whole Template for an Folder with the Rights Management Services SDK 2.1 and the Function "IpcGetTemplateList"?
Hi,
after upgrade a few of client to Windows 10, I found that "Do not Forward" template is replaced by“Connect to Rights Management Server and get templates” , click it, nothing happened. User can't open encrypted email. any suggestion?
Jason
Hello,
i have asked some simple questions about RMS last days here. I see that I don't get any answers at this forum.
Can anybody suggest me a forum, where I can ask some questions about RMS or can show me how to communicate with persons who can answer me some questions about RMS?
The reasons for using AD RMS are very compelling from a DLP perspective. I have been struggling to find adequate documentation for configuring AD RMS for Server 2012 R2 to include the ability to protect documents internally and protect against external access (unless authorized). I do not need to integrate with AD FS and other federated/trusted domains; I am just looking to protect our internal content and have control over how it is accessed outside of our domain. I do want to be able to make content available externally (but protected), so assuming some type of Extranet is needed, but everything I am finding online is for Server 2008 R2, not 2012 R2.
Using Office and Exchange 2010, but changing to Office 365 soon, so both options would be nice to see. I want to evaluate this fully before going through the pain of trying to implement. Also would need info on rolling back AD RMS for organizations wishing to get rid of it.
Please let me know if you have any worthwhile resources you can point me to.
Hi,
I am newbie to AD RMS, I have created AD RMS pre-production setup in local network and was verifying whether set-up is correct or not using rmsbulk utility as a RMS-client. When I run "rmsbulk.exe /encrypt c:\temp\text.xlsx c:\rms_template\rms_test.xml" command, I get an error "c:\temp\test.xlsx ... Failed, Unknown Reasons".
I searched on net but all in vain, I didn't find anything useful there. There is no error code with error message so I couldn't nail down this problem further. It would be helpful if you guys provide some pointers in this regard. If you need more information about my AD RMS setup please let me know.
Thanks in advance
we have deployed AD RMS ( windows 2012 R2 ) two node cluster by using local Certificate, now we need to use public Certificate for RMS and any procedure to change new certificate to AD RMS ( is it just change from IIS binding only )
Indunil
We have a new AD RMS 2012 member server in a Win08R2SP1 Native domain.
We have Exchange 2010 SP2 Rollup 4v2.
I put exchange fed mailbox in a rmssuper group and enabled this group in ad rms.
I gave Exchanger Servers group acl access to servicelocater.asmx, server.asmx, and servercertification.asmx.
Office 2013 clients can access and use policy templates from this AD RMS server.
Trying to enable irm on the Exchange server and I am getting
[PS] C:\Windows\system32>Set-IRMConfiguration -InternalLicensingEnabled $true
The request failed with HTTP status 401: Unauthorized. ---> Failed to get Server Info from https://rms.juf.org/_wmcs/ce
rtification/server.asmx.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : FECD1A6C,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
Running the test-irm, I get this:
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://rms.juf.org/_wmcs/certification.
Verifying RMS version for https://rms.juf.org/_wmcs/certification ...
- WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
or AD RMS on Windows Server 2008 R2.
----------------------------------------
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//rms.juf.org/_wmcs/certification/server.asmx. ---> System.Net.WebException: The request failed with HTTP sta
tus 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebRespons
e response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
----------------------------------------
OVERALL RESULT: PASS with warnings on disabled features
IIS Log on RMS shows:
2013-08-01 20:38:46 ADrmsIP# POST /_wmcs/certification/server.asmx - 443 - cashubIP# Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5466) - 401 2 5 0
Hi All,
I have a plan to migrate my domain controllers (2008 R2) to 2012 R2. I'm not raise the forest and domain functional level, only schema upgrade and install additional DC.
My question is, are there any issues that maybe occur in my AD RMS 2008 if i migrate my existing domain controllers (2008 R2) to 2012 R2 ?
Thank you for your help :)
can we integrate exhcnage 2013 SP1 with AD RMS 2012 R2 ( Cryptographic Mode 1), i know it's(exchange 2013 SP1) working with AD RMS 2012 R2 ( Cryptographic Mode 2). but if i want AD RMS 2012 R2 ( Cryptographic Mode 1), can i intergrade exchange 20130 SP1 . if not, any official document which is mentioned it clearly( E.g. Minimum AD RMS mode -Cryptographic Mode 2 for Exchange 2013 SP1 integrations and Cryptographic Mode 1 doesn't support )
Indunil
I'm playing with Office 365 RMS and want to test protecting files within a folder on a file server. I understand that as the File Server is on premise that I need to use the RMS Connector. Do I need to use the File Server Resource Manager or can protecting files be done via templates? If FSRM needs to be used, is there any good documentation detailing how to configure it, particularly around the Classification properties and Classification rules?
Thanks
Glen
Hi,
I have the following test environment consisting of two servers and one client:
- DC, CA, Exchange 2010 on a Windows Server 2008 R2
- AD RMS on Windows Server 2008 R2
- Client computer as Windows 7 Enterprise with Office Professional PLus 2010.
Exchange is working well (I can send/receive emails inside organization). RMS is working too (I can create templates, distribute them to client computer automatically and sign email messages from IE).
The problem is the templates do not appear in Outlook 2010 Options/Permission tab from New mail window.
Also, if I sign a mail with a template from IE and try to open it in Outlook with another user, I receive the following message: You do not have credentials that allow you to open this message. Do you want to open it using a different set of credentials?
Any ideas or hints why I can’t see templates in Outlook?
PS: the servers and client computers do not have any updates installed or and are not activated, just installed from DVD and that’s all.
Hello,
We are testing ADRMS for use in our infrastructure. I have the RMS server running on Server Standard 2012, and it is configured and everything is working properly. I have a couple of test templates that I am deploying.
The issue I am running into is that When I try to change the Permissions to use IRM in Word 2010, I get the following error:
A problem occurred while contacting the restricted permission service. Please try again later or contact your administrator for more details.
However, in Word 2013, it works perfectly. I can create a document, apply the policy to it and it works. I can open the document in Word 2013 and the restrictions apply. However, if I try to open the document in Word 2010, I get the above error again.
The clients are all Windows 7 64-bit. All I did to configure them was add the URL to the Intranet Sites in the Internet Settings Control Panel, and enabled/started the RMS Scheduled Task (automatic).
One thing I have noticed is that in the %localappdata%\Microsoft directory, I have an MSIPC folder on the systems running Office 2013 with my templates and all applicable settings, where on the boxes with Office 2010, I have a DRM folder with just a CERT-Machine.drm file.
Any help would be greatly appreciated. If you need more information, please let me know.
Thank you!
Hi,
I have installed a AD RMS server role to a dedicated server and followed these instructions: http://technet.microsoft.com/en-us/library/cc753531(v=WS.10).aspx
I have a domain let say contoso.com and servers are: ADRMS.contoso.com(MS Server 2012), DC1.contoso.com(MS Server 2008 R2) and DB1.contoso.com(MS Server 2008 R2).
I have configured the AD RMS service to use URL https://rms.conto.com and redirections are done by network traffic controller and DNS which converts the requested address to specific IP(FQDN:ADRMS.contoso.com). It uses HTTPS/SSL. I can logon localy to ADRMS cluster console(Add Cluster>Remote Computer) from the server with the URL rms.conto.com(required a regedit) and also can connect from client machines to https://rms.conto.com/_wmcs/certification/certification.asmx and https://rms.conto.com/_wmcs/licensing/license.asmx. Though I am unable to logon locally to the cluster console using Add Cluster>Local Computer.
SCP is created to DC1 with serviceBindingInformation = https://rms.conto.com/_wmcs/certification
Problem is that when I open Word 2010 and create a document and try to do a Restrict Permission by People>Restrict Access, it only offers me Microsoft Live ID or Windows Account. If I choose Windows Account it has problem contacting "restricted permission service".
Have tried to clear DRM folder from %localAppData%\Microsoft\DRM but no help.
I also happed to notice a strange log at the ADRMS-server:
This Active Directory Rights Management Services (AD RMS) cluster cannot perform an operation on one of the AD RMS databases. Ensure that all AD RMS databases are operating correctly on the network and that the AD RMS service account has read and write permissions
to the databases.
Parameter Reference
Context: STATIC
RequestId: N/A
HelpLink.ProdName: Microsoft SQL Server
HelpLink.EvtSrc: MSSQLServer
HelpLink.EvtID: 18456
HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
HelpLink.LinkId: 20476
SqlError-0.State: 1
SqlError-0.Class: 14
SqlError-0.Server: DB1
SqlError-0.Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
SqlError-0.Number: 18456
Microsoft.RightsManagementServices.LowSeveritySqlException
Message: The Database Engine threw this exception in response to an error that can be corrected by the user, such as a missing database object or entity, possible data inconsistency, transaction deadlock, security setting problems,
or SQL command syntax error. Please examine the SqlError details for more information.
HelpLink.ProdName: Microsoft SQL Server
HelpLink.EvtSrc: MSSQLServer
HelpLink.EvtID: 18456
HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
HelpLink.LinkId: 20476
SqlError-0.State: 1
SqlError-0.Class: 14
SqlError-0.Server: DB1
SqlError-0.Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
SqlError-0.Number: 18456
+ System.Data.SqlClient.SqlException
+ Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
+ HelpLink.ProdName: Microsoft SQL Server
+ HelpLink.EvtSrc: MSSQLServer
+ HelpLink.EvtID: 18456
+ HelpLink.BaseHelpUrl: http://go.microsoft.com/fwlink
+ HelpLink.LinkId: 20476
Why it tries to connect to SQL server(DB1) with Anonymous -account? I have installed AD RMS with ADRMSADMIN -account(with correct permissions) and configured it to use ADRMSSRVC -account as service account.
Other thing is that I can't change that service account with ADRMSADMIN from the ADRMS -console because the "Next" is grey all the time. I always have to log in to management console using "remote" cause "local machine" gives me error message. Probably this is because the cluster address is different than the machine name that is hosting the service(AD RMS -server role).
Client computer have Windows7+Office 2010 Professional Plus. Client computers does not have these registry keys:HKEY_LOCAL_MACHINE\Software\Microsoft\MSDRM , HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\MSDRM but have this: HKEY_LOCAL_MACHINE\Software\Microsoft\DRMbut empty.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRMis present and has "CachedCorpLicenseServer" and "ServiceLocations" with correct url values. Should the ServiceLocations be named like "1|2|" 2|2|?