Not able to add ADRMS site in sharepoint 2010

April 24, 2013, 12:28 am

≫ Next: AD RMS: Encryption and copying a file or folder to a FAT16 or FAT32 volume

≪ Previous: AD RMS, the black hole in Microsoft Licensing

hello,

Need help to add ADRMS /win 2008r2 with SharePoint 2010

Get the following error:

The required Windows Rights Management client is present but the server refused access. IRM will not work until the server grants permission.
Domain account name used: abc.efg.com

Event viewer error : 5056, 5013

Information Rights Management (IRM): There was a problem while obtaining a Rights Management Services (RMS) group identity certificate (GIC).

A GIC is an essential credential that allows a user to read/view rights protected documents.

Additional Data

Error value: 0x8004cf43

Information Rights Management (IRM): There was a problem while trying to activate a rights account certificate.

Possibly an HTTP 401 error (an authentication error) was returned by an Internet request.

Additional Data

Error value: 0x106fc110

Server URL:https://adrms/_wmcs/certification

Thanks

↧

AD RMS: Encryption and copying a file or folder to a FAT16 or FAT32 volume

April 23, 2013, 7:52 am

≫ Next: Apply RMS to existing Fileserver

≪ Previous: Not able to add ADRMS site in sharepoint 2010

HI all,

AD RMS & EFS supports attribute driven encryption only on the NTFS file system, so when you move or copy an encrypted NTFS file or folder to a FAT volume, (16 or 32) the encryption attribute will be lost. Because most forms of removable media do not support the NTFS file system, the same is also true.so how can I avoid it on such a cases

Amr Tantawi

↧

Apply RMS to existing Fileserver

April 24, 2013, 3:19 am

≫ Next: Identify Protected Documents

≪ Previous: AD RMS: Encryption and copying a file or folder to a FAT16 or FAT32 volume

I am new to RMS concept. Just gone through the concepts of it.

All these documents explains only for New RMS installation and create documents and apply restriction policies over it.

But what i need is that, i already have three file servers running in 3 branches.

Now i wish to create RMS for these file servers share folders and files to protect certain documents.

Can i do it for entire server just like how we restrict quota and File screens in FSRM.?

regards Sundaresan.C

↧

Identify Protected Documents

April 24, 2013, 8:07 am

≫ Next: RMS Pipelines Explanation

≪ Previous: Apply RMS to existing Fileserver

Is there a way to identify which documents across multiple shares have been protected with RMS?

Ideally I'm looking for either some document properties that I can search for, or a Powershell module that will do the same.

Thanks...

↧

RMS Pipelines Explanation

April 24, 2013, 8:59 am

≫ Next: Error after moving RMS database

≪ Previous: Identify Protected Documents

Hello,

I'd like to know if there is a detailed documentation regarding the AD RMS Pipelines available somewhere. It would be good to know what the Job of every RMS Pipeline exactly is, so it's easier to tell if you can safely give permissions on a Pipeline to a user/application or not.

Espescially the "ServerCertification.asmx" Pipeline is a mystery to me. It is used when integrating Exchange or SharePoint with RMS so i'd assume that every user that has access to this Pipeline has a bunch of permissions inside RMS that a default user account won't have but i couldn't find a detailed documentation about this on TechNet.

Any help would be appreciated!

↧

Error after moving RMS database

April 25, 2013, 10:00 am

≫ Next: Office 2010 gets kind of session timeout error, when saving back an RMS-protected document

≪ Previous: RMS Pipelines Explanation

RMS Experts,

We still have RMS version 1.0 with SP2 and we moved the database to new SQL server. The DBA took care of moving dtabases and updating RMS configruation database. I took care of updating web.config files and registry to use new SQL server. But now users are getting "You do not have credentials that allow to open this message. Do you want to open it using set of credentials". Users used to be able to open RMS protected email using their email address but now can't. Any ideas? Thanks.

Hubble

↧

Office 2010 gets kind of session timeout error, when saving back an RMS-protected document

December 27, 2011, 6:47 am

≫ Next: Winows 2008 AD RMS with MAC office 2011

≪ Previous: Error after moving RMS database

Hi,

when opening an RMS-protected Office document everything is still fine.

When saving back, Office shows an weird session-timeout message (in German:)

"Ihre Sitzung unter dem Benutzerkonto xyz@test.com hat den Zeitlimit überschritten. Bevor Sie fortfahren, muss der Dienst Ihre Anmeldeinformationen überprüfen. Falls Sie dazu aufgefordert werden, geben Sie den Benutzernamen und das Kennwort fürxyz@test.com ein, oder der Verlust der Datei (Dokument) kann auftreten."

Which session should be expired after 20 seconds?

Anybody out there, having the same effects?

↧

Winows 2008 AD RMS with MAC office 2011

April 26, 2012, 3:11 am

≫ Next: Exporting RMS Private Key

≪ Previous: Office 2010 gets kind of session timeout error, when saving back an RMS-protected document

Hi,

I have installed AD RMS running on windows 2008 sp1. We have workgroup client of windows and MAC. Windows RMS client is successfully running and authenticate to RMS server. But RMS not work for MAC client which running office 2011 with latest update patchs.

When i am click on manage credential it is authenticating to RMS server and installing required RMS certificate on MAC system. But in MAC office 2011 outlook as well as word not appearing "Permission" tab as active or enable. It's not highlighted.

I have followed document for mac which is available on microsoft site. i.e. http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=20825 Also I have search on internet but no success.

Please help me.

↧

Exporting RMS Private Key

June 10, 2012, 10:39 pm

≫ Next: Error during add a new AD RMS to an existing cluster

≪ Previous: Winows 2008 AD RMS with MAC office 2011

Dear All,

Scenario : Windows 2003 sp2 RMS installed on a domain Controller.

We are trying to move RMS role to another Hardware.

Taken RMS specific database backup from SQL 2005 express edition.

Restored the same on new hardware.

Issues Faced:

While Upgrading configuration on new server its giving error private key password is not valid (key password is currently not with us)

We followed http://technet.microsoft.com/en-us/library/cc753807(v=ws.10).aspx for export private key butkeycontainername is showing null.

Regards,

Abhishek

↧

Error during add a new AD RMS to an existing cluster

September 20, 2011, 2:17 am

≫ Next: event ID 10016 after moving RMS database

≪ Previous: Exporting RMS Private Key

I got this error when trying to add a new server to an existing AD RMS cluster

Active Directory Rights Management Services: Installation succeeded with errors
   Error: Attempt to configure Active Directory Rights Management Server failed. Cannot find the object "Certificate" because it does not exist or you do not have permissions.    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteScalar()
   at Microsoft.DigitalRightsManagement.Utilities.DrmsSqlConnection.ExecuteSqlCommand(String database, String format, Object[] args)
   at Microsoft.DigitalRightsManagement.Utilities.DrmsSqlConnection.ExecuteSqlResource(String database, String resource, Object[] args)
   at Microsoft.RightsManagementServices.Configuration.DbCreator.executeOnDb(String[] args)
   at Microsoft.RightsManagementServices.Configuration.LogCreator.Upgrade(DRMServerVersion LogDbVersion)
   at Microsoft.RightsManagementServices.Configuration.LogProvisioning.CreateLogDb()
   at Microsoft.RightsManagementServices.Configuration.LogProvisioning.Run()
   at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.ProvisionLogging()
   at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run()
   at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()
   at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data)
   at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()
Remove and re-install AD RMS to attempt provisioning again.
   Warning: Before you can administer AD RMS on this server, you must log off and log on again.
   Informational: <a href="rms_help.chm|html/a928c435-77a8-49fe-b08e-bfdc6bcc1fa7.htm">If the AD RMS cluster has been configured for SSL, you must import and configure the cluster's SSL certificate on this server.</a>
   The following role services were installed:
   Active Directory Rights Management Server

This happened at the last steps. I do the setup as an account with Domain Admin, Enterprise Admin, RMS SQL DB sysadmin privileges.
I did import the SSL certificate to IIS, and bind it to the default website.

Please help.

↧

event ID 10016 after moving RMS database

April 29, 2013, 7:11 am

≫ Next: Is getbus.sys a allowed file?

≪ Previous: Error during add a new AD RMS to an existing cluster

RMS Experts,

We have WIndows RMS 1.0 SP2 and we moved databases to new SQL server using this guide form this linkhttp://technet.microsoft.com/en-us/library/cc747607.aspx

but now users are getting permission error from outlook and I see this error from RMS server. Any ideas? Thanks.

DCOM EVENT ID 10016

"The application-specific permission settngs do not grant Local Activation permission for the COM server application with CLSID...........to the domain\xxxx SID(.......). This security permission can be modified using the Component Services adminisrtative tool."

↧

Is getbus.sys a allowed file?

January 5, 2013, 11:46 pm

≫ Next: Domain controller generate event id 4776 error code 0xc0000064 (non existing account) to existing domain accounts

≪ Previous: event ID 10016 after moving RMS database

Hi, I was told to remove getbus.sys from my system. Is that correct file or not?

Thanks / Tomas

By helping others I help myself

↧

Domain controller generate event id 4776 error code 0xc0000064 (non existing account) to existing domain accounts

May 1, 2013, 1:59 am

≫ Next: A connection with AD RMS cluster "Local Host" could not be established.The request failed with status 503: Service Unavailable

≪ Previous: Is getbus.sys a allowed file?

Hi,

I am reveiwing windows security logs using Arcsight SIEM system.

Since i have activated MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 rules set i am receiving many alerts.

That problem splits into two:

1. domain controller which generates the mentioned alerts to existing users (i have made sure i typed their names exactly the way i received in the alert).

This alert is generated for specific users whithin the domain who is trying to login to their computer. anyone has an idea why is that?

2. In our organiztion we have several domains - example.local (root domain) and country.example.local subdomain.

I receive many alerts with the mentioned error code from the root domain regarding subdomain users - again, not on all users but specific ones.

There is no reason for the subdomain users to authenticate with the root domain.

Any idea?

Thanks,

Mor.

↧

A connection with AD RMS cluster "Local Host" could not be established.The request failed with status 503: Service Unavailable

January 9, 2012, 10:01 pm

≫ Next: Cannot access IRM encrypted EXCEL file

≪ Previous: Domain controller generate event id 4776 error code 0xc0000064 (non existing account) to existing domain accounts

Hi All,

Need a quick help from you. i am installing AD RMS in a cluster with self signed certificates. The installation went fine without any error, but when i try to launch the AD RMS administration console from server manager i get the following error.

A connection with AD RMS cluster "Local Host" could not be established.The request failed with status 503: Service Unavailable. I get the service unavailable error again if i try to access the AD RMS role managerweb service. The account is same which was used for installation and is part of both ADRMS Ent admin and local admin group on the servers.

On checking event viewer, i also see the IIS app pool _DRMSApp pol 1 gets stopped and the eventviewer says that the accoutn used for application pool does not have login as a batch permissions.

The RMS server is installed on a memebr server with windows 2008 R2. any pointers are apprreciated.

Thanks

Panky

Panky, Learning never stops.You just need to find new subjects.

↧

Cannot access IRM encrypted EXCEL file

May 2, 2013, 1:54 pm

≫ Next: IRM: This content cannot be displayed in a frame

≪ Previous: A connection with AD RMS cluster "Local Host" could not be established.The request failed with status 503: Service Unavailable

I have used IRM to encrypt an EXCEL file. When I try to open the file Windoes starts the IRM wizard. at the last step of establishing the credentials I get the following message: "This content cannot be displayed in a frame" and I cannot complete the process and re-open the file...

Please help, Thanks!

↧

IRM: This content cannot be displayed in a frame

May 2, 2013, 7:13 pm

≫ Next: Is AD RMS application-centric?

≪ Previous: Cannot access IRM encrypted EXCEL file

I am signing up for Information Rights Management free trial Service from Microsoft, in order to protect my Words Document in Office 2007 on Windows XP.

When I select "Yes, I have a Microsoft account." and click Next. It send me to Sign in to Microsoft. But once I sign in, it show me "This content cannot be displayed in a frame". Therefore I cannot accept.

What should I do?

David Fhu

↧

Is AD RMS application-centric?

May 3, 2013, 1:21 pm

≫ Next: The certificate template renewal period is longer than the certificate validity period

≪ Previous: IRM: This content cannot be displayed in a frame

I am new to this technology and have been asked to look into what it would take to secure file types of the non-office variety, such as PDFs and cad files from our CAD application, for our company using AD RMS.

I have read various articles about AD RMS, including a large FAQ on MS Technet and I still have not been able to definitively answer the following questions for myself:
1) Do the applications that consume a specific file type, such as a PDF , have to be AD RMS aware to support this MS security technology?
or to put it another way
2) Would an application that knows how to read MS Word documents, other than MS Word itself, be able to open an RMS protected word document?".

The reason I ask this is because I have been directed in the blogs to look into RMS enabled solutions from companies like GigaTrust, Foxit, or Liquid Machines for support for file-types outside the default list of file types published in the Microsoft literature, say a pdf or cad file type. We are not a Fortune 500 company, but our security needs are no less. The cost of these solutions ($20K and upwards) are too prohibitive for a company our size.

Mike Agee

↧

The certificate template renewal period is longer than the certificate validity period

May 3, 2013, 1:12 pm

≫ Next: IRM error: This content cannot be displayed in a frame

≪ Previous: Is AD RMS application-centric?

Dears,

On my certification authority server I receive the following error:

The certificate template renewal period is longer than the certificate validity period. The template should be reconfigured or the CA certificate renewed. 0x80094814

Auto-enrolment is configured in my GPO default policy and I assign the following security policies on my certificate template:

Domain computers (Read,Write,Enroll,Autoenroll)

I configured my certificate template with the below general settings:

validity period: 1 years
Renewal period: 6 weeks

Everything was working fine until today.

Can someone help me?

Mikie1990

↧

IRM error: This content cannot be displayed in a frame

May 4, 2013, 9:07 pm

≫ Next: AD RMS Template distribution question

≪ Previous: The certificate template renewal period is longer than the certificate validity period

I tried opening a secure Office word 2007 document.

After login with Information Rights Management on Windows 7 64b

the screen appears with an error "This content cannot be displayed in a frame".

THIS IS PISSING ME OFF BECAUSE A REALLY NEED TO OPEN MY PROTECTED DOCUMENT!!!

I tried resetting IE to defaults, i added live, msn and microsoft in trusted web site.

NOTHING WORKS!

HELP !

↧

AD RMS Template distribution question

May 5, 2013, 11:57 am

≫ Next: this content cannot be displayed in a frame

≪ Previous: IRM error: This content cannot be displayed in a frame

Hello.

How do you publish templates based on user access. Currently all templates are available to all users. How can this be controlled to publish templates based on what I grant the user access to?

Thank you very much in advance.

↧

Latest Images