failed to open RMS protect e-mail with Revocation list enabled template

Dear all,

I am setting up Windows 2008 R2 RMS server. All RMS functions are working well until I am trying to use the RMS revocation list.

I created and signed the revocation xml with the guide below: (This doc is for Win2003, is it also applied to Win2008?)

http://technet.microsoft.com/en-us/library/cc720208%28WS.10%29.aspx

I then created a RMS template with the revocation xml. The revocation list part is almost empty of course.

If I send a RMS protected mail with this template. The reciepient cannot open this email or document. The error is:

You do not have credential to allow you to open this message ...

The debugview trace shows:

===========================

[3140] [msdrm]:+DRMCreateBoundLicense
[3140] Created the enabling principal
[3140] [msdrm]:-DRMCreateBoundLicense HR=0x8004cf28

===========================

according to microsoft document, error means E_DRM_BIND_NO_APPLICABLE_REVOCATION_LIST

It means there is some format error in the list. but I cannot find. please take a look at the list below and point me some hints. thanks a lot!

===============

<?xml version="1.0" ?>
<XrML xml:space="preserve" version="1.2">
  <BODY type="LICENSE" version="3.0">
    <ISSUEDTIME>2010-09-16T03:20</ISSUEDTIME>
    <DESCRIPTOR>
      <OBJECT type="Revocation-List">
        <ID type="MS-GUID">{d6373cba-01f1-4f32-ac58-260f580af0f8}</ID>
      </OBJECT>
    </DESCRIPTOR>
<ISSUER>
      <OBJECT type="Revocation">
        <ID type="acsii-tag">External revocation authority</ID>
        <NAME>Revocation Point</NAME>
        <ADDRESS type="URL">https://adrms.fabrikam.local/fab_revocation.xml</ADDRESS>
      </OBJECT>
      <PUBLICKEY><ALGORITHM>RSA</ALGORITHM><PARAMETER name="public-exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER><PARAMETER name="modulus"><VALUE encoding="base64" size="1024">K09Pgq2iyUGv7kWf86HMhVnfGCfKNOFEpMh8u1FXZBzoOomr97yRsTDvbrprJTqRUIqvEmZ3EaS7xt5AIgGj1XbAtkk8mYCoAdaQYU6sPb4T3F0uBx8rnJ2V8SPYNoDwPA67Ufq9fMtqJ3gV114zXzG71C32Xs51z3Ip3uc7Ces=</VALUE></PARAMETER></PUBLICKEY>
    </ISSUER>
<REVOCATIONLIST>
<REVOKE category="content" type="content-id">
<OBJECT type="Microsoft Office Document">
<ID type="MS-GUID">{8702641D-3512-4AA4-A584-84C703A5B5C0}</ID>
</OBJECT>
</REVOKE>
</REVOCATIONLIST>
</BODY><SIGNATURE><ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM><DIGEST><ALGORITHM>SHA1</ALGORITHM></DIGEST><VALUE encoding="base64" size="1024">LUzb7K4z+WEwXZomY2KPrHgkRABX4+qqjD2FhiZmM1U601xhgShrUKZ+fNaaZZB0i/tN82r0v0YLoFGCMp3sNXMNK72r5/Yg7YuKFAKtCWtLEzi8IPMWhAhh4jF2Jf88e9GObze8A1U4eXWRzNwKQLO5eWxZp/s8roz8bXXooXU=</VALUE></SIGNATURE></XrML>

=======================