Errors when configuring SharePoint 2010 with AD RMS

1
votes

I'm having problems configuring SharePoint 2010 with AD RMS.

When selecting 'Use the default RMS server specified in Active Directory' within SharePoint, I receive the following error:

The required Windows Rights Management client is present but the server refused access. If you are switching from one RMS server to a different RMS server, be sure you have set up a trust relationship between the two. IRM will not work until the server grants permission.

In the event log on the SharePoint server, I get two critical application events:

Event 5062: Information Rights Management (IRM): There was a problem while trying to activate a right account certificate.

Event 5133: Information Rights Management (IRM): There was a problem while obtaining a Rights Management Services (RMS) group identity certificate (GIC)

On the RMS server, the IIS logs capture the following:

/_wmcs/certification/ServerCertification.asmx - 443 - (ip address) - Windows+Rights+Management+Client - 401 2 5 15

/_wmcs/certification/ServerCertification.asmx - 443 DOMAIN\SPFarm (ip address) - Windows+Rights+Management+Client - 500 0 0 1015

Here's the setup:

  • dc.domain.local (Windows Server 2012 + AD)
  • db.domain.local (Windows Server 2012 + SQL Server 2012)
  • rms.domain.local (Windows Server 2012 + AD RMS)
  • sp.domain.local (Windows Server 2008 R2 + SharePoint 2010)

The SharePoint is to be setup as a simple farm. Central Administration and the WFE is on the 'sp' server and the 'db' server is being used as the database.

The accounts in the domain are:

  • RMAdmin (AD RMS Admin)
  • RMService (AD RMS Service)
  • SPSetup (SharePoint Setup/Admin)
  • SPFarm (SharePoint Farm)

I've done steps to the '_wcms/certification/servercertification.asmx' on the 'rms' server:

  • Inheritied permissions of the parent folder
  • Added the SharePoint server machine account to the ACL for 'Read' and 'Read & Execute'
  • Added the DOMAIN\SPFarm account to the ACL for the 'Read' and 'Read & Execute'

In addition, the server certificate from the RMS server has been imported into the 'Trusted Root Certificates' of the SharePoint server and on the RMS server.

I can confirm that both RMS and SharePoint work separately, I just can't get the IRM setup on the SharePoint!

1
sharepoint-2010rights-managementwindows-server-2012

1 Answers

0
votes

Try this:

IISreset /stop

del /q /f "%USERPROFILE%\AppData\Local\Microsoft\Drm\*.*"
del /q /f /s "%ALLUSERSPROFILE%\Microsoft\DRM\Server\*.*"


IISreset /start