none
RMS stopped. Users told "only documents created in a signed application can be opened in a signed application"

    Question

  • Hi

    I hope you can help and that this is the right forum.

    We have a RMS 1.0 sp1 server which has stopped working.

    Users get "only documents  created in a signed application can be opened in a signed application" when trying to protect a document in word or Outlook, and are unable to open previously protected documents.

    C:\Users\username\Local Settings\Application Data\Microsoft\DRM - only has the one file in it which is DRM-Machine. the .eul .CLC and .Gic files are missing from this folder.

    The server running the rms has an event id 82. " the callers machine certificate has a certificate chain that is not valid"

    I ran an irmcheck on the local machine which showed " No user Certificate"

    I can connect to the rms server urls , both licensing and certificate with no errors and IE shows the zone to be local intranet.

    Can anyone see what my problem might be and suggest why the workstations are not getting their certs and allowed protection? What else should I be checking?

    Best Regards

    Steen

    Friday, November 29, 2013 1:24 PM

All replies

  • Hi,

    it seems the server itself and Windows is still working but not the RMS service. am I correct?

    Have you recently renewed the Server Licensor Certificate? It had to be renew every year till MS announced to issue it for 7150 days. (That should give you enough time to migrate to something newer. lol)

    Renew the SLC - http://technet.microsoft.com/en-us/library/cc747636(v=WS.10).aspx

    SLC validity  extended to 7150 days - http://support.microsoft.com/kb/2853958

    Regards,

    Lutz

    Friday, November 29, 2013 9:42 PM
  • Hi Lutz

    Thank you for the information. The licensor certificate is set to expire on 26/06/2033, the validity period is 365 days and 15 minutes for temporary certificates.

    The current RMS Service Connection Point certification URL is http://<servername>/_wmcs/Certification/Certification.asmx

    Everything worked well until the beginning of last week when users progressively lost the ability to protect documents with the error  "only documents created in a signed application can be opened in a signed application"

    This is a citrix server environment if it matters.

    I struggling to work out whether its the server side or the client side. I think its the server side but I don't know enough wrms to be able to troubleshoot further to find the cause. It would be nice to know what the server event id 82. " the callers machine certificate has a certificate chain that is not valid" means.

    As far as I can tell the client creates a DRM-Machine cert which is rejected by  the server and no further certs are passed to the client to process documents.

    Any further advise would be gratefully recieved.

    Best Regards

    Steen


    • Edited by alsoran1 Monday, December 02, 2013 9:31 AM repeated url
    Monday, December 02, 2013 9:30 AM
  • Had the exact same problem as you and same environment with Citrix servers. It even started at the same time. However, upgrading to RMS SP2 solved the problem. Just make sure you backup everything before you start the uppgrade process. SP2 can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=14329.

    Hope this solves your problem as well.

      
    Tuesday, December 03, 2013 1:38 PM
  • Thanks very much that was a good idea. It turned out that SP2 was installed although the Admin panel said SP1. Anyway our problem was not resolved so I'm going to contact MS Tech Support to see if they can throw any light on the issue
    Thursday, December 05, 2013 3:47 PM
  • any update on this issue, I am also facing the same and MS call yet not closed
    Friday, December 13, 2013 7:14 AM
  • Hi

    Here is the answer which resolved my situation, I hope it helps yours.

    Guybrush-Threepwood I've marked your post as helpful as we had installed SP2 but it was not installed correctly and installing correctly was part of the solution.

    PROBLEM:

    Client began seeing the error:

    “Only documents created in a signed application can be opened in a signed application”

    On the server we were getting events:

    “The callers machine certificate has a certificate chain that is not valid”

    CAUSE:  

    Servers running RMS before SP2 can no longer get a valid Server Licensor Certificate.

    RESOLUTION:

    1. Install RMS v1 SP2 from:

    http://www.microsoft.com/en-us/download/details.aspx?id=14329

    2. Locate and then click the following key in the registry.

    For the enrollment URL on x86 versions of Windows Server 2003:

    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\

    For the enrollment URL on x64 versions of Windows Server 2003:

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\

    3. On the Edit menu, point to New, and then click String value.

    4. Type EnrollmentURL, and then press Enter.

     5. On the Edit menu, click Modify.

     6. Type https://activation.drm.microsoft.com/enrollment/enrollservice.asmx, and then click OK.

     7. On the Edit menu, point to New, and then click String value.

    8. Type CloudGicURL, and then press Enter.

     9. On the Edit menu, click Modify.

     10. Type https://certification.drm.microsoft.com/certification/certification.asmx, and then click OK.

    11. Go into the RMS Web interface and renew the SLC

    HTH

    Tuesday, December 17, 2013 1:53 PM
  • but our case if totally different as our instance is installed with RMS SP2 5.2.3790.243 and there is also another SP2 5.2.3790.340. In 243 instance this solution is not working. We cant upgrade to 340 as it asks to uninstall. Another node installed with 340 we cant join to cluster as error occur saying version is different. We don't know how to go about this. Even upgradation to ARMS not supported from version 243. Call is still open with MS Support.
    Friday, December 20, 2013 6:44 AM