none
AD RMS - unable to remove role on SBS2011

    Question

  • I know there are already a dozen or more articles covering the same issue, however most still remain unanswered or are 1 or 2 years old with generic links to mostly unusable articles. I want to rehash the problem as I have tried almost everything suggested and still cannot remove the service. It is a new client with a server in production already.

    As per usual, I try to remove the role as an administrator and I get this error:

    <Error>: Attempt to perform custom actions before un-installing Active Directory Rights Management Server failed. Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index at System.Collections.CollectionBase.System.Collections.IList.get_Item(Int32 index) at System.DirectoryServices.PropertyValueCollection.get_Item(Int32 index) at Microsoft.RightsManagementServices.Configuration.ProvisionHelper.GetPort(String strTargetComputer, String strIIsService, String strSiteindex, Boolean fSSL) at Microsoft.RightsManagementServices.Configuration.ProvUtils.GetWebsites(String strTargetComputerName, String strIIsWebService) at Microsoft.RightsManagementServices.Configuration.ProvUtils.IsProvisioned() at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Unprovision() at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.Unprovision() at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()
    The following role services were not removed:

    Active Directory Rights Management Serve

    According to most posts regarding this topic, I need to unregister the SCP which I have done numerous times - ADRMS toolkit unregister tool. There is no evidence of an SCP either in the registry, AD Sites and Services, nor in service configuration of ADSI.

    Before anyone asks if I have SSL and HTTP bindings on the default web site in IIS, I have. And I have tried multiple variations of host address to match both the servername, localhost, IP, domain name and more. None of which made any difference to the error output message of the role removal. I cannot remove the Default Web Site as it also contains the Exchange folders for which there is 24/7 heavy use.

    I have a valid SSL cert that runs the Exchange quite happily and I can only assume that the site was setup under this certificate.

    Recovering the server to an earlier point in time is not an option as the service looks to have been installed as early as the deployment 2 years ago.

    Upon investigation, there is no evidence of SQL DBs being used, or at least nothing remaining in the local SQL server -  so I assume a Microsoft Database was used (which I cannot find either).

    There are no virtual directories in the Default Web Site that represent ADRMS either. All other sites are accounted for in IIS and none look to have any virtual dirs relating to RMS.

    The server is an SBS2011 running Exchange 2010. It also has Symantec Endpoint Security.

    My general assumption is that it was never correctly installed and as it was not neccessary until now, nobody had noticed. I would like to know if there is a clean way of removal (that works in the given scenario)...or failing that, is there a dirty way using registry, ADSIedit, and file/folder removal?

    I am happy to attempt a dirty removal as I have reliable and frequent backups.

    And thanks in advance for any suggestions or help :)

    Saturday, October 19, 2013 4:56 AM

All replies

  • Could you please run  System Update Readiness Tool and paste the result in %SYSTEMROOT%\Logs\CBS\CheckSUR.log.

     

    http://support.microsoft.com/kb/947821/en-us


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Anand Shankar

    Monday, October 28, 2013 9:29 AM