RMS Client can't access AD RMS Server ! RRS feed

  • Question

  • Hello;

    I have installed an AD RMS on a Windows Server 2003 R2 SP2, but when using the office RMS options on my clients, the communication is not done.

    Here is my network architecture:

    Two servers:
        One AD server Windows server 2003 R2 SP2.
        One server Windows server 2003 R2 SP2, AD RMS and SQL Express 2005 installed.
    Two Clients:
        One host Windows XP, MS-Office 2003, and IRM (RMS client) installed.
        One host Windows Vista, MS-Office 2007 installed.

    The ping by hostname and IP Address is done successfully, and Firewalls are deactivated on both clients and servers.

    I have succeed to install AD RMS on the RMS server, then enroll the server, and making it a check access point. I have also succeed to create security template without any problem.

    When I'm trying to use the RMS options on my Office clients hosts, but one prompt is displayed telling that an error has occured, and that I have to get help from a system admin.

    Are there any services I have failed to start, or is there any other configuration to do on Servers / Clients ?

    Many thanks for your precious help.

    Monday, January 31, 2011 11:55 AM


All replies

  • Hi are the clients joined in the Active Directory domain? Have you registered SCP (http://technet.microsoft.com/en-us/library/cc720283(WS.10).aspx)?





    Tuesday, February 1, 2011 10:33 AM
  • Hi,

    Thanx for your reply.

    Are the clients joined in the Active Directory domain? Yes. Both clients (XP & Vista) and server member (AD RMS) are in the domain.

    Have you registered SCP ? Yes. Already done.

    -After having installed the AD RMS. I have checked out if the rmsservice user has been added automatically in rms service group, and it's OK.

    -The AD RMS server works fine (installation, configuration, creation security templates, ...etc).

    -The ping (by hostname & IP) FROM clients/servers TO clients/servers is OK.

    -Firewalls are disabled. No antivirus installed (Test environnement).

    I have done all steps one by one while installing RMS (Software and Hardware pre-requisites), and respected thightly the Microsoft's recommendations.




    Tuesday, February 1, 2011 12:35 PM
  • Can you open

    http(s)://url.to.your.rms.server/_wmcs/certification/certification.asmx ?




    Have you installed http://support.microsoft.com/kb/978551 update for Office 2003?



    Tuesday, February 1, 2011 1:43 PM
  • Hi,

    *Can you open

    http(s)://url.to.your.rms.server/_wmcs/certification/certification.asmx ? Yes. I can.

    As I configured my server on http rather than https, I can open this link from client


    *When trying to install the Update for Office 2003, this prompt is displayed:

    The expected version of the product was not found on your system.

    As I have MS-Office 2003 installed on my client, I really don't understand this error msg.


    Wednesday, February 2, 2011 10:42 AM
  • You need to apply Office 2003 SP3 before the update.




    Martin Rublik

    Wednesday, February 2, 2011 10:55 AM
  • Hi Martin;

    It's done. I've installed the MS-Office 2003 SP3, then the update for Office 2003.

    Always the same error prompt. It's a kinda weird. everything is OK (clients & servers), but no RMS communication.

    Any other configuration to do or service to start ?






    Wednesday, February 2, 2011 3:10 PM
  • Are there any records in the IIS HTTP access log?

    If you run this query on domain controller does anything show up (please replace DC=domain,DC=local with your AD domain suffix)?
    ldifde -d "CN=RightsManagementServices,CN=Services,CN=Configuration,DC=domain,DC=local" -f output.txt -l serviceBindingInformation -p Subtree -r "(objectClass=serviceConnectionPoint)

    Check if there are XrML certificates in the store:

    - XP/2003
    %USERPROFILE%\Local Settings\Application Data\Microsoft\DRM
    - Vista / 7 2008


    Martin Rublik

    Tuesday, February 8, 2011 7:21 AM
  • Hi Martin;

    1-Are there any records in the IIS HTTP access log? No. There is no record in the IIS HTTP access log

    2-My domain is test.private, so when running this query on my DC:

    ldifde -d "CN=RightsManagementServices,CN=Services,CN=Configuration,DC=test,DC=private " -f output.txt -l serviceBindingInformation -p Subtree -r "(objectClass=serviceConnectionPoint)

    It prmots me an error telling that the search has failed, and that an error occured on the program (As I'm on Win2k3 R2 French, I'm doing the translation from French to English).

    3-On XP/2003, I can find this path %USERPROFILE%\Local Settings\Application Data\Microsoft, but cannot find the DRM directory !!!!


    Mourad NAKIB

    Tuesday, February 8, 2011 9:17 AM
  • Hi it looks like you do not have registered SCP after all.

    To register SCP use either ADScpRegister.exe from RMS Administration toolkit or follow this procedure http://technet.microsoft.com/en-us/library/cc720283(WS.10).aspx 

    If you do not want to perform SCP registration, you can set the location of RMS server through registry, see following article for detailed instructions http://blogs.technet.com/b/rmssupp/archive/2007/07/13/rms-testing-rms-without-modifying-the-ad.aspx


    Martin Rublik

    Tuesday, February 8, 2011 10:09 AM
  • Hi Martin;


    Thanx a lot for your help Martin, & so sorry for my late answer.

    Actually, I've given up my tests on Win2k3, and I'll try it with Win2k8, as it seems much easier to install AD RMS on it.

    Many thanx once again.





    Tuesday, February 22, 2011 1:54 PM