Rights management Service(ADRMS) is unable to connect to Active directory in windows server 2012 r2 RRS feed

  • Question

  • I am trying to setup ADRMS in windows server 2012 r2. My Active Directory Domain services also installed in the same server. After making the complete setup, to verify whether it is working fine or not, I am running the 'Get-RMSServer' in the power shell of the server itself.Then I am getting below error.


    PS C:\Windows\system32> Get-RMSServer
    Get-RMSServer : The email address you are signing in with doesn't exist in your organization's directory. Contact the sender to send it to a different email address or contact your 
    administrator to create an email address. HRESULT: 0x80040201
    At line:1 char:1
    + Get-RMSServer
    + ~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-RMSServer], InformationProtectionException
        + FullyQualifiedErrorId : Microsoft.InformationProtectionAndControl.InformationProtectionException,Microsoft.InformationProtection.Powershell.RMS.Commandlets.GetRMSServer

    When I checked the event viewer, Event 53 and Event 139 are logged. Below is the stack trace of  Event 139

    Active Directory Rights Management Services (AD RMS) failed to query Active Directory Domain Services (AD DS).

    Parameter Reference
    Context: Pipeline[CertificationPipeline._GetPrincipalIdentifier]
    RequestId: {96ac6d3c-c424-498a-ab9e-19a5f73011f4}.3:1
    principal: id=S-1-5-21-3573187584-1364062291-3725641194-1103
    desiredIdentifier: primarymail

            Message: Failed to find an entry in the Active Directory: id=S-1-5-21-3573187584-1364062291-3725641194-1103.
            Context: CertificationPipeline._GetPrincipalIdentifier
            principal: id=S-1-5-21-3573187584-1364062291-3725641194-1103
            desiredIdentifier: primarymail
      + Microsoft.RightsManagementServices.RemoteDirectoryServiceGetPrincipalIdentifierException
      +         Message: The remote Active Directory services component failed to find the principal.
      +         Context: ActiveDirectoryServices.GetPrincipalIdentifier
      +         principalName: id=S-1-5-21-3573187584-1364062291-3725641194-1103
      +         desiredIdentifier: primarymail
          + Microsoft.RightsManagementServices.UnableToIncarnateException
          +         Message: LightweightDirectoryAccessProtocol pool failed to initialize.
          +         Context: Incarnation.Initialize
              + Microsoft.RightsManagementServices.UnableToInitializeTopologyException
              +         Message: The topology could not be initialized.
              +         Context: Topology.Initialize
              +         GlobalCatalogServersFound: 0
              +         MinimumGCsNeeded: 1

    Our service account is active and has domain admin privileges. Login account has email ID. Active Directory also appears to be working fine. So not sure why email id is not being detected by AD which in turn causing Get-RMSServer to fail. Please assist me.

    Tuesday, January 16, 2018 5:09 PM