locked
SharePoint2010 MSDRM RRS feed

  • Question

  • Hello. We are having problem when turning on IRM to use a RMS connector on SharePoint2010. I want to ask which email address MSDRM refers when requesting certificates from Azure RMS for the first connection.

    I built a RMS connector and added farm account and application pool account of SharePoint. Then I run GenConnectorConfig.ps1 on SharePoint frontend server and confirmed registries for SharePoint2010 are added.

    But when I tried to trun on IRM from the central administrative site, I got the following error message:

    "The required Windows Rights Management client is present but the  server refused access. If you are switching from one RMS server to a  different RMS server, be sure you have set up a trust relationship  between the two. IRM will not work until the server grants permission."

    I downloaded Azure RMS usage log and found that email address of the farm account, for example [xxx@aaa.com] is recorded, so I syncronized the farm account to Azure AD. (User accounts had been synchronized but operational accounts and system accounts were not.) Our test envrionment is a little complecate. Before synchronization, I had to change mail and proxyAddresses attributes from [xxx@aaa.com] to [xxx@aaatest.com]

    After synchronization, I confirmed mail and proxyAddresses attributes are changed to [xxx@aaatest.com] on both on-premise and Azure side. But when I tried to turn on IRM on SharePoint server, I got the same error. And the old email address [xxx@aaa.com] is still recorded in Azure RMS usage log. I also changed email address on SharePoint server but it didn't help.

    Does anyone know that which email address MSDRM refer when connecting to Azure RMS? I cannot find detailed documents about this. I appreciate your feedback and help.

    Monday, August 28, 2017 7:31 AM