locked
Error occured on opening a AD RMS protected doc with Office 2010 pro plus RRS feed

  • Question

  • Hi there,

    I am having trouble while opening AD RMS protected documents with Microsoft Office 2010 on a Win7 box.

    We have a RMS service for several months and we used it to protect our office 2003 and 2007 documents. Everything works fine. Recently we are thinking to deploy Office 2010 but got stocked in our way of testing it.

    Here's the case:

    I created the documents within the company and assigned the rights thru RMS on them. Then I sent them via emails and tried to open them at home. My laptop is Win7+Office2007, with which I could open the documents correctly; but in my PC which is Win7+Office2010, I received an error message said the RMS server could not be contacted after few minutes waiting.

    Checked the AD RMS server, everything worked perfectly and not a single line of error events.

    Then I used the 'netstat -n' commands against my home computers, and find that my PC was trying to reach the AD RMS server with TCP port 80, while my Laptop is with TCP port 443 which is the correct one.

    Could anyone tell me how to fix the problem? Thanks in advance.

    Regards,

    Scott Chen

    Tuesday, May 24, 2011 4:48 AM

Answers

  • Hi,

     

    you can either set up an internal CA using Active Directory Certificate Services, or you can import the certificate into "Trusted People" certificate store.

     

    Kind regards

    Martin Rublik

    Wednesday, May 25, 2011 5:49 AM

All replies

  • Do you use SSL to protect the RMS communication? If so is the certificate trusted by the client machine (e.g. issued by trusted CA, with correct name on it and time valid) and is the CRL location reachable? I had similar problems when using an untrusted SSL certificate.

     

    Kind regards

     

    Martin Rublik

    Tuesday, May 24, 2011 11:51 AM
  • Thanks Martin,

    Yes I use SSL to protect the RMS communication. As I am only evaluating the RMS solution to see if the functionality could satisfy the end users, I'm afraid that I wouldn't purchase a trusted CA signed certificate at this stage...

    Would like to learn if there's any workaround other than purchasing a cert?

    Again, thanks for your reply!

    Regards,

    Scott Chen

    Tuesday, May 24, 2011 2:56 PM
  • Hi,

     

    you can either set up an internal CA using Active Directory Certificate Services, or you can import the certificate into "Trusted People" certificate store.

     

    Kind regards

    Martin Rublik

    Wednesday, May 25, 2011 5:49 AM