Decrypt AD RMS Content - No more RMS Server - Am I SOL? RRS feed

  • Question

  • I'm trying to fix a lot of broken stuff left after our past Sys Admin installed, installed and left.

    As a result, I have some RMS-protected files that I cannot decrypt as the Server no longer has the software installed. I do at least have the Certificate, but I don't know if that really matters.

    I tried the following link: http://mctexpert.blogspot.com/2010/10/how-to-decrypt-many-files-in-ad-rms.html

    However, I do received the message "Failed, user does not have sufficient rights on the file."

    Any ideas? Thanks.

    Tuesday, January 13, 2015 9:14 PM

All replies

  • Hi Mr. Mister -

    If you have no AD RMS server, you will not be able to decrypt any protected content.  Can you spin up a new AD RMS server and join it to the existing cluster?  If so, you can use the super users permissions to open the protected content. 

    What do you mean by "certificate"?  Are you referring to the SSL cert used upon installation?  Do you have a copy of the AD RMS Trusted Publishing Domain file?


    Micah LaNasa

    Synergy Advisors


    Tuesday, January 13, 2015 10:34 PM
  • If the certificate is the exported Trusted Publishing Domain and you have the password your golden. You can import that into a new RMS install.

    If you don't you need to locate a backup of the RMS database at the very least since it containes the decryption keys.

    Tuesday, January 13, 2015 10:38 PM
  • That is good to hear.  Do you think it's possible to setup a Lab, install the Production Certificate and then run the "AD RMS Bulk Protection Tool" against those handful of files?


    Wednesday, January 14, 2015 2:48 PM