locked
Active Directory Rights Management Server Install Enrollee Problem RRS feed

  • Question

  • I have created my own RSA CSP and I and tring to get it to work with ADRMS  I am having trouble installing the root cluster it is failing to generate enrollee certificate public key but it does not call my CSP Gen key so how is it tiring to generate this public key?

     

    Server log

     

    3628: 2010-08-25 16:30:26.250 [RMS]                       Begin CreateSlcNameType...

    3628: 2010-08-25 16:30:26.250 [RMS]                       Create cluster case, settign SlcNameType...

    3628: 2010-08-25 16:30:26.250 [RMS]                       SlcNameType set onto NewClusterType, ServerLicensorCertificate = AD RMS CERT

    3628: 2010-08-25 16:30:26.250 [RMS]                       Begin CreateSlcRevocationType...

    3628: 2010-08-25 16:30:26.250 [RMS]                       Create cluster case, settign SlcNameType...

    3628: 2010-08-25 16:30:26.250 [RMS]                       Revocation is disabled, Item = True

    3628: 2010-08-25 16:30:26.250 [RMS]                       Private key protection is CspBased and private key password is <null>.

    3628: 2010-08-25 16:30:26.250 [RMS]                       Domain account being used for service account is True and password is <non-null>

    3628: 2010-08-25 16:30:26.250 [RMS]                       Begin LogSerializedConfigXML...

    3628: 2010-08-25 16:30:26.250 [RMS]                       Log config XML directory = C:\Users\Administrator\AppData\Local\Temp\2\

    3628: 2010-08-25 16:30:26.265 [RMS]                       Log config XML file name = RmsProvision-Config-08-25-2010-0430.xml

    3628: 2010-08-25 16:30:26.265 [RMS]                       Log config full path = C:\Users\Administrator\AppData\Local\Temp\2\RmsProvision-Config-08-25-2010-0430.xml

    3628: 2010-08-25 16:30:26.375 [RMS]                       Begin Provision, provisionScenario = FullProvision, upgrade = False, private key password = , service account password = System.Security.SecureString, proxy password = , adfsUrl = .

     

    3628: 2010-08-25 16:31:26.765 [RMS] Error (Id=0) System.Exception: Fail to generate enrollee certificate public key.    at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.GenerateEnrolleeCertificatePublicKey(String cspName, String keyContainerName)

       at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName, String cspName, String keyContainerName)

       at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll()

       at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run()

       at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()

       at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data)

       at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()

       at Microsoft.RightsManagementServices.Configuration.ConfigHelper.Provision(ConfigOperationType configOperation, RmsProvisionScenarioType provisionType, Boolean upgrade, SecureString privateKeyPassword, SecureString rmsServiceAccountPassword, SecureString proxyPassword, String adfsUrl)

       at Microsoft.Windows.ServerManager.RightsManagementServices.RightsManagementServicesRoleProvider.Provision(ClassValue guest, String guestIdentity, ConfigHelper configHelper, ConfigOperationType configOperationType, RmsProvisionScenarioType provisionScenario, String adfsUrl)

    3628: 2010-08-25 16:31:26.796 [RMS]                       [STAT] For 'CoreRightsManagementServer':

    3628: 2010-08-25 16:31:26.796 [RMS]                       [STAT] Configuration took '62.5735002' second(s) total.

     

     

     

    Event:

     

    Active Directory Rights Management Services

     

    Cluster Type Root cluster

    Trust Hierarchy Production

    Configuration Database Server Windows Internal Database

    Service Account ROOT\testuser

    Cluster Key Storage CSP key storage

    CSP for Key Storage My RSA Full Cryptographic Provider

    Cluster Web Site Default Web Site

    Cluster Internal Address http://root.testnetwork.com:80/

    Licensor Certificate Name AD RMS CERT

    Register SCP Register now

    Active Directory Rights Management Services: Installation succeeded with errors

     

    <Error>: Attempt to configure Active Directory Rights Management Server failed. Fail to generate enrollee certificate public key. at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.GenerateEnrolleeCertificatePublicKey(String cspName, String keyContainerName) at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName, String cspName, String keyContainerName) at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll() at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run() at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision() at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data) at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run() Remove and re-install AD RMS to attempt provisioning again.

     

    <Warning>: Before you can administer AD RMS on this server, you must log off and log on again.

    The following role services were installed:

    Active Directory Rights Management Server

    Thursday, August 26, 2010 8:18 AM

Answers

  • Hi,
     
    I am sorry this has been a challenge for you or others who have been using AD RMS 1.0 API. The good news is there is a new 2.0 version of the AD RMS SDK that we released later in 2012 after you posted your issue. It contains a much simpler and improved upon experience for getting RMS-enablement within your application.

    Please check out the SDK content here and there is a link to full SDK download off this page as well.
     
    http://msdn.microsoft.com/en-us/library/windows/desktop/hh535290(v=vs.85).aspx

    HTH,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Thursday, April 4, 2013 3:43 AM