locked
Can't open a document in IRM enabled document library in SharePoint 2010 RRS feed

  • Question

  • Dear All,

    My Environment

    SharePoint 2010 (Windows server 2008 R2)

    AD RMS Server (Windows server 2008 R2)

    Office 2010

    Browser IE 8

    Users will use xp machine also

    Issue

    Can't open a document in IRM enabled document library in SharePoint 2010

    Issue in Brief

     I’ve enabled IRM from Central Administration (I’m using Active Directory integrated RMS). Now, in the document library settings, In the document library settings, I’ve checked the restrict permission to documents in this library on download Also i gave permission policy title and Permission policy description remaining are unchecked. Now when I try to open the document from document library

    When I tried to open Excel I got following error

    Microsoft Office Excel cannot access the file 'http://mossservername/Documents/Filename.xlsx'. There are several possible reasons:

     

    ·         The file name or path does not exist.

    ·         The file is being used by another program.

    ·         The workbook you are trying to save has the same name as a currently open workbook.

     

    When I tried to open Word , I got following error

    Microsoft Office Word:

    "http://mossservername/Documents/Filename.doc" does not exist.Check your spelling or try another path

    Then I simply removed the IRM permission policy from document library and then tried accessing the document. This time it opened.

    I got same error when I open from Windows Server 2008 R2 as well as XP machine

    Following Things I have tried but no luck

    On the Internet Explorer à Tools à Internet Options à Advanced tab à click Restore defaults button à Click "OK" to finish --- No luck

    Run one of the Office 2010 application (e.g. Word 2010).

      Click on File menu, and select Options.

      In the “Options” dialog, select Trust Center in the left pane.

      Click on Trust Center Settings in the right pane.

      Select Protected View in the left pane of “Trust Center” dialog.

      Disable any of all of the protected view options as below by unticking the check boxes:

    • Enable Protected View for files that fail validation
    • Enable Protected View for files originating from the Internet
    • Enable Protected View for files located in potentially unsafe locations
    • Enable Protected View for Outlook attachments"

    de-select "Automatically Detect Settings" under LAN setting part in Internet Explorer

    Please Help me to sort out this issue

    Thanks

    Scorpion

    Wednesday, April 3, 2013 8:59 PM

Answers

  • Hi Scorpion,

    As I said, my advice is that you need to contact Microsoft product support and open a support incident there to get you the level of escalation support you would like to have here.

    Thnaks for your cooperation.


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Friday, April 12, 2013 7:31 PM
    Moderator

All replies

  • Hi Scorpion,

    The most likley cause when troubleshooting unexpected errors with IRM functionality in Office 2010 apps is this:

    Symptom: The AD RMS client reports an "unexpected error" message when a user is trying to access IRM functionality.

    Cause: Most likely the cause of this is because the  user accessing the content does not have an e-mail address configured using the  mail attribute address in Active Directory, which is required for AD RMS to work as expected.

    Resolution: Verify that the user account for the user in Active Directory has the mail attribute configured with the user's email address.

    Also, sometimes SharePoint configuration for IRM support gets a little bit off:

    Symptom: You are having difficulty getting SharePoint configured to work with AD RMS.

    Cause: If you are having difficulty getting SharePoint configured properly to work with AD RMS or are confused by how to go about achieving interoperability between these technologies, it's helpful to ensure you understand how SharePoint implments IRM support.

    Enabling IRM on Sharepoint forces users to use Sharepoint as a distribution method. It does this by only giving rights to the downloading user (and the SharePoint service user account), so the document cannot be forwarded.  Even if the document is forwarded to someone who has rights to it via SharePoint, they will not be able to open it because the IRM rights are only set to the downloading user.

    Resolution:    Check these prerequisite steps when troubleshooting IRM issues with SharePoint:

    1. Make sure the user account that you are using to configure SharePoint has an email attribute in Active Directory.  Also make sure the SharePoint service account has an email attribute set as well.
    2. Verify that AD RMS is functional outside of SharePoint by going into Microsoft Word and from theFile menu, click Info, then click Protect Document, then clickRestrict Permission by People, and then click Restricted Access.  If this fails, troubleshoot AD RMS.
    3. Check the Sharepoint Central Administration\Manage Profile Service: User  Profile Service  Application

      You should see Number of User Profiles at a high number to indicate it synchronized.

      If it failed to synchronize.  Go into Application Management\Manage Services on Server\User Profile Synchronization service (make sure it's started)

    4. Click Application Management\User Profile Service Application to open it.

      Configure Synchronization Connections.

      If there isn't a connection already, selcet Create a New Connection.

      Go back and Start Profile Synchronization (Start Full Synchronization)

    Lastly, one of the tools used most often for diagnosing IRM related AD RMS issues is IRMCheck. The most up to date version is maintained and provided in the following link:

    http://aka.ms/irmcheck

    BTW, these tools and checks are from AD RMS Troubleshooting Guide (http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide-en-us.aspx). There are additional checks in the the AD RMS T-Shoot guide you can also try to troubleshoot AD RMS as well, but the two I just mentioned here should help you get started.

    And if those things don't get you the answer that works best for you and you are still having a problem, let me know. I will see if I can find some deeper RMS expertise to draw upon here to assist you.

    HTH,


    Brad Mahugh
    Senior Technical Writer
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Wednesday, April 3, 2013 9:42 PM
    Moderator
  • Dear Brad,

    Email Address has been entered in AD against the account

    Profile service running again i ran a full synchronization

    Also i have checked the 7 points,

    RMS functionality is  working when i use without SharePoint 

    When i run IRM check tool i got one error, Office is not installed , I have installed office 2010 and activated 

    7. IRM manifests WARNING Check skipped due to previous errors 

    9. User certificates WARNING No user certificates found 

    Still facing same issue , Please help me to sort out this issue

    Thanks 

    Scorpion


    Thursday, April 4, 2013 7:21 AM
  • Lastly, one of the tools used most often for diagnosing IRM related AD RMS issues is IRMCheck. The most up to date version is maintained and provided in the following link:

    http://aka.ms/irmcheck


    Dear Brad,

    I'd like to ask if it is possible to get IRMCheck from an official MS source. I see that the old version (RMS SP2) used to be part of RMS toolkit, unfortunately the new version of IRMCheck for ADRMS (2008) is available only through link you provided, though I believe that this site is administered by Jason Tyler the RMS Guru :), it would be nice to see it available from MS.

    Also are there any plans for 2013 version?

    Kind regards

    Martin Rublik
    Friday, April 5, 2013 8:04 AM
  • Hi Martin,

    There are plans to have an updated release of IRMCheck to address Office 2013 and to have it added to site within a Microsoft-controlled site. The aka.ms link I gave above is one that I own and will be able to update to point to that version when its released so it will be easily discoverable when its released.

    Thanks!


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.


    Friday, April 5, 2013 8:17 AM
    Moderator
  • Hi Scorpion,

    I have conferrred with other experts here and the problem seems to be on the SharePoint side of things. SharePoint is not able to protect the document on download, probably because it can’t acquire a CLC (and thus SharePoint cannot complete the download).

    Your best option is to check from the SharePoint server, logged in as the same account being that is being used by SharePoint (this is the same account as the SharePoint Central Administration service account if you are using one) and then see if you can reach the AD RMS servicing URLs (certification.asmx, publish.asmx.)

    HTH,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Friday, April 5, 2013 5:38 PM
    Moderator
  • Dear Brad,

    Thanks for your reply

    My central admin account is spfarm (Administrator), When i configure information rights management in CA also i gave url  as(https://adrms-srv.domainname.com) , Its accepted , But when i try to implement in document library am facing the problem, As you said CLC ..I had a CLC problem (Event id 5145) so that i have deleted existing key (C\programdata\microfoft\drm\server) then my problem is resolved..As your statement If CLC is the problem means what else i should check ? Please guide me

    Thanks

    Scorpion

    Friday, April 5, 2013 6:37 PM
  • Hi Scorpion,

    It wasn't completely clear from your reply whether you were able to browse and reach the AD RMS servicing URLs from the SharePoint server. It sounds like you might have been able to. At this point, since you are needing someone to guide you more through troubleshooting your installation, I would recommend you contact Microsoft product support and open a support incident there to get you the level of support you would like to have here.

     


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Monday, April 8, 2013 9:19 PM
    Moderator
  • Dear Brad,

    If you see the below post and read the comments , 3 ppls facing the same problem which am facing 

    http://www.blogger.com/comment.g?blogID=7192910&postID=2463733680543954510&page=1&token=1365667763366

    Those ppl are Abdul, Russell Wright, @m!th

    Please have look and advice me 

    Thanks

    Scorpion

    Thursday, April 11, 2013 7:46 PM
  • Hi Scorpion,

    As I said, my advice is that you need to contact Microsoft product support and open a support incident there to get you the level of escalation support you would like to have here.

    Thnaks for your cooperation.


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Friday, April 12, 2013 7:31 PM
    Moderator