locked
ADRMS console not getting open RRS feed

  • Question

  • Hi,

    I am getting below mentioned error while I am trying to start ADRMS console. Windows environment is 2008 R2 with sp1.

    Kindly help to get it resolve....

    An error occurred when the Active Directory Rights Management Services (AD RMS) Logging service attempted to retrieve data from the configuration database. The Logging service cannot process MSMQ messages until the logging service is able to communicate with the configuration database. You do not need to restart the Logging service.

    Parameter Reference
    Context: Logging.GetConfigurationFromDatabase
    HelpLink.ProdName: Microsoft SQL Server
    HelpLink.EvtSrc: MSSQLServer
    HelpLink.EvtID: 2
    HelpLink.BaseHelpUrl:
    HelpLink.LinkId: 20476

    System.Data.SqlClient.SqlException
            Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
            HelpLink.ProdName: Microsoft SQL Server
            HelpLink.EvtSrc: MSSQLServer
            HelpLink.EvtID: 2
            HelpLink.BaseHelpUrl: 
            HelpLink.LinkId: 20476

    Regards

    Pradeep

    Friday, June 28, 2013 6:47 AM

All replies

  • I'd say you should check your SQL RMS database connection.

    Martin

    Friday, June 28, 2013 12:43 PM
  • Hi,

    As Martin says it sounds like you haven't access to your SQL DataBase

    First, check your SQL server connectivity with your RMS server

    Second, you can try to change the RMS service account that should be a standard domain user account that is a member of the local Administrators group.

    Good luck

    Saturday, June 29, 2013 9:54 AM
  • Hello Martin,

    Thanks for your kind reply....

    SQL server connectivity is fine. Earlier the RMS was working before promoting it to a domain controller.  Is there any issue to promote domain controller in a RMS???

    Regards

    Pradeep

    Monday, July 1, 2013 12:38 PM
  • Hi Amig@. Yes, the account used for RMS service account has to be a domain admin when RMS is installed in a Domain Controller as specified here http://technet.microsoft.com/es-es/library/dd772659(v=ws.10).aspx

    Hope it helps


    // Raúl - I love this game

    Monday, July 8, 2013 4:13 PM
  • Dear All,

    After trying for some time, we did uninstall of old RMS cluster and re-installed the same. We followed the same document and added the RMS service user to Enterprise Admin/Domain admin groups. We did the RMS installation with same settings as earlier.

    Running "Test-IRMConfiguration –Sender administrator@ourdomain.com" shows all tests as PASS

    Now RMS is working fine with Outlook but we are facing below Issue:

    1. All message protected using earlier installation didn't open, clicking on them open authentication dialogue box, how to solve this issue?

    2. The RMS works fine in outlook but in OWA its through below error

    -----------------------------------------------------------------------------------------------------------------

    The message you tried to open is protected with Information Rights Management. The Rights Management server isn't available to open this message. Try opening the message again. If the problem continues, contact your helpdesk.
     Show details

    Error: Microsoft.DigitalRightsManagement.Licensing.UntrustedPersonaCertException: Exception of type 'Microsoft.DigitalRightsManagement.Licensing.UntrustedPersonaCertException' was thrown.
    URI: https://adrms.ourdomain.com/_wmcs/licensing/license.asmx
    Code: InvalidPersonaCertificate

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    Please advise what may be wrong.

    thanks for the help in advance!!

    Friday, July 12, 2013 11:45 AM
  • Hi Amig@. Two things here:

    1) If you had protected mails or documents with the former RMS organization and you haven't exported the old RMS certificate then there is no way to recover that mails or documents. If you have it, import it as a TPD in the new organization.

    2) If the Exchange servers had already been enrolled with the old RMS organization then you have to manually remove their RACs to force the request of new ones. Go to C:\ProgramData\Microsoft\DRM\Server in every Exchange server and delete all folders inside

    3) If OWA is trying to open "old" protected information, then the first point applies

    Hope it helps


    // Raúl - I love this game

    Friday, July 12, 2013 1:32 PM
  • Dear Friend,

    Thanks a lot for the suggestion!!

    When we un-installed old RMS, we kept the SQL database same (Didn't removed the same). Is there anyway I can recover old RMS certificate?

    Also, for point no 2, it works well in outlook for new msg, but old protected msg ask for user credentials? Still do I have to remove RAC from all exchange servers? In OWA, we are not able to open any msg at all. Do I need to copy old C:\ProgramData\Microsoft\DRM\Server data anywhere or simply can delete it.

    Really appreciate your efforts!!

    Monday, July 15, 2013 6:05 AM
  • Hi Amig@

    1) If you have the old database and also the password to acces the old server's private key the best option would have been to configure the new server to reuse the old database. Asuming the RMS service URLs are the same I think you can still do that in an "offline" installation (isolated lab with AD and RMS server) and then export the server's certificate and import it in your current organization. Use the link below as a reference. Be aware of the registry key in the server to reuse the old database when no SCP exists. (Please, keep a copy of the database - just in case). http://social.technet.microsoft.com/wiki/contents/articles/9111.disaster-recovery-guide-for-active-directory-rights-management-services.aspx

    2) Outlook will not be able to decrypt the old messages unless you are able to recover the old server's certificate

    3) If OWA doesn't work at all it is likely that they have the old RACs. It is safe to remove them.


    // Raúl - I love this game



    • Edited by RMoros Monday, July 15, 2013 10:27 AM details added
    Monday, July 15, 2013 10:25 AM