none
Cannot access ADRMS Cluster management console locally RRS feed

  • Question

  • Im getting a warning when trying to connect ADRMS management console. I can get in when using "Remote Computer" option -> it finds the correct url.

    Certificate is valid for sure.

    Cluster name is "rms.domain.com" but here it is trying to connect with the computer name. IIS site for ADRMS is configured to use SSL port:443 only and in the certificate there is only the rms.domain.com mensioned. IIS default site(port:80) is disabled.

    What shoud I do next? Using the "connect to remote computer" I can't modify some options like SCP if Im not connected locally. Everything else is working as expected.

    Thursday, August 15, 2013 10:20 AM

All replies

  • Anything?
    Wednesday, August 28, 2013 11:08 AM
  • Instead of entering the "connect locally" option you may want to try entering the name of the cluster. When you choose to connect to the local cluster, the call will be made with the name "localhost" which is not valid for the SSL certificate you have installed on the server. If you use the clusters name, even locally, the SSL certificate will work. It is a limitation of mandating SSL on any web service: you need to invoke it by a name that is within the subjects in the SSL certificate, otherwise the connection will fail.

    Enrique Saggese - Sr. Program Manager - Information Protection - Microsoft Corporation

    Wednesday, August 28, 2013 8:24 PM
  • How can I connect locally using the cluster name? I used RDP to connect to the server locally but connecting to the cluster does not work with that local computer option.
    • Edited by JouniPK Thursday, August 29, 2013 11:18 AM
    Thursday, August 29, 2013 11:16 AM
  • You would need to add local server's name to SAN in SSL certificate.

    Martin

    Monday, September 9, 2013 1:49 PM
  • Hi, use the option "Remote Computer" and type the "rms.domain.com". Be sure include the URL in Intranet Local Sites List and Proxy Exceptions on IE in ADRMS node.
    • Proposed as answer by Camilo Luque Thursday, September 26, 2013 3:18 PM
    • Unproposed as answer by JouniPK Wednesday, December 11, 2013 12:00 PM
    Thursday, September 26, 2013 3:18 PM
  • Server name added to the San certificate and rms cluster site bindings changed to use the new certificate. -> Got the same error as before.

    Connecting to "Remote computer" with the rms.domain.com results that I can't change etc. Service Account. "rms.domain.com" is already in IE Local Intranet site list. If I add cluster url to the proxy list opening the cluster console as "Connect to: Local computer" it hangs on "Adding AD RMS cluster".


    • Edited by JouniPK Wednesday, October 2, 2013 12:32 PM
    Wednesday, October 2, 2013 12:19 PM
  • This is getting little bit annoying. I can't publish this service before I can fully administer it. The service is functioning perfectly(clients are getting template, one can protect documents with this and also SharePoint IRM is installed) but getting into the console "locally" is a problem.
    Wednesday, October 23, 2013 12:47 PM
  • Hi.

    Have you enable remote management in the server, enable firewall ports for remote admin  and also install latest RSAT in the remote machine? Also note you should be part of the AD RMS Enterprise admin on each AD RMS server notes to be able to admin the service (locally/remote).

    Thanks.

    Cristian Mora (Synergy Advisors)

    www.synergyadvisors.biz

    • Proposed as answer by Cristian Mora Tuesday, October 29, 2013 9:31 AM
    • Unproposed as answer by JouniPK Wednesday, December 11, 2013 12:00 PM
    Tuesday, October 29, 2013 9:31 AM
  • Remote Desktop is enabled and I am logging in with ADRMS admin account which is also part of local administrators and AD RMS Enterprise Administrators -groups. Do I need RSAT if I am not using RSAT "client" to connect to the server?


    • Edited by JouniPK Wednesday, October 30, 2013 11:43 AM
    Wednesday, October 30, 2013 9:49 AM
  • None of the previous advises have been answers to my problem(allthough forum moderators have marked them as one) so far and I am considering decommission the service and start implementing this thing from scratch. Anyone else have something to add?
    Wednesday, December 11, 2013 12:05 PM
  • Sorry I just ran across this, so I hope it's still helpful.

    You may be running into the loopback protection feature.
    although the following post is not specific to ADRMS it should work in this scenario:

    http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx

    Tuesday, January 7, 2014 12:02 AM
  • I had a similar issue with the certificate.

    http://social.technet.microsoft.com/Forums/en-US/cd971aa1-6219-4a11-8809-7a58376be635/is-the-netbios-name-of-the-rms-cluster-required-in-the-ssl-certificate?forum=rms

    Are you able to connect to the RMS cluster using the MMC if you select Yes at the "do you want to proceed" question?

    Tuesday, January 7, 2014 1:14 PM
  • Decided to decommission and uninstalling this server role from MS Server 2012 and installing it to Server 2008 R2. Now working as it should.
    Thursday, January 9, 2014 9:18 AM