Unable protect files in File Server after upgrade AIP RRS feed

  • Question

  • Hi everyone,

    After upgrade the AIP with the latest version

    all new files are not protected automatically after run the script.

    after I check and run the script below i get the error message:

    PS C:\Windows\system32> powershell.exe -Noprofile -Command "C:\RMS\script\RMS-Protect-FCI.ps1 -File 'C:\RMS\Files\Custom\View-Only\logo.jpg' -TemplateID a82c3a62-d6df-4b42-bd2e-dd7dee2db62c"

    -== RMS-Protect-FCI.ps1 version 3.3 ==-

    Information: Connected to Azure RMS Service with BposTenantId: d5c39f72-a294-44c3-afb2-7575030f2b22 using AppPrincipalId: c6783e4b-4086-400e-8c7c-8ef5ca65092b

    Connected to Azure RMS

    powershell.exe : Protect-RMSFile : Error protecting logo.jpg--logo.jpg with error: The 

    At line:1 char:1

    + powershell.exe -Noprofile -Command "C:\RMS\script\RMS-Protect-FCI.ps1 -File 'C:\ ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      + CategoryInfo          : NotSpecified: (Protect-RMSFile...ith error: The :String) [], RemoteException

        + FullyQualifiedErrorId : NativeCommandError

    operation being requested was not performed because the user has not been 

    authenticated. HRESULT: 0x800704DC

       at Microsoft.InformationProtectionAndControl.SafeNativeMethods.Throwonerror.C

    ode(Int32 hrError)

       at Microsoft.InformationProtectionAndControl.SafeFileApiNativeMethods.IpcfEn

    cryptFile(String inputFile, String templateId, EncryptFlags flags, Boolean 

    suppressUI, Boolean offline, Boolean hasUserConsent, IntPtr parentWindow, 

    SymmetricKeyCredential symmKey, String outputDirectory, WaitHandle 


       at Microsoft.InformationProtection.Powershell.Core.Protection.FileProtection


       at Microsoft.InformationProtection.Powershell.Core.Protection.FileProtection

    .EncryptFile(Func`1 action, FileSystemInfo sourceFile)

       at Microsoft.InformationProtection.Powershell.Core.Protection.Protector.Prot

    ectFile(Component component, FileSystemInfo file, FileProtectionConfig options)

       at Microsoft.InformationProtection.Powershell.Core.Protection.Protector.Prot

    ect(Component component, FileProtectionConfig options)

    At C:\RMS\script\RMS-Protect-FCI.ps1:68 char:30

    +             $protectReturn = Protect-RMSFile -File $ffile -InPlace 

    -DoNotPersist ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


        + CategoryInfo          : NotSpecified: (:) [Protect-RMSFile], RMSExceptio 


        + FullyQualifiedErrorId : 504,Microsoft.InformationProtection.Powershell.R 


    Information: Protected File: C:\RMS\Files\Custom\View-Only\logo.jpg with Template: a82c3a62-d6df-4b42-bd2e-dd7dee2db62c

    -== RMS-Protect-FCI.ps1 version 3.3  ==-

    Maybe anyone has solved this issue?

    from forum technet

    Thursday, June 28, 2018 9:16 AM

All replies

  • Hi Fazars, 

    We also experienced this issue, we downgraded AIP but the issue persisted.

    I've opened a ticket @ms support, and they confirmed that it was an issue with the backend for some tenants.

    In our tenant everything is working as expected again.

    Best regards,

    Wietse van Assema

    Thursday, July 26, 2018 8:43 AM
  • Sorry to resurrect a dead thread but MS support is being less than helpful in my issue.

    Can you elaborate on this?

    I previously had this working and now I am having the same issue as described above.

    I have recreated service principals on an entirely new server and I get the same thing.

    My tenant is in North America so it is not a regional issue.  I even tried the registry edit for non-NA tenants and it didn't help at all.

    From what I can gather it is SPN inability to get and cache AIP/RMS templates.  Beyond that, I am at a total loss.

    Tuesday, July 23, 2019 5:44 PM