locked
Not able to add ADRMS site in sharepoint 2010 RRS feed

  • Question

  • hello,

    Need help to add ADRMS /win 2008r2 with SharePoint 2010

    Get the following error:

    The required Windows Rights Management client is present but the server refused access. IRM will not work until the server grants permission.
    Domain account name used: abc.efg.com

    Event viewer error : 5056, 5013

    Information Rights Management (IRM): There was a problem while obtaining a Rights Management Services (RMS) group identity certificate (GIC).

    A GIC is an essential credential that allows a user to read/view rights protected documents.

    Additional Data

    Error value: 0x8004cf43

    Information Rights Management (IRM): There was a problem while trying to activate a rights account certificate.

    Possibly an HTTP 401 error (an authentication error) was returned by an Internet request.

    Additional Data

    Error value: 0x106fc110

    Server URL: https://adrms/_wmcs/certification

    Thanks

    Wednesday, April 24, 2013 7:28 AM

Answers

  • Hi,

    Thanks for posting error and event details. The following blog post may contain information related to the issue you are facing here:

    http://blogs.technet.com/b/rmssupp/archive/2009/01/04/the-required-windows-rights-management-client-is-present-but-the-server-refused-access.aspx

    Hope that helps,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Thursday, April 25, 2013 6:51 PM
  • It really depends if SharePoint is running under Localsystem (use computer name (all machines) in Servercertification.asmx) or (service account when using that note that service account will need email address attribute populated and add it into Servercertifcation.asmx).

    We did not get all details but you should add depending on SharePoing cfg the appropriate setting in the AD RMS file.

    Cristian

    Thursday, May 2, 2013 4:16 AM

All replies

  • Hi,

    Thanks for posting error and event details. The following blog post may contain information related to the issue you are facing here:

    http://blogs.technet.com/b/rmssupp/archive/2009/01/04/the-required-windows-rights-management-client-is-present-but-the-server-refused-access.aspx

    Hope that helps,


    Brad Mahugh
    Microsoft Corporation
    ------------------------
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    Thursday, April 25, 2013 6:51 PM
  • Actually I have already tried the following steps with no go:

    http://blogs.technet.com/b/rmssupp/archive/2012/05/02/sharepoint-2010-and-irm-integration.aspx

     

    http://blogs.technet.com/b/rms/archive/2012/04/28/integrating-ad-rms-and-sharepoint.aspx

     

    AD RMS Deployment with Microsoft Office SharePoint Server 2007 Step-by-Step Guide

    http://technet.microsoft.com/en-us/library/cc753046(WS.10).aspx

     

    steps in integrating Sharepoint with ADRMS.

     

    1. Add permissions for the SharePoint server to the AD RMS certification pipeline

    • Log on to the AD RMS server as a local administrator
    • Click Start, and then click Computer
    • Navigate to c:\Inetpub\wwwroot\_wmcs\Certification
    • Right-click ServerCertification.asmx, click Properties, and then click the Security tab
    • Click Advanced, click Edit, select the Include inheritable permissions from this object's parent check box, and then click OK two times
    • Click Edit
    • Click Add
    • Click Object Types, select the Computers check box, and then click OK
    • Type the name of the SharePoint web front-end server, and then click OK twice. 
    • Repeat the above three steps for other web front-end servers
    • Click OK to close the ServerCertification.asmx Properties sheet. By default the Read & Execute and the Read permissions are configured
    • Reset IIS

    2. Specify RMS server location in SharePoint using Central Administration

    • Open SharePoint 3.0 Central Administration site
    • Click Operations, and then click Information Rights Management
    • Select Use the default RMS server specified in Active Directory checkbox
    • Click OK

    Any other suggestion?

    Thanks


    • Edited by Beadmin Friday, April 26, 2013 7:57 AM
    Friday, April 26, 2013 7:57 AM
  • It really depends if SharePoint is running under Localsystem (use computer name (all machines) in Servercertification.asmx) or (service account when using that note that service account will need email address attribute populated and add it into Servercertifcation.asmx).

    We did not get all details but you should add depending on SharePoing cfg the appropriate setting in the AD RMS file.

    Cristian

    Thursday, May 2, 2013 4:16 AM
  • Thanks for reply Cristian,

    Our sharepoint services are  running using a service account

    I checked service account property and it already have e-mail attribute in AD (no mailbox)

    I have added all computers part of sharepoint and service account to properties of Servercertifcation.asmx and still no go.

    Strange thing is, above errors are only coming on my index server also error is saying "indexservername$@doamin.com"

    Any other thought?


    • Edited by Beadmin Thursday, May 2, 2013 10:20 AM
    Thursday, May 2, 2013 10:05 AM