Azure RMS with SharePoint 2013 en premise IRM RRS feed

  • Question

  • We have configured azure RMS with the connector to connect our en prem SharePoint 2013 farm to the Rights Management Service. We have then enable the IRM feature in SharePoint central administration and are able to enable rights protection on our document libraries. However, when we try and access the documents in this library it fails to open with error - "you do not have credentials that allow you to open this document." We enabled logging on the Azure RMS service using powershell. The log file reports - 'Microsoft.DigitalRightsManagement.Licensing.NoRightsForRequestedPrincipalException' during the AquireLicense request 

    There is one user in our organisation whom is not effected and successfully able to open document. Anyone had this issue or got any suggestions. Thanks in advance.

    Thursday, January 14, 2016 4:16 PM

All replies

  • typically when I have seen this it's due to either user profile sync in SharePoint or AD Connect account sync to Azure.
    If the email attribute is missing or doesn't match what is in Azure AD in the SharePoint user profile sync, this can happen.

    If the account isn't synced to Azure at all it can happen.

    Basically SharePoint protects the document as it's requested and it protects it with two accounts. It's own service account and the requesting user. If there is some issue protecting it for that requesting user, the file still gets encrypted, but only for the SharePoint account. 

    If it's able to encrypt it for both, but when the user attempts to open it, the RMS client will contact the Azure RMS service to verify the user. If the user isn't in Azure or the accounts don't match, it can fail.

    Friday, January 29, 2016 7:31 PM