RMS not working properly because CIC and GIC certificates are not generated... RRS feed

  • General discussion

  • Hello,

    I have set up 1 server for RMS and i have configured ADRMS role on this server, i have one front end server for SharePoint. I have given the permissions on "ServerCertification.asmx" file to the users like authenticated users, administrator (it is the application pool user for SharePoint central admin), network service, local service, everyone, AD RMS service group and front computer name.

    Now i am going to front end SharePoint server and tried to enable RMS from central administration site and I am selection option "Use the default RMS server specified in Active Directory", but I am getting following error.


    The required Windows Rights Management client is present but the server refused access. If you are switching from one RMS server to a different RMS server, be sure you have set up a trust relationship between the two. IRM will not work until the server grants permission

    Please note that i can open the certification and licensing URLs of RMS from front end SharePoint server. I have also run the IRM check but there is only one major warning like "No User Certificates Found".

    I am opening MS Word 2010 and try to protect the document but not success...

    Can anybody help me what may be the reason that i am not able to configure RMS properly. ??




    Tuesday, October 18, 2011 12:14 PM

All replies

  • Hi Asjad,

    Can you try enabling the access again from SharePoint and then review the IIS log files under the inetpub directory on the RMS servers.

    It should have an entry for "ServerCertification.asmx" file with access denied.

    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki

    Wednesday, October 26, 2011 1:38 PM
  • please check the following article,

    i changed the site to be non secure (for test environment "Port 80")

    and follow the article :



    Sunday, September 29, 2013 7:26 AM
  • Hi.

    Please be careful when you make changes to the Default RMS ACLs, Server certification should include the:

    -- SharePoint Service Account - RX (it needs service account to have e-mail address assigned to it) just like any other user in RMS.

    -- RMS Service Account - RX

    You will need to repeat that for each SharePoint box/on each RMS server.

    With this you should be able to use the RMS integration with SharePoint.

    Cristian Mora (Synergy Advisors)


    Tuesday, October 29, 2013 9:02 AM