AD RMS Client for Windows Server 2012 RRS feed

  • Question

  • Hi everyone,

    I'm looking for AD RMS Client (MSIPC.DLL) which can be applied to Windows Server 2012. I have tried to install Windows RMS Client Service Pack 2 but it doesn't support. I'm having an error that says "The required Active Directory Rights Management Service Client MSIPC.DLL is present but could not be configured properly. IRM will not work until the client is configured properly". So I think something needs to be installed in my client before connecting and using IRM protector.

    Update: I have completely installed AD RMS Client 2.0 but still get the error above.


    Information Rights Management (IRM): There was a problem while creating the generic issuance license template.
    All issuance licenses for protected documents are constructed from a generic, base issuance license template.
    Additional Data
    Error value: 0x8004020A

    Has anyone encountered the same error? I really appreciate you helps.


    Thuan Soldier
    SharePoint Vietnam | Blog | Twitter

    Monday, October 1, 2012 6:42 PM

All replies

  • Hi Thuan,

    I am sorry you are having trouble here getting an answer to your question. I work on the documentation for AD RMS and according to my understanding, you should be able to use AD RMS Client 2.0 on Windows Server 2012 without issue if (as the error message you included - and thanks for including that here) the client settings that it relies upon are fully configured.

    In general, AD RMS Client 2.0 is simpler to support than the older RMS/AD RMS (now considered 1.0) client. I would start by verifying that you have service discovery configured here for the client using Windows Registry settings that are described near the end of the following article.

    AD RMS 2.0 Client Deployment Notes

    It's also a good idea if you have not worked with AD RMS Client 2.0 previously to read this article in full as it comprises all the deployment documentation that we have so far on AD RMS 2.0 Client available.


    Brad Mahugh
    Senior Technical Writer - AD information eXperience (iX)
    Microsoft Corporation
    This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

    If this answer has been helpful to you, please Propose it as Answer as that will enable me to better know I have helped you or that this reply can be useful to others who have similar questions and also participate here in this forum. 

    Wednesday, October 31, 2012 7:04 PM
  • Hi Brad,

    The error still exists. I was setting up ADRMS on SharePoint 2013 environment but it seems SharePoint 2013 couldn't well communicate with AD RMS on Windows Server 2012 at this moment, or I miss something on configuration side. Do you know any guidance covering Windows Server 2012 AD RMS and SharePoint 2013?

    Many thanks for your help.


    Thuan Soldier
    SharePoint Vietnam | Blog | Twitter

    Monday, January 28, 2013 7:11 AM
  • I am facing the same issue. Please help.
    Monday, January 28, 2013 11:45 PM
  • You have to browse to "C:\inetpub\wwwroot\_wmcs\certification" or wherever you have your webfolder and grant permissions on the following file: "ServerCertification.asmx"

    Now you have to grant read and read&execute permissions to your application pool account of this webapplication. Assuming you have installed into the Default web site running under defaultapppool which usually runs under the Network Service account:

    Go to the "ServerCertification.asmx" file and grant the Network Service account with the read and read&execute permissions.

    Once you have done this, you should be able to browse to the following site: https://YOURSERVER/_wmcs/certification/servercertification.asmx

    If you get prompted for a login, you did not set the permissions correctly. (You can grant "everyone" those permissions to check that it is not some other problem)

    Once you have done this, the message within central admin should disappear and you are up and running with IRM!

    MCM SharePoint 2010

    Wednesday, January 30, 2013 1:58 PM
  • I have already given permissions to the service account, but still getting the prompt. As an additional test, I tried giving permissions to 'Everyone' on the asmx file, but still getting prompted for login. Once I provide the correct credentials, the page opens up though.

    Are there any additional steps that I need to perform?

    Wednesday, January 30, 2013 7:44 PM
  • If the page opens up once you provided the correct credentials, you should be good. You can add the site to your local Intranet Zone to get logged in automatically.

    Check the SharePoint Central Administration to see if you still have that error message. If so, make sure you have installed the AD RMS Client 2.0.

    Also make sure to disable loopbackcheck and double check your AD RMS certificate if you still have Problems.

    MCM SharePoint 2010

    Wednesday, January 30, 2013 8:09 PM
  • Pardon my ignorance, but shouldn't Win Server 2012 have the AD RMS client pre-installed, just like it's predecessor Win Server 2008 which had the AD RMS client by default?
    I also downloaded client 2.0 and tried installing it again just to be sure, but it directly goes to the 'Installation finished' screen.

    • Edited by PalzJ Thursday, January 31, 2013 4:47 PM
    Thursday, January 31, 2013 4:43 PM
  • Hello All.

    I have several customers using SahrtePoint IRM 2013/AD RMS 2012 without any problem.

    Just to reconfirm,

    -- SharePoint 2013 use MSIPC client (AD RMS 2,0) CLient (when install will take care of that or you can install manually, same as office 2013), Windows 2012 has AD RMS 1.0 SP2 + KB979099 OOB, so

    1-- You can install just SahrePoint and it should work.

    2-- I didn't see details about sharePoitn Service accounts, remember all acoutnes need email address when interacting with AD RMS.

    Please reconfirm so we can better assist.



    Friday, February 1, 2013 10:26 PM
  • Hi Christian,

    We have used service accounts for SharePoint and AD RMS. However, service account do not typically have email addresses associated with them.

    Please let me know if I am missing anything.



    • Proposed as answer by Joost12 Tuesday, February 5, 2013 8:43 PM
    • Unproposed as answer by Joost12 Tuesday, February 5, 2013 8:43 PM
    Tuesday, February 5, 2013 5:04 PM
  • Checkout The problem was that only the system user had access to "...\_wmcs\certification\ServerCertification.asmx"

    It helped me with my server 2010 and SharePoint 2013.

    Joost Lieshout

    • Edited by Joost12 Tuesday, February 5, 2013 8:50 PM
    Tuesday, February 5, 2013 8:45 PM
  • Hi Joost,

    I was missing the permissions for "AD RMS Service Group”. Added the permissions, but still getting the same error.


    Tuesday, February 5, 2013 10:39 PM
  • I enabled verbose logging in SharePoint and saw the following critical error logged:

    There was a problem while getting the license template issuer list after connecting to Online RMS server instance.

    Error value: 0x800704dc

    Further, ran NetMon to analyze the traffic between SharePoint Server and AD RMS server. Following error was logged:

    Http: [RMS Related]Response, HTTP/1.1, Status: Forbidden, URL: /_wmcs/licensing/server.asmx

    Also, read Information Protection and Control (IPC) in Microsoft Exchange Online with AD RMS and it also points that SharePoint server is not able to get Client Licensor Certificate (CLC) from the AD RMS server.

    However, I am still clueless on how to fix this.

    Please help.



    • Edited by PalzJ Friday, February 8, 2013 10:18 PM
    Thursday, February 7, 2013 11:23 PM
  • Hi everyone.

    Try to use a LABEL name for your cluster URL instead of FQDN if you have Split Brain DNS; I experimented some issues with FQDN in this escenario.     Also you have to change the certificate.

    Friday, February 22, 2013 6:39 PM
  • Hi,

    I ran into the same problems. The event log was full of errors with event id 5283 "Information Rights Management (IRM): There was a problem while creating the generic issuance license template." The solution was provided by a blog post of Ivan Saunders

    In my case during the installation and provisioning of RMS an option regarding cryptographic mode is given. After choosing cryptographic mode 1 (RSA 1024-bit) the integration with SharePoint finally started working correctly.

    Cryptographic mode 1

    Hope this will do the trick for you.



    Monday, March 18, 2013 2:25 PM
  • And the last parts of the puzzle are....

    1. Ensure that the AD RMS server end point is actually registered in AD.  You can open the AD RMS control panel and then right-click the server node, go to the last tab and see if it show that it is registered or not.  If not, register it!
    2. The account you are running as when you are clicking the "OK" button in Central Administration.  When all else fails, run as domain admin to at least get the IRM setup!

    That got it working for me!

    Thursday, June 20, 2013 2:12 PM
  • I also received similar errors.  In particular, I saw the following errors:

    "There was a problem while getting the license template issuer list after connecting to the Online RMS server instance. Error value: 0x8004020a."

    "Information Rights Management (IRM): There was a problem while creating the generic issuance license template."

    In my case, the issue was related to the use of a self-signed certificate in RMS.  I had considered that issue and used Central Administration in SharePoint 2013 to add the RMS certificate to the trusted root certificates in SharePoint.

    However, I also had to add it to the client machine's certificate store.  It seems the RMS client running in SharePoint is not using the trust defined in SharePoint and is instead using the trust in Windows (In my case, I put the certificate in the registry.)


    Thursday, July 11, 2013 5:23 PM
  • I had the same error, but adding the adrms url to local intranet on the sharepoint servers and adding a email address to the account running the webapp ( in my case spfarmadmin ) got things running for me. I did not have to alter the security of the serverCertification.asmx


    Konráð Hall

    • Edited by Konrad Hall Tuesday, June 10, 2014 12:47 PM
    Tuesday, June 10, 2014 12:46 PM
  • Hi Thaun,

     Did you ever get to resolve your issue? I'm having the same issue....I'm not sure how to resolve it. Can you give me some pointers? Here is my question on forums

    Those are the two events (5144, 5823) that I have been getting when I try to connect to AD RMS from SharePoint's CA.

    Please help!!

    Thanks, Hitchs

    Monday, August 25, 2014 8:22 PM
  • Same problem... I have done everything described in this thread and also many other troubleshooting articles.

    Folder/file permissions (Everyone, full control!), email addresses for every single user on the system, certificate trusts, registering the pipeline in the AD, specifying the server explicitly, installed the 2.1 client, and etc. Every... single... thing.

    I am getting two errors in the log when I try to use the RMS on the SharePoint 2013 side:

    Information Rights Management (IRM): There was a problem while getting the license template issuer list after connecting to the Online RMS server instance. Error value: 0x8007054F.


    Information Rights Management (IRM): There was a problem while creating the generic issuance license template.

    All issuance licenses for protected documents are constructed from a generic, base issuance license template.

    Additional Data
    Error value: 0x8007054F

    This is ridiculous!

    Wednesday, October 1, 2014 12:52 PM
  • Please also make sure your SCP in your RMS Server is set to https://<servername>/_wmcs/certification

    1. Go to ADRMS Console

    2. Select Properties on the right panel

    3. Click SCP, then change the current scp.

    It was the last change that made it worked for me.


    • Edited by MDoria Tuesday, April 18, 2017 2:25 PM
    Tuesday, April 18, 2017 2:23 PM
  • Its late and i'm lazy, so i'm not reading all the other posts :)

    For 2012 as a client you should be OK, but it can't hurt to install the sharing application and test using it.

    It will let you rights protect documents from the file explorer instead OF APPLIACTINOS.

    See if that works.

    If you using sharepoint, make sure you have the proper patches for it to open cyrptomode 2 files.

    Friday, April 21, 2017 6:30 AM