locked
How do I reconfigure SCP Certification Cluster URL?? RRS feed

  • Question

  • Hello.

    I recently installed a RMS server, in the process I was asked to specify cluster address as a FQDN, I used rms.dominio.com, the problem is that now the certificate do not match with the licensing and certification URL.

    When I type https://rms.dominio.com/_wmcs/licensing and https://rms.dominio.com/_wmcs/certification/certification.asmx the certificate is red and clientes cant verify against RMS (when I type https://rms/_wmcs/licensing and https://rms/_wmcs/certification/certification.asmx it do work, the certificate is green).

    So I changed in the RMS Properties windows (Cluster URLs tab), the licensing Intranet URL, but the certification URL is disabled so I cannot changed it.

    In the SCP tab, there is a check box with the text Change SCP and remove, I'd tried both but cannot change the URL. I was following technical data from microsoft, then in forums I found that is better use cname records, but I can't go back. What can I do? If I cannot change the URL what other options do I have?

    Greetings.

    INFO:

    There is an active directoryserver, an SQL-Server 2008 R2, and this RMS server, wich had the roles of AD Certificate Services and RMS.

    OS: Windows Server 2008 R2 Standar with SP1. for all servers, I'm using adrmsadmin account (Domain Admins Group, Local Admin for ADrms, SysAdmin Role on SQL Server login) and the adrmssrvc (domain user only)


    Norman Li Escobar Guevara
    • Edited by Norman Escobar Friday, May 27, 2011 10:34 PM reflect correct title
    Friday, May 27, 2011 10:28 PM

Answers

All replies

  • Hi Norman,

    Two options to change the SCP entry:

    1. Use the Powershell for ADRMS (http://technet.microsoft.com/en-us/library/ee221059(WS.10).aspx)

    2. Use the RMS Toolkit SP2 and they have the AD SCP Register tool there that will do the trick (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bae62cfc-d5a7-46d2-9063-0f6885c26b98&displaylang=en)

    Additionally the URL you register over there needs to be FQDN and the certificate needs to match the name. Better to do it the right way instead of going down the CNAME root and then spending half your time troubleshooting..IMO

     

    Hope this helps


    Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent

    Sunday, May 29, 2011 10:55 AM
  • Just one more info,

    if you change your SCP, all the documents that were protected prior the change (based on old CLC) shall point to the old URL. So you'll need to re-protect all the documents if you want to cease the old URL.

     

    Kind regards

     

    Martin Rublik

    Monday, May 30, 2011 8:10 AM
  • thanks for reply. I'll check the links
    Norman Li Escobar Guevara
    Tuesday, May 31, 2011 2:30 PM
  • Thanks, I'll consider that too.

    Norman Li Escobar Guevara
    Tuesday, May 31, 2011 2:31 PM
  • Hi, Adnan.

     

    I have a question, To match the name of the certificate and the FQDN what I have to do? Does the "common name" field in the Create Domain Certificate Wizard need to be fill with the FQDN? Or is it a value that was filled wrong in the Certification Authority? Thanks!


    Norman Li Escobar Guevara
    Tuesday, May 31, 2011 4:02 PM
  • I just upgrade RMS 1.2 to ADRMS from Windows 2003 server to Windows 2008.

    i have to change SCP Certification Path as the old Windows 2003 will be removed and it is OLD RMS version.

    Does it mean that if i change the path, all the OLD protected documents cannot be opened?

    What does it mean "re-protect"?  All the file creator needs to set rights again?  Thanks.

    Monday, December 23, 2013 3:48 AM