none
AD RMS Certificate Hierarchy undetermined RRS feed

  • Question

  • Hello,

    I'm getting the error I've pasted below after installation of AD RMS. I'm in a domain environment: mailtask.com. The service user for RMS has the appropriate rights. I also have AD Certificate Services installed. Furthermore, the AD RMS server has the appropriate certificate in the Trusted Root Certification Authorities Store.

    I don't have an option to change the SCP because I can't add the RMS cluster.

    Anyone know what's causing this? All help is greatly appreciated.

    This is the error:

    Active Directory Rights Management Services: Installation succeeded with errors
       Error: Attempt to configure Active Directory Rights Management Server failed.  The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again.    at Microsoft.RightsManagementServices.Configuration.LicensingServerSelfEnrollment.DecideCertificateHierarchy()
       at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName, String cspName, String keyContainerName)
       at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll()
       at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run()
       at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()
       at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data)
       at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()
    Remove and re-install AD RMS to attempt provisioning again.
       Warning: Before you can administer AD RMS on this server, you must log off and log on again.
       The following role services were installed:
       Active Directory Rights Management Server



    Wednesday, November 7, 2012 8:12 AM

Answers

  • Never mind. I've successfully installed it now. Apparently had to remove RightsManagementServices container (with the SCP) in the Configuration container. Then reinstalled.
    • Marked as answer by Wieger1983 Wednesday, November 14, 2012 5:44 AM
    Wednesday, November 7, 2012 8:41 AM

All replies

  • Never mind. I've successfully installed it now. Apparently had to remove RightsManagementServices container (with the SCP) in the Configuration container. Then reinstalled.
    • Marked as answer by Wieger1983 Wednesday, November 14, 2012 5:44 AM
    Wednesday, November 7, 2012 8:41 AM
  • Thanks for sharing!
    Wednesday, November 14, 2012 12:02 AM
  • This was great!! Thank you! :0D
    Wednesday, March 20, 2013 10:35 PM
  • Great soloution, tnx. I did it this way:

    download RMS tool from http://www.microsoft.com/en-us/download/details.aspx?id=1479 and run ADScpRegister with the following command:

    cmd--> (location folder, by default is)C:\Program Files (x86)\RMS SP2 Administration Toolkit\ADScpRegister

    run a command:

     ADSCPRegister.exe  unregisterscp

    and remove the role and add it again. No installation errors.

    Friday, March 29, 2013 6:42 PM
  • where is "RightsManagementServices container (with the SCP) in the Configuration container"?

    Awen

    Saturday, June 7, 2014 4:19 AM
  • Hi,

    it is Active Directory:

    CN=SCP,CN=RightsManagementServices,CN=Services,CN=Configuration,DC=mydomain,DC=com

    Hope that helps,

    Lutz

    Saturday, June 7, 2014 5:13 AM
  • sorry, I cannot find it in AD. Could you please tell me more detail?

    Awen

    Saturday, June 7, 2014 5:26 AM
  • If you cannot find it in AD you haven't set it yet. It does NOT exist by default.

    You can use the RMS management console to verify and set the SCP.

    Saturday, June 7, 2014 5:33 AM