none
RMS Client Problems RRS feed

  • General discussion

  • Suddenly, some RMS clients using windows XP and Windows7, cannot protect documents using the ADRMS templates. I recently apply the hotfix http://support.microsoft.com/kb/979099/en-us. I´ve also delete manually all the registry keys in the client machine. but still not working. Also from the client machine its possible to access to the ADRMS URL´s, they are: https://url rms server/_wmcs/certification , https://urls rms server/_wmcs/licensing

    Finally I run the IRMCheck and show me this information.

    The Enterprise Service Discovery results: 
    RM Activation Service E_DRM_SERVICE_NOT_FOUND (0x8004cf48)
    RM Certification Service E_DRM_SERVICE_NOT_FOUND (0x8004cf48)
    RM Online Publishing Service E_DRM_SERVICE_NOT_FOUND (0x8004cf48)
    RM Client Enrollment Service E_DRM_SERVICE_NOT_FOUND (0x8004cf48)

    My envinoment is

    2 ADRMS Windows Server 2008 R2, NLB, SQL Server 2005 in a cluster.

     

    Thanks

    Carlos


    CAS
    Wednesday, April 6, 2011 7:41 PM

All replies

  • The certificate that you have used for RMS https URL is that generated from a domain CA or self signed?

    Regards

    Thursday, April 7, 2011 9:05 AM
  • Darth

    The RMS Certificate server was issued from an internal CA.

    Regards,

    Carlos


    CAS
    Thursday, April 7, 2011 9:43 PM
  • Hi Carlos,

    Thanks for the update, so to recap quickly,

    • The certificate subject name matches the "https://url rms server"
    • Certifcate Chain is resolvable from Client, i.e. access to CRL path and no certicate chain errors
    • the Host A record for RMS NLB IP matches the "https://url rms server"
    • SCP entry in AD matches the RMS NLB - Host A record
    • Client is joined to the domain and you are logging in from a domain account

    If you can generate and share or post the IRMCheck report as well. 

     


    Hope this is helpful. Plus if you feel that question was answered, please mark it as Answered and Vote as helpful.
    Friday, April 8, 2011 7:16 AM
  • Hi Guys

     

    I'm working with Carlos,  user pass  all test that you was suggest, but the IRMCheck  report results show one error and two Warnings (WIndows 7 and office 2010 is Installed at user's computer),

    1 Office System  ERROR  Ms Office System is Not Installed    (This is wrong, Office 2010 is installed and working fine)

    7 IRM Manifiest Warning  Check Skipped due to Previous Errors

    9 Users Certificates Warning  No users Certificatres Found

     

    Registry information about  RM (Activation, Certification, Online Publishing, Client Enrollment Service) are displayed correctly

     

    i check for user certificate in  %username%AppData/Local/Microsoft/DRM/  but found file Cert-Machine.Drm there were no more files

    Thanks for your Help

     

     

     


    IVAN
    Friday, April 8, 2011 5:47 PM
  • Hi Ivan,

    1 Office System  ERROR  - Not too big a deal.

    7 IRM Manifiest Warning  Check Skipped due to Previous Errors - This should have been resolved with patch from KB 979099 can you double check this one

    9 Users Certificates Warning  No users Certificatres Found - The RMS Client is not able to contact the RMS server, so no user provisioning has taken place.

    So back to square one, assuming last checklist items have been done

    • Time on Client >= RMS server
    • NLB is that a Windows NLB or Hardware LB. If it is a HLB, is the Cert stored on the HLB?
    • Shutdown one of the ADRMS servers, try creating a protected document on the Client Machine. Check the IIS logs on the active AD RMS server (should be in inetpub\logfiles). If the client is able to reach the server, you should have an HTTP error code present there.

    If the above steps don't provide a clearer picture, then enable tracing on the RMS Client and download & run the Debugview tool. Re-enact the provisioning steps on the client.

    Trace: This registry key can be used to enable application tracing, which records logs of every action executed by the RMS client and that can be viewed by the DebugView tool.

    Copy Code HKLM\Software\Microsoft\MSDRM
    REG_DWORD: Trace
    Value: 1 to enable tracing, 0 to disable tracing (default)

     Download Debugview: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

     


    Hope this is helpful. Plus if you feel that question was answered, please mark it as Answered and Vote as helpful.
    Friday, April 8, 2011 7:49 PM
  • Hi Darth

    you're Right :-)  , in tracing logs, user can't request user certificate to RMS the error code is 12057,  i reviewed the KB http://support.microsoft.com/kb/969608#top  , the problem were with CRL because CA are Offline and CRL is not renew. Security Team has fixed the problem and RMS is working Fine

    Thank you very Much for your help

    Cheers!!!

    Friday, April 8, 2011 10:30 PM
  • Glad I could be of assistance :)
    Hope this is helpful. Plus if you feel that question was answered, please mark it as Answered and Vote as helpful.
    Saturday, April 9, 2011 5:50 AM
  • Darth

    Thanks a lot for your valuable suggestions.

    Regards,

    Carlos


    CAS
    Saturday, April 9, 2011 11:53 PM