locked
AD RMS in test and production RRS feed

  • Question

  • Can I use Production AD or AD Domain service to setup a POC or test environment AD RMS? If so,

    Will there be any impact on production installation of AD RMS, which I have to after POC?

    What all points i have to keep in mind while installing POC, so there will no clash while production setup?

     

    Monday, March 28, 2011 7:16 PM

Answers

  • Assuming you have went with the not registering SCP option.

    In which case you need to configure the MSDRM registry settings for the RMS client to find the AD RMS servers . Two keys to configure ..

    Activation—This registry key defines the URL of the user activation service:

    Key: HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation
    REG_SZ: default
    Value: <http(or https)://RMS_Cluster_Name/_wmcs/Certification>


    EnterprisePublishing—This registry key defines the URL of an RMS installation that you want this client to use for license requests:

    Key: HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
    REG_SZ: default
    Value: < http(or https)://RMS_Cluster_Name /_wmcs/Licensing>

    I think this should solve your problem.

    For more details please review http://technet.microsoft.com/en-us/library/dd772665(WS.10).aspx

    • Marked as answer by ak567 Saturday, April 2, 2011 4:03 AM
    Friday, April 1, 2011 8:48 AM

All replies

  • Hi ak567,

    As I understand it, you would like to deploy ADRMS in the production domain as a POC. You have two options, either don't register the SCP point in the AD or alternatively restrict the certification and licensing pipelines to a security group containing the pilot users only (by default they are accessible to Domain Users group).

    You can follow the steps for deploying AD RMS via http://www.microsoft.com/downloads/en/details.aspx?FamilyID=A0EA7CD0-7DE7-43A5-B1F9-B4CC679CECB3

    Hope this helps.

    Thursday, March 31, 2011 10:52 AM
  •  

    Thank you Darth Syd! Your reply helped a lot.

    Now I am stuck in step 3 : Verifying AD RMS Functionality 

    I do not have windows vista or later version so I am using Windows XP and installed rms client (WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe). And tried to do "Click the Microsoft Office Button, click Prepare, click Restrict Permission, and then click Restricted Access." Which did not result in showing screen with "Restrict permission to this document ". The screen i see is asking do you want to sign up for free trial service. So wondering what is missing in my setup. Any idea?

    Only step i skip is "To add AD RMS cluster to Local Intranet security zone". Is this cause any issue? to get this added i have to go through big process as it is enforce by group policy.

    Also i want to know, how to  restrict the certification and licensing pipelines to a security group containing the pilot users only.

    Thank you once again

     

    Friday, April 1, 2011 3:48 AM
  • Assuming you have went with the not registering SCP option.

    In which case you need to configure the MSDRM registry settings for the RMS client to find the AD RMS servers . Two keys to configure ..

    Activation—This registry key defines the URL of the user activation service:

    Key: HKLM\Software\Microsoft\MSDRM\ServiceLocation\Activation
    REG_SZ: default
    Value: <http(or https)://RMS_Cluster_Name/_wmcs/Certification>


    EnterprisePublishing—This registry key defines the URL of an RMS installation that you want this client to use for license requests:

    Key: HKLM\Software\Microsoft\MSDRM\ServiceLocation\EnterprisePublishing
    REG_SZ: default
    Value: < http(or https)://RMS_Cluster_Name /_wmcs/Licensing>

    I think this should solve your problem.

    For more details please review http://technet.microsoft.com/en-us/library/dd772665(WS.10).aspx

    • Marked as answer by ak567 Saturday, April 2, 2011 4:03 AM
    Friday, April 1, 2011 8:48 AM
  • Thank you Darth Syd!

    Sorry I did not mentioned about SCP part. I did use the registering SCP option. And SCP is registered.

    I will go through the link you have provided. And let you know my situation.

    In between please reply if there could be other troubleshooting in case SCP is registered.

    Friday, April 1, 2011 1:13 PM
  • Darth Syd,

    Now created registry key as you mention in post. Which help me to see diffrent screen not one having trail option only.

    Below are screen coming after I "Click the Microsoft Office Button, click Prepare, click Restrict Permission, and then click Restricted Access."

    1) pop up saying certificate not trusted (i guess bes i have self signed certificate)

    2) After clicking "Yes" in previous screen. I get similar one and i press yes agin.

    3) Next i get a small pop up giving two option,

          -  "Sign in with a Windows Live ID"

          -  "Use a Microsoft Windows account"

    So i select "Use a Microsoft Windows account" and click OK.

    4) next screen i see is asking for credential to login. I give my network/AD credential in format domain\ADUser and click OK

    5) Next screen i see is error popup saying

          Service is termporaily unavailable. Ensure conectivity with server ...... could be cause becase you working offline....or .... network issue.

    Which definitely this is not the case here. So guessing i am missing something again.

    Also I tried to access  http(or https)://RMS_Cluster_Name /_wmcs/Licensing and http(or https)://RMS_Cluster_Name/_wmcs/Certification from Internet explorer and both are accessible. With forbidden access.

     

    Friday, April 1, 2011 4:20 PM
  • Hi, I think you have missed a configuration step somewhere along the line.

    • Is the test PC you are using joined to the domain? And the test user is logging in to the domain? 
    • If it is a self generated certificate then you need to import it on the test PC otherwise just use a HTTP url only

     

     

    Friday, April 1, 2011 9:30 PM
  • Yes i guess so. Some where i missed something.

    Yes PC is part of domain and user logging is domain user with a valid email.

    I tried importing which did not helped. Then tried changing https to http in registry. However getting same error. Also http url is not working in Internet Explorer.

    Is there any tool which can be un to debug? or is there place to file logs to debug? 

    Saturday, April 2, 2011 3:14 AM
  • Darth Syd,

    Look like there was problem at server side. I restarted server and it working now thanks.

    Thanks a lot for your help!

    Saturday, April 2, 2011 4:03 AM