migration to Azure RMS RRS feed

  • Question

  • hi,

    i'm migrating onprem RMS to Azure RMS. after AzureRMS is activated and computers configured with the

    • CleanUpRMS_RUN_Elevated.cmd

    • Redirect_OnPrem.cmd

    entire procedure according to


    and now where problem begins. 

    users has office 2o16 /365 in click-to-run installation. when trying to encrypt message error is shown:

    our machine isn't set up for Information Rights Management (IRM). To set up IRM, sign in to Office, open an existing IRM protected message or document, or contact your help desk.

    in MSICP log i may find the information:

    ++++++++ ERROR: Exception at e:\bt\39690\private\client\src\msipc\api\ippapi.cpp(1921): hrIppGetUser
    HRESULT = 0x80040219: Microsoft Online Services Sign-in Assistant is not installed on this machine. Contact your administrator for further investigation. ++++++++

    but... office 2o16 is using moder auth, and should not need SIA component. i checked ADFS configuration [endpoint enabled], offices are being sucessfully activated since several months. how to debug why office is using traditional authentication instead of MA?

    but that's not the end. i've installed SIA on several computers. on 3 of them users where able to gather RMS templates, on 2 - i could not get rid of the error. online assistant installed, and office is still throwing 'SIA not installed'.

    need help!

    PS. other potentially usefull information:

    - domain integrated using ADFS 3.o

    - alternate logon ID had to be used

    - on the computers which could not connect there was one more error in the log [all computers configured with exaclty the same policies]:

    }}{{[839][msipc]:[Trace]:[4592]:[11:51:09.550]: registry.cpp:Microsoft::FoundationServices::Common::Registry::Open:142

    REGISTRY - Attempted searching for RegKey with SOFTWARE\Microsoft\MSIPC\HostNameRedirection           opening a reg key using HKEY_CURRENT_USER_LOCAL_SETTING failed.            Falling back to HKEY_CURRENT_USER.

    }}{{[840][msipc]:[Trace]:[4592]:[11:51:09.550]: registry.cpp:Microsoft::FoundationServices::Common::Registry::Open:147

    REGISTRY - searched with Software\Classes\Local Settings\SOFTWARE\Microsoft\MSIPC\HostNameRedirection

    }}{{[841][msipc]:[Trace]:[4592]:[11:51:09.550]: ipputil.cpp:Microsoft::InformationProtection::IppUtil::HandleException:880

    Exception at e:\bt\39690\private\client\src\base\fscommon\registry.h(257): lr
    HRESULT = 0x80070002

    -o((: Leliv

    Wednesday, July 27, 2016 5:32 AM


  • as i solved the problem for anyone with similar issue:

    - the reason of the problem was that users were using office pro as the only feature and thus they did not added o365 users to the office/system. it may be done i.e. from any office application: file -> account -> connected services. only than ADAL is used.

    why office2o16 is not able to use Microsoft Sign-In assistant installed individually is still a mistery for me.

    -o((: Leliv

    • Marked as answer by Lelivienne Thursday, August 25, 2016 9:03 AM
    Thursday, August 25, 2016 9:03 AM