Problems with RMSProtection and automation: "The operation being requested was not performed because the user has not been authenticated" RRS feed

  • Question

  • Hi,

    We are trying to automate a process of protecting/unprotecting files using the RMS protect/unprotect cmdlets. This procedure is initiated by an IIS-website, which then starts a new powershell session for doing just that. We have previously been able to do this on our initial setup, based on older cmdlets approx. 6 months ago, but a new setup with latest msonline/rmd cmdlets provide us with some issues

    A prereq for our protection routine is that we get the latest templates using Get-RMSTemplate -force. If we run this in a new powershell session, we are being prompted for credentials from the RMS Protection tool. If we enter these the security-context is established fine - and we can get templates and do our protection

    However - trying to establish this security-context using a generated PS1 file, does not seem to in any way to be able to establish the required security-context, neither by:

    Connect-MSOLSERVICE (and parse in same credentials that works when manullay running Get-RMSTemplate)
    Connect-AadrmService (and parse in same credentials that works when manually running Get-RMSTemplate)

    Has anything been changed with above security-context? We have been able to do this before, but on a complete new RMS-setup we are having these issues

    Best regards,


    Thursday, February 9, 2017 8:02 AM

All replies

  • Are you using the same or a new service principal for Set-RMSServerAuthentication?  Try creating a new service principal for this new computer (new Key and AppPrincipalId).  Also check that the registry is edited (prereq) if needed for a tenant outside North America. 

    Reminder about preqs: https://docs.microsoft.com/en-us/powershell/rmsprotection/vlatest/about_rmsprotection_azurerms

    Friday, February 10, 2017 6:01 PM