locked
Unable to protect content with Azure RMS. Error code 0x800704DC RRS feed

  • Question

    • Hello.

      I set up a test environment with Azure AD tenant and enabled RMS subscription.

      On the corporate side I have set up ADFS 3.0 server and ADFS Proxy in DMZ. I confirmed that ADFS authentication work externally, since I can log in to manage.windowsazure.com via ADFS login screen.

      But, if I try to use RMS client to protect a document, I am asked for credentials and will get that error message.

      unablr to protect content

      There is no error messages on ADFS proxy or ADFS. I do not have access to logs "in Azure cloud" and I can't open a ticket with Azure support - it is a free trial...

      Please, help me.

      Slava

    Tuesday, February 2, 2016 3:09 PM

All replies

  • I have posted a similar message on another MSDN forum. Here is an update that I copied from there:

    +++++++++++++++++++++++++++++++++++++++++++++++++

    Hello Sadiqh.

    There is no logs in %localappdata%\microsoft\msipc\logs on ADFS server. It is an empty folder.

    Microsoft Connectivity Analyzer test for Office 365 single sign-on shows the error of root certificate/ This is because it is unable to connect to internal root CA to test the validity of fs.sadcomusa.com certificate, I believe:

    MS Connectivity analyzer results

    RMS Analyzer tool does not accept AD account in my test domain sadcomusa.com :

    RMA Analyzer

    and when I use sadcomusa.onmicrosoft.com account (which is Global Admin account for my Azure tenant), I receive the following response:

    I was asked to make sure that "Forms Authentication" is selected for Intranet and Extranet on ADFS server. And it is:

    Forms Authentication in ADFS

    Also, I tried to change the Authentication settings in WAP from "AD FS" to "Passthrough":

    WAP authentication settings

    Which didn't fix the issue, but resulted in a different error (I tried to protect a document on ADFS server):

    account not found

    I am open to try any other suggestions. It does seem like ADFS-related problem...

    Thank you.

    Slava

    Thursday, February 4, 2016 1:15 PM
  • Another piece of information.

    When I try to use RMS application on iPhone, I can not go past this configuration screen. It comes back every time I hit "Continue":

    RMS on iPhone

    Thursday, February 4, 2016 1:48 PM
  • I am checking on the advice give here: https://social.msdn.microsoft.com/Forums/azure/en-US/9792482b-ccac-4781-b953-e789186a4380/how-to-configure-relying-party-trust-with-azure-ad?forum=WindowsAzureAD

    about setting up Relaying party trust. Initially, I have selected one of the default trusts (login.microsoftonline.com), but since my ADFS is failing, I am trying to see if I need to create a custom trust instead:

     Default replaying party trust

    This is from Microsoft Azure:

    Azure application

    When I click on "Office365 Management API", here is what I got:

    Where is the information? Do I need to have this application at all?

    What shall I add here to make SSO work with RMS !?!?!

     
    Thursday, February 4, 2016 7:56 PM