locked
Issue configuring IRM on Sharepoint 2013 through RMS Connectors RRS feed

  • Question

  • Hi,

    We have an issue trying to integrate SharePoint 2013 onpremise with Azure Information Protection through RMS Connectors infrastructure.

    Our configuration

    Azure Information Protection Infrastructure: BYOK

    Azure Information Protection: works both for endpoint and for exchange (es. OWA is working correctly)

    Deploy mode: onboarding

    Configuration done

    • SharePoint users (Central Admin Service Account and SharePoint AppPool account)
      • email filed of Active Directory filled up
      • create an Active Directory Security Group within the above users
      • Enable the group on the RMS Connectors the RMS Connector configuration interface
      • Syncronize the users with Azure Active Directory
      • Put the users inside the onboarding group
      • Provide Azure Information protection license to both the users
    • SharePoint configuration
      • MSIPC client installed on all SharePoint machines
      • Registry configured using the script provided by Microsoft (all SharePoint machine was configured)
        • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation\LicensingRedirection]
          • "https://**TENANT**/_wmcs/licensing"="https://**CONNECTOR URL**/_wmcs/licensing"
        • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation\EnterpriseCertification]
          • @="https://**CONNECTOR URL**/_wmcs/certification"
        • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation\EnterprisePublishing]
          • @="https://**CONNECTOR URL**/_wmcs/licensing"
      • SharePoint can reach the RMS Connector URL and the https certificate is trusted

    Test on Sharepoint

    • Trying to integrate SharePoint with IRM (using the RMS Connector URL): “The required Active Directory Rights Management Service Client (MSIPC.DLL) is present but could not be configured properly. IRM will not work until the client is configured properly”
    • SharePoint has the following logs
      • Information Rights Management (IRM): The URL of the RMS server is: https://****/_wmcs/licensing.           68982a9e-1cf5-c089-d7fc-299c49e798df
      • Information Rights Management (IRM): The IRM client needs to connect to the RMS server to get Templates. Attempting to make an online call to the RMS server.                68982a9e-1cf5-c089-d7fc-299c49e798df
      • Information Rights Management (IRM): There was a problem while getting the license template issuer list after connecting to the Online RMS server instance. Error value: 0x80070057.       68982a9e-1cf5-c089-d7fc-299c49e798df
      • Information Rights Management (IRM): Initial certificate acquisition action was completed with result code: 0x80070057.         68982a9e-1cf5-c089-d7fc-299c49e798df
      • Information Rights Management (IRM): There was a problem while creating the generic issuance license template.  All issuance licenses for protected documents are constructed from a generic, base issuance license template.  Additional Data Error value: 0x80070057    68982a9e-1cf5-c089-d7fc-299c49e798df
      • Information Rights Management (IRM): Initial certificate acquisition and other Rights Management Services (RMS) initialization actions were completed with result code: 0x80070057.           68982a9e-1cf5-c089-d7fc-299c49e798df           

    Thanks in advance

    Simone

    Thursday, November 9, 2017 5:10 PM

All replies

  • Simone,

    Thanks for the very detailed setup and configuration. 

    Please confirm you have the latest MSIPC driver installed on your SharePoint servers -->https://www.microsoft.com/en-us/download/details.aspx?id=38396

    (Note: This is all of your SharePoint servers, including your CA Server. )

    There is a planned update from the SharePoint team to be supplying a newer update, if you're already on this updated driver. The issue is with the MSIPC.dll driver talking to the Azure RMS connector. If you'd like further updates, my suggestion would be to create a service request ticket with the SharePoint 2013 team asking for the latest updates. 

    Note: The latest MSIPC.dll driver update is planned, but no date is known at this time.

    Thanks,

    Friday, December 22, 2017 8:42 PM