• Question

  • VM1 - contains Windows Server 2008 R2 DC and Exchange Server 2010

    VM2 - contains Windows Server 2008 R2 Member Server with AD RMS installed and configured with SSL, which was created from the internal CA. Through IIS 7 I created and completed a request certificate, and I updated the SCP in RMS cluster to point to https://rms.mailtask.com/_wmcs/certification/server.asmx.

    This is my problem, on VM1 I run this command >Set-IRMConfiguration -InternalLicensingEnabled $true I am met with this message "The remote certificate is invalid according to the validation procedure.-----> The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get server infrom from https://rms.mailtask.com/_wmcs/certification/server.asmx"

         *Category : invalid operation:<> Set-IRMConfiguration, Exception

    Anyone know where I am going wrong. Thanks.

    Gaston Levario

    • Changed type wendy_liu Wednesday, July 25, 2012 3:17 AM
    Friday, July 20, 2012 5:12 PM


All replies

  • Is Internal CA Enterprise CA or Standalone CA?

    If it is Standalone CA then try importing root CA to Exchange Server.

    - Sarvesh Goel - Enterprise Messaging Administrator (Exchange 2010)

    Friday, July 20, 2012 5:30 PM
  • Sarvesh, thank you for the quick response, here is the answer to your question:

    Internal CA configured as Enterprise CA on the DC

    On the RMS machine:

    When I requested the certificate a file was created, I then cut and paste the contents of this file when I requested a certificate in /certsrv.

    * I configured it for Web Server and use the attributes of san:dns=ex01&dns=ex01.mailtask.com&dns=rms.mailtask.com.

    * I submitted this request to create a certnew download file.

    * I used certnew to complete the certificate request.

    * then I opened Default Web Site, bindings and I used the friednly name in https 443 but at this point, Sarvesh, I clicked on View hoping that I would see Subject Alternative Name but I didn't see it. I don't know if this is the what is causing the problem.

    Thanks Sarvesh.

    Gaston Levario

    Friday, July 20, 2012 5:45 PM
  • What happends when you browse the RMS URL from the Exchange? Do you see cert warning?

    - Sarvesh Goel - Enterprise Messaging Administrator (Exchange 2010)

    Friday, July 20, 2012 6:40 PM
  • No I got a 401 error as it could not recognize http://rms.mailtask.com/_wmcs/certification/server.aspx 

    the bold portion of the URL by the way that is /_wmcs

    Gaston Levario

    Friday, July 20, 2012 11:07 PM
  • Hi Gaston,

    AD RMS(Rights Management Services) is a role of Windows Server , you may post it to our Windows Server Forum to get better help.


    More information for your reference.

    The AD RMS Service Connection Point:


    AD RMS and 401 Error:<//span>


    Wendy Liu

    TechNet Community Support

    • Proposed as answer by wendy_liu Monday, July 30, 2012 1:48 AM
    • Marked as answer by wendy_liu Tuesday, July 31, 2012 1:46 AM
    Wednesday, July 25, 2012 3:17 AM