AD RMS not working with Microsoft office RRS feed

  • Question

  • I have new AD RMS 2012 setup and facing the below mentioned issue

    When i try to restrict a word document I get two options
    1. Sign in with Windows Live ID
    2. User a Microsoft Windwos Account

    If i Use second option I get this error when i click ok - A problem occured while contacting the restricted permission service. Please try again later or contact your administrator for more details.
    If i click cancel in second option i get error - cannot use this feature without credentials

    I have mail address assigned to me
    I have admin rights on the PC
    I am able to access the RMS URLS - licesing and Certification
    I can access RMS on same machine using FOxit (PDFs)

    Used RMS fix utility and it shows that Office is not installed but i upgraded my office from standard to Pro Plus

    Can anyone guide me on this issue?

    Thursday, September 25, 2014 7:29 AM

All replies

  • I have also installed AD RMS client 2.1 on the machine but still not working. can anyone please look into it.
    Friday, September 26, 2014 5:29 AM
  • Hi ChaudharyVivek -

    It sounds as if the client is unable to locate the AD RMS servers.  I would check to make sure the Service Connection Point is registered and accurate.  For more info on the SCP, check out this article: http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service-connection-point.aspx

    If the SCP looks ok, you can try setting the reg keys mentioned in the article to point the client directly to the certification pipeline to discover the AD RMS servers.

    I hope that helps!

    Micah LaNasa

    Synergy Advisors


    Friday, September 26, 2014 5:36 PM
  • Thanks for looking into it Micah. When I go to CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP . There is nothing under SCP but I can right click on it and go to Properties to check the Attributes which shows that SCP is assigned the right AD RMS URL (https://adrms.contonso.com/_wmcs/certification) next to servicebindinginformation attribute. I hope this is what it should be assigned to,right?

    Then i also checked HKEY_Local_Machine\Software\Microsoft\MSDRM\ServiceLocation and there is no folder under microsoft called MSDRM. There is one which says DRM.

    I have one machine from which AD RMS seems to be working for all users but its not working from any other machine for MS office. It works fine for PDF using foxit from all machines.

    Also it worked if i manually copy the GIC and CLC DRM certificates from the working machine to non working machine which means that connectivity is fine with AD RMS it looks something is restricting to download the certificates automatically. Not sure what. Can it be something related to AD RMS URL to be added to Intranet zone. I have not added it manually as its getting controlled from GPO but when i check the AD RMS URL site it says that its connected via Intranet when i right click and go to properties on the iis website page.

    I have also run the IRMcheck utility on non working PC and attached the result if that helps.

    • Edited by Vivek139 Monday, September 29, 2014 2:49 AM
    Monday, September 29, 2014 2:42 AM