• Hello, Im am new to AD RMS. I would like to use AD RMS for Exchange.

    I am sticking here with the same problem over and over again.

    I installed windows 2008R2 in a virtualized lab environment.

    I created a self signed certificate during the installation.


    Thanks for any help in advance !



    and I am getting this error messages:




    <Informational>: This server might need to be restarted after the installation completes.



    Active Directory Rights Management Services

    Cluster Type Licensing-only cluster


    Trust Hierarchy Production


    Configuration Database Server Windows Internal Database


    Service Account LOCAL\AD_RMSService


    Cluster Key Storage AD RMS centrally managed key storage


    Cluster Web Site Default Web Site


    Cluster Internal Address


    SSL Certificate C1C123938C49E06D0DF67ADCCAF264CB705D29DB


    Licensor Certificate Name RMS



    Active Directory Rights Management Services: Installation succeeded with errors

    <Error>: Attempt to configure Active Directory Rights Management Server failed. The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again. at Microsoft.RightsManagementServices.Configuration.LicensingServerSelfEnrollment.DecideCertificateHierarchy() at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName, String cspName, String keyContainerName) at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll() at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run() at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision() at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data) at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run() Remove and re-install AD RMS to attempt provisioning again.


    <Warning>: Before you can administer AD RMS on this server, you must log off and log on again.


    The following role services were installed:


    Active Directory Rights Management Server


    Please refer to the full log at: 'C:\Users\AD_RMS\AppData\Local\Temp\ServerManager.log'



    Tuesday, September 06, 2011 12:25 AM


All replies

  • The certificate should be issued from a trusted root certification authority. Do you have certificate services configured in the A.D. If so install the certificate to AD RMS from the certification authority;or else create an active directory certifcate services for active directory domain.
    If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". MCSE,MSCITP-EA
    Tuesday, September 06, 2011 3:16 AM
  • Thanks for your help !

    I have a  hickup with understanding Certificates. .. Sorry...

    I did not want to spend money for a test environment .

    If I install the Active Directory Certificate Services ...

    where is the best place ? ( with AD RMS- on my domain controller)

    and does this replace a certificate from a trusted root certification authority ?


    ...   thanks again ....



    Tuesday, September 06, 2011 3:52 AM
  • AD RMS related issues should be posted here
    Tuesday, September 06, 2011 5:36 AM
  • Apologies !

    Could solve my problems thanks to answer above !



    Tuesday, September 06, 2011 11:11 PM