This article applies to clusters running or being upgraded from Windows Server RMS, a.k.a. RMS V.1, running on Windows Server 2003 or Windows Server 2003 R2.
This is a legacy product that is out of support. The symptoms indicated below are a result of the products end of life, this article documents work-arounds that allow customers to upgrade this product to a supported and functional version even after its expiration.
RMS v1 (Windows server 2003) users may be unable to create new protected content or open existing protected content. The RMS server logs the following error.
An error occurred while attempting to initialize the Windows RM Service. The following information was reported:
Microsoft.DigitalRightsManagement.Core.LicenseNotTrustedException The ISSUER of the active server licensor certificate is not trusted. The RMS server cannot process requests.
At Microsoft.DigitalRights.Management.Core.ComponentBase.InitializeValidatedLicensorCert()
At Microsoft.DigitalRights.Management.Core.ComponentBase.InitializePipelineCache()
Some AD RMS servers, previously upgraded from RMS v1, may encounter issues. Users may be unable to create new protected content of open existing protected content.
The AD RMS server logs an error in the application event log.
An unexpected error occurred while the computer was initializing Active Directory Rights Management Services (AD RMS) on this computer.
Microsoft.RightsManagementServices.LicenseNotTrustedException
Message: The ISSUER of the active server licensor certificate is not trusted. The AD RMS server cannot process requests.
Please see the Notes, Links, and Screenshots sections below for details on these steps.
Existing rights policy templates exist as archived templates from the imported TPD. New templates must be created to be utilized on the new AD RMS server.
CN=RightsManagementServices,CN=Services,CN=Configuration,DC=cpandl,DC=com
If an AD RMS upgrade to RMS v1 was attempted in an effort to fix this issue further attempts to export the TPD from the RMS v1 server may fail.
The following error is received.
"Could not find stored procedure 'GetPossiblePluginInfos'."
Could not find stored procedure 'GetPossiblePluginInfos'.
This is caused by the AD RMS upgrade attempt updating the RMS databases. RMS v1 cannot use the updated DBs. Please restore the RMS v1 databases and do an IIS reset on the RMS v1 server. The TPD may now be exported.
As software stored TPD cannot be exported and imported only in the GUI. The GUI export and the steps below are required to export the TPD. The same two actions are required to import the TPD on the new server as well. The following is from the "Export and install a software-based CSP key" content on TechNet.
The sample below uses .Net v2 for the export and .Net v4 for the import. New AD RMS servers may not have .Net v2 framework installed so we use the v4 framework. Please adjust the commands as needed for your specific configuration.
The following commands export the TPD from the RMS server and import it on the AD RMS server.
c:\windows\microsoft.net\Framework\v2.0.50727\aspnet_regiis.exe -px "_DRMS:MS-GUID:{86391933-c64704c09-bbee-1b63c49538d5}" c:\privatekey.xml -pri
c:\windows\microsoft.net\Framework\v4.0.30319\aspnet_regiis.exe -pi "_DRMS:MS-GUID:{86391933-c64704c09-bbee-1b63c49538d5}" c:\privatekey.xml -exp