Symptoms

When you attempt to add the Active Directory Rights Management Services (AD RMS) server role along with Federated Identity Support on a computer running Microsoft Windows Server 2008 or Windows Server 2008 R2, the Installation Results page of the Add Roles wizard shows that the installation failed. The error message begins, "Attempt to configure Identity Federation Support failed. Index was out of range."

Cause

AD RMS and Federated Identity Support cannot be added to a computer at the same time if the AD RMS Web site is not bound to the HTTP protocol.

Resolution

You must remove the AD RMS server role, add the AD RMS server role by itself, and then add Federated Identity Support separately.

Before you can remove the AD RMS server role, you must configure the AD RMS Web site to require SSL.

To configure the AD RMS Web site to require SSL

  1. Open the Internet Information Services (IIS) Manager console and expand the server that is hosting AD RMS.

  2. In the connections tree in the results pane, expand Sites, and then click the Web site on which you have configured AD RMS. By default this is the Default Web site.

  3. Under IIS, double-click SSL Settings, click Require SSL, and then in the actions pane, click Apply.

After completing this procedure, you can remove the AD RMS server role. To avoid a recurrence of this issue, do not attempt to add Federated Identity Support when you are adding the AD RMS server role.

See Also