RMS Permission problem enabling RMS

  • Thread starter mstalcott
  • Start date Views 4,124
Status
Not open for further replies.
M

mstalcott

Having difficulty with getting the IRM perms correct, apparently:

RMS on Server 2008R2, Exchange2010, EXCHServers group has Read/Execute perms on servercertification.asmx and the inheritable checkbox is set.

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Set-IRMConfiguration -InternalLicensingEnabled $true
No connection could be made because the target machine actively refused it 192.168.1.46:443 ---> Unable to connect to t
he remote server ---> Failed to get Server Info from https://rms.baupost.com/_wmcs/certification/server.asmx.
+ CategoryInfo : InvalidOperation: :)) [Set-IRMConfiguration], Exception
+ FullyQualifiedErrorId : 8E3210B2,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration

[PS] C:\Program Files\Microsoft\Exchange Server\V14\Scripts>Test-IRMConfiguration

cmdlet Test-IRMConfiguration at command pipeline position 1
Supply values for the following parameters:
Sender: ************
Results : Checking Exchange Server ...
- Exchange Server is running in Enterprise.
Loading IRM configuration ...
- IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- RMS Certification Uri: https://rms.baupost.com/_wmcs/certification.
Verifying RMS version for https://rms.baupost.com/_wmcs/certification ...
- Warning! Failed to verify RMS Version. IRM features require AD RMS on Windows Server 2008 SP2 with the
Hotfixes specified in Knowledge Base article 973247 (http://support.microsoft.com/kb/973247) or RMS on Window
s Server 2008 R2.
-------- Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
//rms.baupost.com/_wmcs/certification/server.asmx. ---> System.Net.WebException: Unable to connect to the rem
ote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine ac
tively refused it 192.168.1.46:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& soc
ket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& except
ion)
--- End of inner exception stack trace -
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
uests)
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
--- End of inner exception stack trace -
at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
rviceType serviceType)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
 
R

ragharam

Hi,

May be this would help

http://technet.microsoft.com/en-us/library/dd979792.aspx

UsingIRM features requires an Active Directory Rights Management Services (AD RMS) server or the ILS service. and the error does gives you that information

- Warning! Failed to verify RMS Version. IRM features require AD RMS on Windows Server 2008 SP2 with the
Hotfixes specified in Knowledge Base article 973247 (http://support.microsoft.com/kb/973247) or RMS on Windows Server 2008 R2.

Install AD RMS Server Role

http://technet.microsoft.com/en-us/library/cc770957.aspx

Could you also check the port 443 if its blocked

-Ragharam
 
V

Vitalie Ciobanu

Hi all,

I have the same issue. For testing purposes, I have AD RMS installed on Server 2008 R2 and Exchange 2010 RTM on the same server. Port 443 is allowed. Both RMS and Exchange are working perfectly. Permissions on servercertification.asmx set as stated here http://technet.microsoft.com/en-us/library/ee849850(WS.10).aspx

When I try to test RMS config using Test-IRMConfiguration -Sender user1@example.com I get the following output:

- Warning! Failed to verify RMS Version. IRM features require AD RMS on Windows Server 2008 SP2 with the Hotfixes specified in Knowledge Base article 973247 (http://support.microsoft.com/kb/973247) or RMS on Windows Server 2008 R2

The hotfix is not applicable as AD RMS is installed on Windows Server 2008 R2.

Any ideas what else can I check?
 
V

Vitalie Ciobanu

I partialy resolved my problem by changing the certificate. I had a self-generated one, after I created one from my internal CA, the test passed RMS version step and failed at next step: Failed to acquire RAC and/or CLC.

Looking into this now.
 
V

Vitalie Ciobanu

I have completely resolved the problem. During troubleshooting, I set anonymous authentication on servicelocator.asmx. As soon I disabled this, Test-IRMConfiguration succeeded.

Now I'm waiting for Outlook 2010 to show templates in new mail window so I can fully test RMS.
 
Status
Not open for further replies.
Top