AD RMS with Exchange 2010 SP1

Not open for further replies.

Fady Naguib


We have AD and Exchange 2003 and Exchange 2010 (Coexistence).

I had installed AD RMS on my DC (Windows 2008 SP2) with a private certificate from my internal CA and tried to send encrypted messages (Don"t forward) and it's working fine.

I create some templates and assigned them to anyone. I can see and use these templates from OWA 2010 but when I tried it with Outlook (2003, 2007 and 2010) I cannot see these templates for all users hosted on exchange 2010?

Also I tried to publish the RMS server to outside to be accessible from internet using TMG 2010.

I created the web site publishing rule successfully and used an external name for the RMS server, the one I wrote on the external cluster URLS- and used public certificate that contain the name of the RMS external URL in the SAN on the TMG but the test rule failed. When I used the internal certificate, test rule succeeded on TMG.

I notice that the external outlook asking for the internal URL from outside???!!!!

RMS Internal URL: https://RMS-Server.domain.Local

RMS External URL:

So, my questions are:

How can I upload the RMS template polices on the outlook?

How can I publish the RMS on internet using public certificate?

I read many many blogs and articles from Microsoft with no luck.

Any help?!!!

Regards, Fady Naguib

Fady Naguib

Here is the reply of Test-IRMConfiguration cmdlet

Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Enterprise.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- PASS: RMS Certification Uri: https://rms.domain.local/_wmcs/certification .
Verifying RMS version for https://rms.domain.local/_wmcs/certification ...
- PASS: RMS Version verified successfully.
Retrieving RMS Publishing Uri ...
- PASS: RMS Publishing Uri: https://rms.domain.local/_wmcs/licensing .
Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC) ...
- PASS: RAC and CLC acquired.
Acquiring RMS Templates ...
- PASS: RMS Templates acquired.
Retrieving RMS Licensing Uri ...
- PASS: RMS Licensing Uri: https://rms.domain.local/_wmcs/licensing .
Verifying RMS version for https://rms.domain.local/_wmcs/licensing ...
- PASS: RMS Version verified successfully.
Creating Publishing License ...
- PASS: Publishing License created.
Acquiring Prelicense for 'mfawzi@domain.local' from RMS Licensing Uri (https://rms.domain.local/_wmcs/li censing) ...
- PASS: Prelicense acquired.
Acquiring Use License from RMS Licensing Uri (https://rms.domain.local/_wmcs/licensing ) ...
- FAIL: Failed to acquire a use license. This failure may cause features such as Transport Decryption, Journal Report Decryption, IRM in OWA, IRM in EAS and IRM Search to not work. Please make sure that the account " FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042" representing the Exchange Servers Group is granted super user privileges on the Active Directory Rights Management Services server. For detailed instructions, see
" Add the Federated Delivery Mailbox to the AD RMS Super Users Group" at d=193400.

Regards, Fady Naguib

Neil Hobson

Hmmm....that's strange, because my understanding is that you need to add the Federated Email mailbox to the RMS Super Users group to get RMS working in OWA, but I see from your original post that you say you can use the templates in OWA. It might be worth adding the mailbox to the super users group anyway. By the way, by running this cmdlet I was originally addressing your first issue, not the issue about accessing RMS from the web.Neil Hobson | Principal Consultant | Silversands | | | | twitter @NeilHobson

Fady Naguib

Thanks for your reply, any idea regarding my issue?!Regards, Fady Naguib
Not open for further replies.