Hi everyone,

I'm looking for AD RMS Client (MSIPC.DLL) which can be applied to Windows Server 2012. I have tried to install Windows RMS Client Service Pack 2 but it doesn't support. I'm having an error that says "The required Active Directory Rights Management Service Client MSIPC.DLL is present but could not be configured properly. IRM will not work until the client is configured properly". So I think something needs to be installed in my client before connecting and using IRM protector.

Update: I have completely installed AD RMS Client 2.0 but still get the error above.

---------------------------------------------

Information Rights Management (IRM): There was a problem while creating the generic issuance license template.
All issuance licenses for protected documents are constructed from a generic, base issuance license template.
Additional Data
Error value: 0x8004020A
---------------------------------------------

Has anyone encountered the same error? I really appreciate you helps.

Regards,

Hi Thuan,

I am sorry you are having trouble here getting an answer to your question. I work on the documentation for AD RMS and according to my understanding, you should be able to use AD RMS Client 2.0 on Windows Server 2012 without issue if (as the error message you included - and thanks for including that here) the client settings that it relies upon are fully configured.

In general, AD RMS Client 2.0 is simpler to support than the older RMS/AD RMS (now considered 1.0) client. I would start by verifying that you have service discovery configured here for the client using Windows Registry settings that are described near the end of the following article.

AD RMS 2.0 Client Deployment Notes
http://technet.microsoft.com/en-us/library/jj159267(v=ws.10).aspx

It's also a good idea if you have not worked with AD RMS Client 2.0 previously to read this article in full as it comprises all the deployment documentation that we have so far on AD RMS 2.0 Client available.

Thanks! 

Brad Mahugh
Senior Technical Writer - AD information eXperience (iX)
Microsoft Corporation
------------------------
This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

If this answer has been helpful to you, please Propose it as Answer as that will enable me to better know I have helped you or that this reply can be useful to others who have similar questions and also participate here in this forum. 

Hi Brad,

The error still exists. I was setting up ADRMS on SharePoint 2013 environment but it seems SharePoint 2013 couldn't well communicate with AD RMS on Windows Server 2012 at this moment, or I miss something on configuration side. Do you know any guidance covering Windows Server 2012 AD RMS and SharePoint 2013?

Many thanks for your help.

Regards,
-T.s

You have to browse to "C:\inetpub\wwwroot\_wmcs\certification" or wherever you have your webfolder and grant permissions on the following file: "ServerCertification.asmx"

Now you have to grant read and read&execute permissions to your application pool account of this webapplication. Assuming you have installed into the Default web site running under defaultapppool which usually runs under the Network Service account:

Go to the "ServerCertification.asmx" file and grant the Network Service account with the read and read&execute permissions.

Once you have done this, you should be able to browse to the following site: https://YOURSERVER/_wmcs/certification/servercertification.asmx

If you get prompted for a login, you did not set the permissions correctly. (You can grant "everyone" those permissions to check that it is not some other problem)

Once you have done this, the message within central admin should disappear and you are up and running with IRM!

I have already given permissions to the service account, but still getting the prompt. As an additional test, I tried giving permissions to 'Everyone' on the asmx file, but still getting prompted for login. Once I provide the correct credentials, the page opens up though.

Are there any additional steps that I need to perform?

If the page opens up once you provided the correct credentials, you should be good. You can add the site to your local Intranet Zone to get logged in automatically.

Check the SharePoint Central Administration to see if you still have that error message. If so, make sure you have installed the AD RMS Client 2.0.

Also make sure to disable loopbackcheck and double check your AD RMS certificate if you still have Problems.

Pardon my ignorance, but shouldn't Win Server 2012 have the AD RMS client pre-installed, just like it's predecessor Win Server 2008 which had the AD RMS client by default?
I also downloaded client 2.0 and tried installing it again just to be sure, but it directly goes to the 'Installation finished' screen.

Hello All.

I have several customers using SahrtePoint IRM 2013/AD RMS 2012 without any problem.

Just to reconfirm,

-- SharePoint 2013 use MSIPC client (AD RMS 2,0) CLient (when install will take care of that or you can install manually, same as office 2013), Windows 2012 has AD RMS 1.0 SP2 + KB979099 OOB, so

1-- You can install just SahrePoint and it should work.

2-- I didn't see details about sharePoitn Service accounts, remember all acoutnes need email address when interacting with AD RMS.

Please reconfirm so we can better assist.

Regards.

Cristian

Hi Christian,

We have used service accounts for SharePoint and AD RMS. However, service account do not typically have email addresses associated with them.

Please let me know if I am missing anything.

Thanks.

Pallav

Checkout http://blogs.msdn.com/b/richin/archive/2012/02/05/ad-rms-configuration-error-in-sharepoint-2010.aspx The problem was that only the system user had access to "...\_wmcs\certification\ServerCertification.asmx"

It helped me with my server 2010 and SharePoint

Hi Joost,

I was missing the permissions for "AD RMS Service Group. Added the permissions, but still getting the same error.

Pallav

I enabled verbose logging in SharePoint and saw the following critical error logged:

There was a problem while getting the license template issuer list after connecting to Online RMS server instance.

Error value: 0x800704dc

Further, ran NetMon to analyze the traffic between SharePoint Server and AD RMS server. Following error was logged:

Http: [RMS Related]Response, HTTP/1.1, Status: Forbidden, URL: /_wmcs/licensing/server.asmx

Also, read Information Protection and Control (IPC) in Microsoft Exchange Online with AD RMS and it also points that SharePoint server is not able to get Client Licensor Certificate (CLC) from the AD RMS server.

However, I am still clueless on how to fix this.

Please help.

Thanks,

Pallav

Hi everyone.

Try to use a LABEL name for your cluster URL instead of FQDN if you have Split Brain DNS; I experimented some issues with FQDN in this escenario.     Also you have to change the certificate.

Hi,

I ran into the same problems. The event log was full of errors with event id 5283 "Information Rights Management (IRM): There was a problem while creating the generic issuance license template." The solution was provided by a blog post of Ivan Saunders http://msmvps.com/blogs/ivansanders/archive/2012/06/08/check-out-the-weather-forecast-for-teched-2012.aspx

In my case during the installation and provisioning of RMS an option regarding cryptographic mode is given. After choosing cryptographic mode 1 (RSA 1024-bit) the integration with SharePoint finally started working correctly.

Hope this will do the trick for you.

Regards,

Sjoerd.

And the last parts of the puzzle are....

1. Ensure that the AD RMS server end point is actually registered in AD.  You can open the AD RMS control panel and then right-click the server node, go to the last tab and see if it show that it is registered or not.  If not, register it!
2. The account you are running as when you are clicking the "OK" button in Central Administration.  When all else fails, run as domain admin to at least get the IRM setup!

That got it working for me!
Chris