Active Directory Rights Management Server Install Enrollee Problem
I have created my own RSA CSP and I and tring to get it to work with ADRMS I am having trouble installing the root cluster it is failing to generate enrollee certificate public key but it does not call my CSP Gen
key so how is it tiring to generate this public key?
Server log
3628: 2010-08-25 16:30:26.250 [RMS] Begin CreateSlcNameType...
3628: 2010-08-25 16:30:26.250 [RMS] Create cluster case, settign SlcNameType...
3628: 2010-08-25 16:30:26.250 [RMS] SlcNameType set onto NewClusterType, ServerLicensorCertificate = AD RMS CERT
3628: 2010-08-25 16:30:26.250 [RMS] Begin CreateSlcRevocationType...
3628: 2010-08-25 16:30:26.250 [RMS] Create cluster case, settign SlcNameType...
3628: 2010-08-25 16:30:26.250 [RMS] Revocation is disabled, Item = True
3628: 2010-08-25 16:30:26.250 [RMS] Private key protection is CspBased and private key password is <null>.
3628: 2010-08-25 16:30:26.250 [RMS] Domain account being used for service account is True and password is <non-null>
3628: 2010-08-25 16:30:26.250 [RMS] Begin LogSerializedConfigXML...
3628: 2010-08-25 16:30:26.250 [RMS] Log config XML directory = C:\Users\Administrator\AppData\Local\Temp\2\
3628: 2010-08-25 16:30:26.265 [RMS] Log config XML file name = RmsProvision-Config-08-25-2010-0430.xml
3628: 2010-08-25 16:30:26.265 [RMS] Log config full path = C:\Users\Administrator\AppData\Local\Temp\2\RmsProvision-Config-08-25-2010-0430.xml
3628: 2010-08-25 16:30:26.375 [RMS] Begin Provision, provisionScenario = FullProvision, upgrade = False, private key password = , service account password = System.Security.SecureString,
proxy password = , adfsUrl = .
3628: 2010-08-25 16:31:26.765 [RMS] Error (Id=0) System.Exception: Fail to generate enrollee certificate public key. at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.GenerateEnrolleeCertificatePublicKey(String
cspName, String keyContainerName)
at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName, String cspName, String
keyContainerName)
at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll()
at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run()
at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()
at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data)
at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run()
at Microsoft.RightsManagementServices.Configuration.ConfigHelper.Provision(ConfigOperationType configOperation, RmsProvisionScenarioType provisionType, Boolean upgrade, SecureString privateKeyPassword, SecureString rmsServiceAccountPassword,
SecureString proxyPassword, String adfsUrl)
at Microsoft.Windows.ServerManager.RightsManagementServices.RightsManagementServicesRoleProvider.Provision(ClassValue guest, String guestIdentity, ConfigHelper configHelper, ConfigOperationType configOperationType, RmsProvisionScenarioType provisionScenario,
String adfsUrl)
3628: 2010-08-25 16:31:26.796 [RMS] [STAT] For 'CoreRightsManagementServer':
3628: 2010-08-25 16:31:26.796 [RMS] [STAT] Configuration took '62.5735002' second(s) total.
Event:
Active Directory Rights Management Services
Cluster Type Root cluster
Trust Hierarchy Production
Configuration Database Server Windows Internal Database
Service Account ROOT\testuser
Cluster Key Storage CSP key storage
CSP for Key Storage My RSA Full Cryptographic Provider
Cluster Web Site Default Web Site
Cluster Internal Address http://root.testnetwork.com:80/
Licensor Certificate Name AD RMS CERT
Register SCP Register now
Active Directory Rights Management Services: Installation succeeded with errors
<Error>: Attempt to configure Active Directory Rights Management Server failed. Fail to generate enrollee certificate public key. at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.GenerateEnrolleeCertificatePublicKey(String
cspName, String keyContainerName) at Microsoft.RightsManagementServices.Configuration.CertificationServerSelfEnrollment.Enroll(EnrolleeServerInformation enrolleeInformation, EnrolleeRevocationInformation revocationInformation, String certificateDisplayName,
String cspName, String keyContainerName) at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Enroll() at Microsoft.RightsManagementServices.Configuration.ProvisioningBase.Run() at Microsoft.RightsManagementServices.Configuration.ProvisionerBase.DoProvision()
at Microsoft.RightsManagementServices.Configuration.ProvisionerHelper.Run(OperationType operationType, Object data) at Microsoft.RightsManagementServices.Configuration.CmdLineHandler.Run() Remove and re-install AD RMS to attempt provisioning again.
<Warning>: Before you can administer AD RMS on this server, you must log off and log on again.
The following role services were installed:
Active Directory Rights Management Server
August 25th, 2010 7:34pm
On Wed, 25 Aug 2010 16:34:22 +0000, karrimrabi wrote:
I have created my own RSA CSP and I?and?tring to get it to work with ADRMS ?I am having?trouble?installing the root cluster it is?failing?to generate enrollee certificate public key but it does not call my CSP?Gen key?so how is it?tiring?to?generate?this
public key?
Questions about RMS should be posted to the RMS forum -
http://social.technet.microsoft.com/Forums/en-US/rms/threads
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2010 8:14pm