Fixing connection issues with the Active Directory Rights Management Service (AD RMS) client typically involves addressing local caching, network configuration, or server-side service health. If a user cannot connect, first ensure they have an assigned email address in their Active Directory profile, as this is a common prerequisite. Common Client-Side Fixes
Clear the DRM Cache: One of the most effective first steps is resetting the local environment. Close all Office applications and rename the folder %localappdata%\Microsoft\DRM (e.g., to _DRM) to force the client to re-initialize.
Reset the AD RMS Client: If clearing the cache fails, you may need to reset the client through registry modifications or by reinstalling the client component.
Verify Internet/Intranet Zones: Ensure the AD RMS server URL is added to the Local Intranet zone in Internet Options. This allows the client to pass credentials automatically without prompting for a username and password.
Check Proxy and Network Settings: Verify that proxy settings or firewalls are not blocking the connection to the RMS server pipelines. Server-Side Troubleshooting
Service Connection Point (SCP): Ensure the SCP is correctly registered in Active Directory. This allows clients to automatically discover the RMS cluster.
IIS Pipeline Permissions: Verify that users have appropriate access to the AD RMS pipelines in Internet Information Services (IIS). Specifically, check that inheritance is enabled on ServerCertification.asmx and that ACLs are not denying access (look for 401 errors in IIS logs).
Certificate Validity: Check that the SSL certificates used by the AD RMS server are valid and that their Certificate Revocation Lists (CRLs) are reachable by the client.
Database Connectivity: Ensure the AD RMS service can communicate with its backend SQL or Windows Internal Database (WID). Diagnostic Tools
The AD FS Diagnostic Tool from Microsoft can help diagnose configuration and certificate issues when AD RMS is integrated with Federation Services.
Leave a Reply