If you're using FCI to perform automatic RMS encryption and you're setting up new RMS server, you'll find both old and new RMS templates appearing on the File Management Task like this:
How to remove and clear away old RMS templates? Clear all files under
C:\ProgramData\Microsoft\DRM\Server\Templates\S-1-5-18
I have a wide scope of interests in IT, which includes hyper-v private cloud, remote desktop services, server clustering, PKI, network security, routing & switching, enterprise network management, MPLS VPN on enterprise network etc. Started this blog for my quick reference and to share technical knowledge with our team members.
Monday, March 17, 2014
Wednesday, March 12, 2014
Co-existence: Pre-production and Production AD RMS
We have developers wishing to develop AD RMS applications based on AD RMS SDK 2.1. Any applications developed out of this SDK is considered pre-production until its application manifest are signed with certs from Microsoft (a.k.a moving from pre-production to production).
However, pre-production applications won't work with production AD RMS server and vice-versa. Otherwise, you'll see this error: "Cannot use test manifests against production servers"
Hence, you'll have to follow this guide "How to install and configure an RMS Server" for pre-production. If there is already an existing RMS server in your AD, you've to re-setup this server for pre-production. It would effectively remove the production RMS server and Office RMS would stop working as a consequence. So, how can we make both RMS servers (one production server for Office RMS users and another pre-production for developer) to co-exist?
Our strategy is to setup a separate pre-production RMS server for developers to use that server. Remember that RMS clients would always refer to its registry settings before checking the AD SCP. Have the development PCs manually configured with pre-production server while the rest of Office clients refer to the SCP on Active Directory for the production RMS server.
Assuming that you already have a production RMS server, this is the outline plan:
However, pre-production applications won't work with production AD RMS server and vice-versa. Otherwise, you'll see this error: "Cannot use test manifests against production servers"
Hence, you'll have to follow this guide "How to install and configure an RMS Server" for pre-production. If there is already an existing RMS server in your AD, you've to re-setup this server for pre-production. It would effectively remove the production RMS server and Office RMS would stop working as a consequence. So, how can we make both RMS servers (one production server for Office RMS users and another pre-production for developer) to co-exist?
Our strategy is to setup a separate pre-production RMS server for developers to use that server. Remember that RMS clients would always refer to its registry settings before checking the AD SCP. Have the development PCs manually configured with pre-production server while the rest of Office clients refer to the SCP on Active Directory for the production RMS server.
Assuming that you already have a production RMS server, this is the outline plan:
- Prepare a new Windows server for AD RMS
- Prepare the registry settings on the new server for pre-production setup.
- Unregister existing SCP using RMS administrative toolkit
- Install the AD RMS role on the new pre-production server
- On the production RMS server, change the SCP back to its original URL
Labels:
AD RMS
Subscribe to:
Posts (Atom)