Hello,

I have the following test environment:

• 1 DC
• 1 AD RMS server: I have configured a template on it
• 1 client computer: Windows 7 64 bit and Microsoft Office 2007

I have a problem configuring the Windows 7 client computer so that it will use my AD RMS cluster. I followed all steps mentioned here: http://technet.microsoft.com/en-us/library/cc771971(WS.10).aspx

but the client computer can not use the RMS server.

I created the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM and added AdminTemplatePath with %LocalAppData%\Microsoft\DRM\Templates as a value.

I also configured the automatic scheduled task like mentioned in the article and no changes: the Templates folder is not being created and the created model is not present on the client computer. I forced a manual sync and as a result I found the error (0x8004CF48).

What should I configure to get my client computer working?

Hi X,

When you say client computer can not use the RMS server, are you able to protect  a simple word document or are you getting an error here?

I am assuming the Windows 7 computer is joined to the domain and the cluster URL's are HTTP.

For your second point, to get the Templates distributed to the client computers,

• Place the templates in a share folder which has share permissions for Everyone to Read
• Download the Office 2007 ORK or ADM files (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22666)
• Add the office12.adm file to GPO
• Configure the setting under Manage Restricted Permissions> Specify Permission Policy Path with the share name in the first step
• Apply the GPO to the correct OU  and run gpupdate on the client

When you say client computer can not use the RMS server, are you able to protect  a simple word document or are you getting an error here?

No. The problem is that I am unable to protect the file.

I am assuming the Windows 7 computer is joined to the domain and the cluster URL's are HTTP.

The Windows 7 computer is joined to the domain and the cluster URL's are HTTPS with a self-signed certificates.

For your second point, to get the Templates distributed to the client computers,

• Place the templates in a share folder which has share permissions for Everyone to Read

Already done.

• Download the Office 2007 ORK or ADM files (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22666)
• Add the office12.adm file to GPO
• Configure the setting under Manage Restricted Permissions> Specify Permission Policy Path with the share name in the first step
• Apply the GPO to the correct OU  and run gpupdate on the client

That is becoming to be intersting. I will try that tomorrow.

In that case the RMS client is unable to contact the RMS server,

• Hope you have the copied the self signed certificate to certificate store on the Windows 7 client
• published SCP entry using the Intranet URL
• Add the Intranet URL to the IE Local Intranet Zone
• Download the RMS toolkit and deploy on the client (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1479)
• Run the IRMcheck tool and share the report

In that case the RMS client is unable to contact the RMS server,

• Hope you have the copied the self signed certificate to certificate store on the Windows 7 client

No. I thought that I will be asked if it is trusted or not.

published SCP entry using the Intranet URL

What do you mean exactly by that?

Add the Intranet URL to the IE Local Intranet Zone

Yes.

Download the RMS toolkit and deploy on the client (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1479)

Great tool.

I will tell you the advance tomorrow.

Hello,

So now I added the AD RMS server certificate as a trusted one. Also, I published the templates using group policies and all is okay with them. They are published correctly.

The client computer still does not protect the doc file. I opened Word, selected my model and it prompt for me user credentials. I added the domain admin credentials. After that, I had a menu and I had to selected between Windows Live ID accounts and Windows accounts. I had chosen Windows account. After that, I got an error that states that there is an error and I have to contact my system admin.

I had run the IRMCheck tool and it is reporting to me three errors:

1. Some registry key overrides listed below do not point to the correct RM servers: I have seen the registry entry mentioned in the report and all is correct
2. Any application listed above that is running will prevent IRM from running: There is no application that is running
3. The e-mail attribute for the logged on user is not set in the AD: normal as I am not using Exchange

Any suggestions?

Yup, you made a major mistake :)

• The e-mail attribute for the logged on user is not set in the AD: normal as I am not using Exchange

Need to populate the email address field, for the ADRMS to provision the user, won't work otherwise! put anything there since it's a test lab.

Hi Adnan, I followed your conversation with Mr X.

I have a similar problem where my Client cannot use IRM to protect a document. I have Win7 64bit with Office2010Std-64bit. ADRMS is running on a W2k8R2Std server.

I did look at the toolkit but most CMDs do not run. It seems the tool was made for W2k3.

the latest irmcheck.exe tool only gave me the error:

Registry overrides ERROR Some registry key overrides listed below do not point to the correct RM servers
Action:Please click 'Detect And Repair' on the Help menu in one of Microsoft Office applications

Any ideas? I've checked GPO settings, Template locations, everything mentioned in this post.

Help would really be appreciated.

Regards

Schalk

Hi Schalk

• Are you having the issue on one client or with everyone?
• RMS Urls - HTTP or HTTPS?
• On the same client can you open a protected document ?

From the info above I notice you are using Office 2010 Standard, (can you provide a complete version info).  In which case you won't be able to create protected content at all, will just be able to consume existing protected content. Need to upgrade to Professional.

Have a read thru AD RMS and Microsoft Office Deployment Considerations & Compare suites available through Volume Licensing

Hi Adnan

Thanks for the reply. I found my problem. The PC I was using to perform my tests on had Office Standard installed. My bad :-(  It is actually working, tested with a Pro installation.

Thank you very much for the help.

Schalk

Dear All,

Environment  : 

1. Windows XP sp3
2. Microsoft office 2003 sp3 (pro)
3. Ofiice 2010 (pro)
4. compatibility pack for the 2007 office system  (FileFormatConverters.exe)

When i run IRMcheck tool i got the following error 

• Some Registry key overrides listed below do not point to the correct RM servers Action : Please click 'Detect and Repair on the help menu in one of office applications 
• IRM Application manifests not found

When i uninstall following from machine

1. compatibility pack for the 2007 office system  (FileFormatConverters.exe) 

Then i run IRM checktool , Everything as success , Please help to sort out this 

Thanks in Advance

Scorpion