Jack of all that is Microsoft, Master of None

July 11, 2006

Rights Management Services: Remote Access Quick Notes

Filed under: Microsoft Office, Rights Management Services, RMS, Security — cregan @ 3:12 am

Last week, before I took some time off, I setup Windows Rights Management Services (RMS) with the Information Rights Management (IRM) Client on my local PC for B&R. Since my laptop does not belong to the B&R domain, I couldn’t just click on the Permissions button in Word/Excel/PowerPoint/Outlook… if I did, I would just be presented with the option to use my Passport account… but I had to be able to create & consume rights-protected B&R documents on my laptop when traveling.  So in a nutshell, here is a very brief rundown on how I got this functioning:

  1. Before setting up RMS, setup the IIS web site that will be utilized for clients connecting to RMS.  Make sure of the following:

    1. Assign the site a static IP address.

    2. If needed, add in the host header (if using the IP for more than one site)

    3. Directory Security – Integrated Windows Authentication

    4. Install your SSL Certificate before configuring RMS.

    5. Setup DNS within your environment so that internal users are forwarded to the site (ex. rms.domain.com) – add an A record to point rms to the IP address of the site.

    6. Setup your external DNS now as well.

    7. Open up port 443 on your firewall and forward it to the IP address.

    8. TEST NOW – make sure (After DNS has propagated) that externally you can hit the dns name of the site (rms.company.com) and you are prompted to input login credentials. Also make sure this works internally.

  2. Provision RMS on the web site you setup. Walk through the setup and keep in mind:

    1. When specifying the Extranet Cluster URL – specify HTTPS & the Fully-Qualified Domain Name… DO NOT use the server name here. Otherwise you can run into serious problems migrating in the future.

    2. Use a domain account as the service account – not a local system account.

  3. Register your service connection point after provisioning is successful.  Note that the SCP should be similar to https://rms.company.com/_wmcs/Certification/Certification.asmx.

  4. You’re then basically setup. If you have a system on the domain, open up an Office Application & attempt to utilize RMS.  It should find the server and allow you to encrypt the document.

  5. For any non-domain / external users.  Before they use RMS for the first time, two additions need to be made to their registry settings (make sure the RMS client is installed first, then make these registry additions):

    1. HKLM\Software\Microsoft\Office\11.0\Common\DRM\
      Create a new String Value called CorpCertificationServer and make the value point to: https://rms.company.com/_wmcs/Certification.
       
    2. HKLM\Software\Microsoft\Office\11.0\Common\DRM\
      Create a new String Value called CorpLicenseServer and make the value point to: https://rms.companyname.com/_wmcs/Licensing.
  6. Then open up an Office Application and click on the RMS button.  You should then be presented with login credentials.  Enter the domain\username & password, and you should be rolling.  Note: if you receive any error messages after clicking on the RMS button, check that you specified the correct URL.  Also – if you are installing RMS & utilizing SQL Server 2005 – you must perform the fix in this KB Article, otherwise it will error out.
  7. If you have any questions / issues / errors, let me know!

One other quick thing to note… when you are on the ‘Windows RMS Administration’ page and you click on ‘Administer RMS on this web site’ – it probably won’t load – and if you notice the URL, it will be http://localhost/_wmcs/Admin/default.aspx or something like that.  Note that all you need to do is replace localhost with the DNS name you gave the site (rms.companyname.com or whatever), then you can access the admin page.

Enjoy RMS and the great security it offers!

Advertisements

6 Comments »

  1. hi,
    i have installed the RMS in two of the office. There is only one RMS server which in india office. but RMS users are in india office as well as USA office. there is no problem for india office users to access the RMS enabled document but USA users are unable to access the RMS enabled document with below mentioned error.

    http://server.company.com/_wmcs/licensing is temporarily unavailable.Microsoft Internet Explorer may be set to work offile.

    First i have checked whether IE is set for offline , but no it is online only. second i am able to ping the RMS server by just typing its name. i am getting ping response in between 235 ms to 240 ms withouot any drop. we are using IPSec site to site tunnel for inter office connectivity.

    Please help me to resolve this problem

    Regards
    Ronak Patel
    ronak.patel@trianz.com

    Comment by Ronak Patel — July 25, 2007 @ 4:22 am

    • Do you have a solution?

      Comment by yariv — November 22, 2009 @ 7:08 am

  2. Hello,

    When I try to access the administration web site, clicking “Administer RMS on this web site”, it doesnt load, the URL is http://localhost/_wmcs/Admin/default.aspx. But after I changed to the DNS name, it still doesnt load, it says “HTTP Error 403.6 – Forbidden: IP address of the client has been rejected.
    Internet Information Services (IIS)”. In the properties of the web site is set to all computers and IPs Granted Access.

    Please, help me with this.

    Comment by Cristina G — October 28, 2008 @ 11:27 am

  3. Hi,

    I recentrly deployed the RMS 1.0 SP2 installation in my environment, i deployed DC, RMS application, SQL server 2005 all in one machine, after finishing the installation i try to access the windows RMS administration it opens the home page then i click administrator RMS web site link the page not properly open the below error message i received The page must be viewed with a high-security Web browser, kindly help me

    Comment by R.G. Kumar — November 15, 2009 @ 10:17 am

  4. Hi, it works W7 x84 and 2003 RMS Server, on Office 2007. But on Outlook 2010 it does not work .-{

    Comment by vladimir — June 2, 2010 @ 2:57 am

  5. Hi Ronak,

    As you have mentioned in the first comment, I am also having the same problem. My installation works fine with Windows 7/Office 2007, but fails for XP/Office 2003, and I receive the same error messsage when I try to open the document “the service is temporarily unavailable…..check if offline…..”……

    Did you have a solution?

    cheers
    Rehman

    Comment by Rehman Gul — September 12, 2010 @ 10:03 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: