Monday, March 17, 2014

How to clear old RMS Templates on FCI

If you're using FCI to perform automatic RMS encryption and you're setting up new RMS server, you'll find both old and new RMS templates appearing on the File Management Task like this:

How to remove and clear away old RMS templates? Clear all files under
C:\ProgramData\Microsoft\DRM\Server\Templates\S-1-5-18

Wednesday, March 12, 2014

Co-existence: Pre-production and Production AD RMS

We have developers wishing to develop AD RMS applications based on AD RMS SDK 2.1. Any applications developed out of this SDK is considered pre-production until its application manifest are signed with certs from Microsoft (a.k.a moving from pre-production to production).

However, pre-production applications won't work with production AD RMS server and vice-versa. Otherwise, you'll see this error: "Cannot use test manifests against production servers"

Hence, you'll have to follow this guide "How to install and configure an RMS Server" for pre-production. If there is already an existing RMS server in your AD, you've to re-setup this server for pre-production. It would effectively remove the production RMS server and Office RMS would stop working as a consequence. So, how can we make both RMS servers (one production server for Office RMS users and another pre-production for developer) to co-exist?

Our strategy is to setup a separate pre-production RMS server for developers to use that server. Remember that RMS clients would always refer to its registry settings before checking the AD SCP. Have the development PCs manually configured with pre-production server while the rest of Office clients refer to the SCP on Active Directory for the production RMS server.

Assuming that you already have a production RMS server, this is the outline plan:

  1. Prepare a new Windows server for AD RMS
  2. Prepare the registry settings on the new server for pre-production setup.
  3. Unregister existing SCP using RMS administrative toolkit
  4. Install the AD RMS role on the new pre-production server
  5. On the production RMS server, change the SCP back to its original URL