使用AD RMS配置SharePoint 2010时的错误
我在使用AD RMS配置SharePoint 2010时遇到问题。使用AD RMS配置SharePoint 2010时的错误
当选择“使用在Active Directory中指定的默认RMS服务器”中的SharePoint,我收到以下错误:
The required Windows Rights Management client is present but the server refused access. If you are switching from one RMS server to a different RMS server, be sure you have set up a trust relationship between the two. IRM will not work until the server grants permission.
在SharePoint服务器上的事件日志,我得到两个关键应用程序事件:
Event 5062: Information Rights Management (IRM): There was a problem while trying to activate a right account certificate.
Event 5133: Information Rights Management (IRM): There was a problem while obtaining a Rights Management Services (RMS) group identity certificate (GIC)
在RMS服务器,IIS日志中捕获以下:
/_wmcs/certification/ServerCertification.asmx - 443 - (ip address) - Windows+Rights+Management+Client - 401 2 5 15
/_wmcs/certification/ServerCertification.asmx - 443 DOMAIN\SPFarm (ip address) - Windows+Rights+Management+Client - 500 0 0 1015
设置如下:
- dc。 域 .local(Windows Server 2012 + AD)
- db。 域名 .local(Windows Server 2012 + SQL Server 2012)
- rms。 域名 .local(Windows Server 2012 + AD RMS)
- sp。 域。本地(在Windows Server 2008 R2 + SharePoint 2010中)
在SharePoint是要建立一个简单的农场。管理中心和WFE位于'sp'服务器上,'db'服务器正在用作数据库。
在域中的帐户是:
- RMAdmin(AD RMS管理员)
- RMService(AD RMS服务)
- SPSetup(的SharePoint设置/管理员)
- SPFarm(SharePoint场)
我已经完成了'rms'服务器上'_wcms/certification/servercertification.asmx'的步骤:
级- 父文件夹
- 新增SharePoint服务器的计算机帐户的ACL为“读取”和“读取&执行”
- 添加了DOMAIN \ SPFarm帐户的ACL中的Inheritied权限“阅读”和‘阅读&执行’
另外,从RMS服务器的服务器证书已导入到‘SharePoint服务器的受信任的根证书’,并在RMS服务器上。
我可以确认RMS和SharePoint分开工作,我无法获得SharePoint上的IRM设置!
试试这个:
IISreset /stop
del /q /f "%USERPROFILE%\AppData\Local\Microsoft\Drm\*.*"
del /q /f /s "%ALLUSERSPROFILE%\Microsoft\DRM\Server\*.*"
IISreset /start