Mehmet Muhanna
asked on
Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate
Hi
I am New to RMS, I had install WIndows Server 2008 64Bit that host AD DNS, and VMWARE that is running a Server 2008 that will run RMS Server (its a lab)
after the installation of RMS in the VMWARE Machine finished I got this log
Active Directory Rights Management Services: Installation succeeded with errors
Error: Attempt to configure Active Directory Rights Management Server failed. The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again. at Microsoft.RightsManagement Services.C onfigurati on.Licensi ngServerSe lfEnrollme nt.DecideC ertificate Hierarchy( )
at Microsoft.RightsManagement Services.C onfigurati on.Certifi cationServ erSelfEnro llment.Enr oll(Enroll eeServerIn formation enrolleeInformation, EnrolleeRevocationInformat ion revocationInformation, String certificateDisplayName, String cspName, String keyContainerName)
at Microsoft.RightsManagement Services.C onfigurati on.Provisi oningBase. Enroll()
at Microsoft.RightsManagement Services.C onfigurati on.Provisi oningBase. Run()
at Microsoft.RightsManagement Services.C onfigurati on.Provisi onerBase.D oProvision ()
at Microsoft.RightsManagement Services.C onfigurati on.Provisi onerHelper .Run(Opera tionType operationType, Object data)
at Microsoft.RightsManagement Services.C onfigurati on.Provisi onEngine.R un(Operati onType operationType, Boolean passwordEncrypted)
at Microsoft.RightsManagement Services.C onfigurati on.CmdLine Handler.Ru n()
Remove and re-install AD RMS to attempt provisioning again.
After Openning RMS I get the Following Error
AD RMS Administrator Server Fail Because the value of "AdminLocalConnectionPoint " Under registry Key
"HKEY_LOCAL_MACHINE\SOFTWA RE\MICROSO FT\DRMS\2. 0" was invalid
Log Name: Application
Source: Active Directory Rights Management Services
Date: 10/9/2008 9:21:00 AM
Event ID: 204
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: rms.farisnt.local
Description:
Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate hierarchy.
.
.
.
Microsoft.RightsManagement Services.D ecideCerti ficateHier archyFailE xception
Message: The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again.
+ System.Net.WebException
+ Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
+ System.Security.Authentica tion.Authe nticationE xception
+ Message: The remote certificate is invalid according to the validation procedure.
</Data>
</EventData>
</Event>
what can I do to fix this
THanks
I am New to RMS, I had install WIndows Server 2008 64Bit that host AD DNS, and VMWARE that is running a Server 2008 that will run RMS Server (its a lab)
after the installation of RMS in the VMWARE Machine finished I got this log
Active Directory Rights Management Services: Installation succeeded with errors
Error: Attempt to configure Active Directory Rights Management Server failed. The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again. at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
at Microsoft.RightsManagement
Remove and re-install AD RMS to attempt provisioning again.
After Openning RMS I get the Following Error
AD RMS Administrator Server Fail Because the value of "AdminLocalConnectionPoint
"HKEY_LOCAL_MACHINE\SOFTWA
Log Name: Application
Source: Active Directory Rights Management Services
Date: 10/9/2008 9:21:00 AM
Event ID: 204
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: rms.farisnt.local
Description:
Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate hierarchy.
.
.
.
Microsoft.RightsManagement
Message: The AD RMS installation could not determine the certificate hierarchy. If the AD RMS service connection point (SCP) you need to use is registered in Active Directory but is not valid, revise it to make it valid, or create a new SCP, and install AD RMS again.
+ System.Net.WebException
+ Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
+ System.Security.Authentica
+ Message: The remote certificate is invalid according to the validation procedure.
</Data>
</EventData>
</Event>
what can I do to fix this
THanks
ASKER
ATTENTION, I had ask about 5 Q Non of them has been answer, whats up expert
I am also experiencing this problem and would appreciate an answer!! How can you delete a SCP when the server no longer exists? Can it be manually removed somehow?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI all and thanks
I wont be able to answer before 3 days as I am away from the server, I will for sure test this when I come back
THanks
I wont be able to answer before 3 days as I am away from the server, I will for sure test this when I come back
THanks
ASKER
OK
I am back again
THanks for your time
I will try it today and post the reply again
I am very sory for th Delay
I am back again
THanks for your time
I will try it today and post the reply again
I am very sory for th Delay
ASKER
HIIIIIIIIIIIIIIIIIIIIIIII
THANKS KentFire for your Reply
I try it and it work fine, I dont know if that was the Fix
I ran the command
C:\>ADScpRegister.exe unregisterscp https://main.farisnt.local :443/_wmcs /certifica tionasdasd asd
Is this sentence correct
I had remove the RMS and reinstall it and now its working fine,
I use HTTP while installing, I dont know if this problem will appear if I remove the RMS and Reinstall it using HTTPS
I Will offer the point to KentFire and then later will try to remove it and install it using HTTPS
Thanks
THANKS KentFire for your Reply
I try it and it work fine, I dont know if that was the Fix
I ran the command
C:\>ADScpRegister.exe unregisterscp https://main.farisnt.local
Is this sentence correct
I had remove the RMS and reinstall it and now its working fine,
I use HTTP while installing, I dont know if this problem will appear if I remove the RMS and Reinstall it using HTTPS
I Will offer the point to KentFire and then later will try to remove it and install it using HTTPS
Thanks
ASKER
Thanks , I will later try it also using HTTPS
Housammuhanna,
Many thanks for the point and glad you got it sorted in the end.
Cheers.
Many thanks for the point and glad you got it sorted in the end.
Cheers.
Hi,
Where should i run that command
ADScpRegister unregisterscp <URL to unregister>
i have same problem, and when everytime i run this command, i'm given a message indicating that ADScpRegister is not recognized as an internal or external command.
Please advise,,,
Where should i run that command
ADScpRegister unregisterscp <URL to unregister>
i have same problem, and when everytime i run this command, i'm given a message indicating that ADScpRegister is not recognized as an internal or external command.
Please advise,,,
ASKER
NOTE That there is no CA installed in the lab
also I try both HTTPS and HTTP while installing the RMS but all return the same result