|
| RMS SCP Registration within Server 2008 |
 |
Wed, 6 Feb 2008 07:40:03 -0800 |
Hi,
I have a Server 2008 machine deployed as a DC (within a 2003 Forest) and
have installed Rights Management onto the server. After sorting out the
credential issues (the RMS account needs more than domain user membership to
be validated successfully within the wizard - had to add it to domain
admins), the service installs successfully. However it does not register the
SCN and when you try and register it via the console (with a user who is the
member of Enterprise admins, RMS Admins, etc) I get a non specific error -
"Failed to register Service Conenction Point URL in Active Directory Domain
|
| Post Reply
|
| RE: RMS SCP Registration within Server 2008 |
 |
Wed, 13 Feb 2008 05:01:03 -080 |
Can anyone help?
"Will Owen" wrote:
> Hi,
>
> I have a Server 2008 machine deployed as a DC (within a 2003 Forest) and
> have installed Rights Management onto the server. After sorting out the
> credential issues (the RMS account needs more than domain user membership
to
> be validated successfully within the wizard - had to add it to domain
> admins), the service installs successfully. However it does not register
the
> SCN and when you try and register it via the console (with a user who is
the
> member of Enterprise admins, RMS Admins, etc) I get a non specific error -
> "Failed to register Service Conenction Point URL in Active Directory
Domain
|
| Post Reply
|
| RE: RMS SCP Registration within Server 2008 |
 |
Fri, 15 Feb 2008 10:27:01 -080 |
Don't install RMS on a DC. You have discovered first hand why. You should
'never' have to give your RMS Service account 'Domain Admin' credentials.
As the the actual cause of your problem at this point I'm not sure. My guess
would be that since you are on a DC, you have to actually add the RMS Service
account you specified to the Enterprise Admins group.
If at all possible, RMS should be installed on a server that does nothing
else but RMS work. As everyone in the security field is aware, the more
services you add to a machine, the wider the attack surface of the machine
becomes. Since an RMS machine is supposed to be responsible for protecting
the content that your company has deemed to be confidential, it's a good idea
to keep the attack surface as small as possible.
-Jason
"Will Owen" wrote:
> Can anyone help?
>
> "Will Owen" wrote:
>
> > Hi,
> >
> > I have a Server 2008 machine deployed as a DC (within a 2003 Forest)
and
> > have installed Rights Management onto the server. After sorting out
the
> > credential issues (the RMS account needs more than domain user
membership to
> > be validated successfully within the wizard - had to add it to domain
> > admins), the service installs successfully. However it does not
register the
> > SCN and when you try and register it via the console (with a user who
is the
> > member of Enterprise admins, RMS Admins, etc) I get a non specific
error -
> > "Failed to register Service Conenction Point URL in Active
Directory Domain
|
| Post Reply
|
|
|
|
|
|
|
|
|
|