As soon as I hear someone say that thet are getting prompted to decide
between a Passport account or a Network account, there is almost always a
problem with the client either discovering the SCP, or connecting to the
certification pipeline.
Since the GetSCP returned successfully, I suspect the latter.
Try going to:
http://rmsserver/_wmcs/certification/certification.asmx
from the machine with the error, to ensure that you can successfully get
there. If you can't, or you get errors you need to fix this first before RMS
will work.
Also, make sure that the account you are trying to use has it's email
attribute filled out.
The error is a little odd talking about not being able to discover a GC.
Your RMS server *is* a member server of the domain, correct?
Your description makes me think that you put the RMS server on a DC too,
which is very bad. You would have to actually add you RMS Service account to
the 'Domain Admins' group in order to get this to work correctly from a DC.
-Jason
-Jason
"Raan" wrote:
> I am getting error while requesting user certificates.
>
> Let me tell you the things in detail.
>
> I created a DC and created a new domain in my system. I have also
> added
> a user with domain admin rights.
>
> I have installed the RMS following the steps written in RMS Services
> Help from MSDN. I feel that I have installed the RMS Server
> successfully , I have also
> registered SCP.
>
> Now I also installed RMS client on my RMS server machine.
> When I try to give permissions to my document there comes two options
> .NET Passport or Windows Domain.
> When I proceed with windows domain it says Unexpected error occurred
> Please try again later or contact your network administrator. My user
> has valid email address for that domain (ie
<username>@<domainname>)
>
> How to debug the problem in my configuration.
>
> Please figure out the error...
>
> My environment :-
> I am using Windows 2003 Standard edition.A single machine which is
> DC ,
> Domain Admin , RMS Client , Mail Server. I am testing the word 2003
> protection on the same machine (DC and all) with an account that has
> admin rights. I am working on production env.
>
> I run the GetRMScp.exe and get the following results. I am getting
> error in event log file
>
>
> D:\>"D:\Program Files\RMS SP2 Administration Toolkit\GetRMScp
> \GetRMScp.exe"
>
> RESULTS:
>
> serviceBindingInformation:
http://<domain-machine>/_wmcs/Certification
> distinguishedName:
> CN=SCP,CN=RightsManagementServices,CN=Services,CN=Con
> figuration,DC=<domain>,DC=<com>
>
> *)EventLog
>
> Topology used in quesry of Active Directory cannot be initialized.
> Active Directory cannot be accessed from Windows Rights Management
>
service.Microsoft.DigitalRightsManagement.Utilities.ADEntrySearchFailedException
:
> Entry not found in Active Directory:
> id=S-1-5-21-3862852011-846744357-90182551-1123B --->
>
Microsoft.DigitalRightsManagement.DirectoryServices.DirectoryServiceGetPrincipal
IdentifierException:
> Active Directory service component could not found principal --->
>
Microsoft.DigitalRightsManagement.DirectoryServices.RemoteDirectoryServiceGetPri
ncipalIdentifierException:
> Remote Active Directory Service Component could not found principal.
> B --->
>
Microsoft.DigitalRightsManagement.DirectoryServices.UnableToIncarnateException:
> LDAP pool could not be found --->
>
Microsoft.DigitalRightsManagement.DirectoryServices.UnableToInitializeTopologyEx
ception:
> Topology could not be initialized. --
> ->
> Microsoft.DigitalRightsManagement.DirectoryServices.NoGcsfoundException:
> Either usable global catalogue server in not present or required
> number of servers are less.
> Please check that computer is connected to internet and global
> catalogue server is usable.
> Place:
> Microsoft.DigitalRightsManagement.DirectoryServices.Topology.Initialize()
> --- End of internal exception stack trace ---
> Place
> Microsoft.DigitalRightsManagement.DirectoryServices.Topology.Initialize()
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.Incarnation.Initialize()
> --- End of internal exception stack trace ---
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.Incarnation.Initialize()
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.Incarnation._MapToDrmsAdirMe
thod(String[]
> strInputs, METHOD_TYPE mt)
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.RemoteActiveDirectoryService
s.GetPrincipalIdentifier(String
> strPrincipal, String desiredIdentifier)
> --- End of internal exception stack trace ---
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.RemoteActiveDirectoryService
s.GetPrincipalIdentifier(String
> strPrincipal, String desiredIdentifier)
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.ActiveDirectoryServices.GetP
rincipalIdentifier(String
> strPrincipal, String desiredIdentifier)
> --- End of internal exception stack trace ---
> Place
>
Microsoft.DigitalRightsManagement.DirectoryServices.ActiveDirectoryServices.GetP
rincipalIdentifier(String
> strPrincipal, String desiredIdentifier)
> Place
>
Microsoft.DigitalRightsManagement.Certification.Pipeline._GetPrincipalIdentifier
(String
> principal, String desiredIdentifier)
> --- End of internal exception stack trace ---
> Place
>
Microsoft.DigitalRightsManagement.Certification.Pipeline._GetPrincipalIdentifier
(String
> principal, String desiredIdentifier)
> Place
>
Microsoft.DigitalRightsManagement.Certification.Pipeline._ProcessEmailAddress(ID
rmsPropertyBag
> propertyBag, CaType caType, String& emailAddress, Identification
> identification)
> Place
> Microsoft.DigitalRightsManagement.Certification.Pipeline.Certify(CaType
> caType, CertifyParams[] requestParams, HttpRequest request, IIdentity
> userIdentity)
>
>
> Regards,
> Raan
|