Mar 12
13
After I finally got AD RMS up and running, the next task was then to integrate it with SharePoint 2010. This seemed simple:
1. Go into Central Admin in SharePoint 2010 on a Web Front End (WFE) Server,
2. Click Security,
3. In the section Information Policy, click Configure information rights management,
4. Choose one of the three options:
- Do not use IRM on this server
- Use the default RMS server specified in Active Directory
- Use this RMS server (it then allows you to type in the url for your AD RMS server)
My initial choice was the third option.
I typed in my AD RMS url and then clicked the OK button. It failed. I double-checked the url and it was right. What could be the problem?? After careful reading of Google’s findings on the subject, I chose the second option (“use the default RMS server specified in Active Directory”)… and it failed again. After going back to Google again, I found this article about integrating SharePoint 2007 with IRM which gives the important steps of Permissions – you must enable the SharePoint 2010 WFEs to access the AD RMS server certificate. Got it. Here are the steps from the above article by David Lim which are as relevant to SharePoint 2010 as they were to SharePoint 2007.
- Log on to the AD RMS server as a local administrator
- Click Start, and then click Computer
- Navigate to c:\Inetpub\wwwroot\_wmcs\Certification
- Right-click ServerCertification.asmx, click Properties, and then click the Security tab
- Click Advanced, click Edit, select the Include inheritable permissions from this object’s parent check box, and then click OK two times
- Click Edit
- Click Add
- Click Object Types, select the Computers check box, and then click OK
- Type the name of the SharePoint web front-end server, and then click OK twice.
- Repeat the above three steps for other web front-end servers
- Click OK to close the ServerCertification.asmx Properties sheet. By default the Read & Execute and the Read permissions are configured
- Reset IIS
Now you can go back into Central Admin on a WFE, Security section, Configure information rights management, and select the 2nd option: Use the default RMS server specified in Active Directory.
It should work this time. For me it did.
Final Step: After you take these above steps, site and document library administrators are able to enable IRM on any document library to which they have the appropriate permissions.