Administrators receive a security warning and an error message when they try to perform some tasks for Windows Rights Management Services 1.0 for Windows Server 2003 Service Pack 2

Article translations Article translations
Article ID: 2708963 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When an administrator tries to perform an online enrollment or to renew a server licensor certificate (SLC) for Microsoft Windows Rights Management Services (RMS) 1.0 for Windows Server 2003 Service Pack 2 (SP2), they receive one of the following security warnings: 
Security warning 1
The Certificate Issuer for this site is untrusted or unknown.
Security warning 2
The certificate you are viewing does not match the name of the site you are trying to view.
After the administrator decides to cancel the dialog or to continue to work with the untrusted site, they receive the following error message:
Windows Right Management Services could not be provisioned on this server.

An error occurred during the provisioning process. Any changes made during the provisioning process have been rolled back. See Windows Rights Management Services Help for more information about the provisioning process.

Failed to enroll the server. If you requesting a new certificate for a root certification server, verify that you can connect to the internet and that you have set your proxy settings if they are required, and then try again. If you are requesting a new certificate for a licensing server, verify that you can connect to the root certification server, and then try again.

When an administrator tries to establish a trusted user domain to trust Passport (Live ID)-based Rights Account Certificates (RACs) for RMS 1.0 with Windows Server 2003 SP2, they receive one of the following security warnings:
Security warning 1
The Certificate Issuer for this site is untrusted or unknown.
Security warning 2
The certificate you are viewing does not match the name of the site you are trying to view.
After the administrator decides to cancel the dialog or to continue with the untrusted site, they receive the following error message:
The underlying connection was closed: Could not establish a trust relationship with remote server.

CAUSE

The Universal Description Discover and Integration (UDDI) service provides service discovery locations for RMS 1.0 servers. This problem occurs because the UDDI service is no longer available as of May 18, 2012.

RESOLUTION

Administrators who are running RMS 1.0 for Windows Server 2003 SP2 have to add a registry key to point each server in the RMS cluster directly to the online Microsoft enrollment service in order to perform an online enrollment or to renew the Server Licensor Certificate in production and pre-production hierarchies. A second registry key is required to point each server in the RMS cluster directly to the online Microsoft certification service in order to establish a trusted user domain that trusts Passport (Live ID)-based Rights Account Certificates.

Important IIS must be restarted after the registry keys are updated.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
 Follow these steps, and then exit Registry Editor: 
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry.

    For the enrollment URL on x86 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\
    For the enrollment URL on x64 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\
  3. On the Edit menu, point to New, and then click String value.
  4. Type EnrollmentURL, and then press Enter.
  5. On the Edit menu, click Modify.
  6. Type https://activation.drm.microsoft.com/enrollment/enrollservice.asmx, and then click OK.
  7. Locate and then click the following key in the registry.

    For the GIC URL (Trust Passport) on x86 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\
    For the GIC URL (Trust Passport) on x64 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\
  8. On the Edit menu, point to New, and then click String value.
  9. Type CloudGicURL, and then press Enter.
  10. On the Edit menu, click Modify.
  11. Type https://certification.drm.microsoft.com/certification/certification.asmx, and then click OK.

MORE INFORMATION

For software developers and RMS installations that use the pre-production trust hierarchy, the registry keys will be slightly different.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Follow these steps, and then exit Registry Editor: 
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry.

    For the Enrollment URL on x86 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\
    For the Enrollment URL x64 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\
  3. On the Edit menu, point to New, and then click String value.
  4. Type EnrollmentURL, and then press Enter.
  5. On the Edit menu, click Modify.
  6. Type https://activation.isv.drm.microsoft.com/enrollment/enrollservice.asmx, and then click OK.
  7. Locate and then click the following key in the registry.

    For the GIC URL (Trust Passport) on x86 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\
    For the GIC URL (Trust Passport) x64 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\
  8. On the Edit menu, point to New, and then click String value.
  9. Type CloudGicURL, and then press Enter.
  10. On the Edit menu, click Modify.
  11. Type https://certification.isv.drm.microsoft.com/certification/certification.asmx, and then click OK.

Properties

Article ID: 2708963 - Last Review: May 4, 2012 - Revision: 1.0
APPLIES TO
  • Microsoft Windows Rights Management Services (RMS) for Windows Server 2003 Service Pack 2
Keywords: 
kbprb kbfix kbexpertiseinter kbsurveynew KB2708963

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com