The Windows Server 2003 support lifecycle is set to expire in July 2015, so Microsoft changed the lifetime of SLCs that are issued for Windows Rights Management Services to 7150 days. This change was made to allow Windows Rights Management Services servers and clusters to continue to work after the service that is used to issue SLCs is decommissioned after the end of support of Windows Server 2003.
This change doesn’t affect the supportability status of Windows Rights Management Services clusters running on the Windows Server 2003 platform. Customers using Windows RMS clusters based on Windows Server 2003 are advised to upgrade to Active Directory Rights Management Services (AD RMS) or to Microsoft Azure Information Protection (previously called Azure Rights Management) before Windows Server 2003 supportability ends.
Active Directory Rights Management Services clusters running on Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 are not affected by this change. AD RMS clusters running on these platforms use an SLC that has a lifespan of 256 years and it does not require provisioning or renewal by Microsoft.
If you haven’t yet received an SLC with a duration of 7150 days you should renew it as soon as possible, even if the present certificate is within its valid lifespan. This will enable your server to operate independently from the Microsoft-hosted enrollment service, and it will avoid any certificate expiration issues in your existing certificate chains.
To renew your certificate for Windows RMS please see To Renew a Server Licensor Certificate on Microsoft TechNet.
For more information about the supportability lifecycle of Windows Server 2003, please see Microsoft Support Lifecycle.
Warning: This update allows your Windows Rights Management Services to continue functioning until the end of the Windows Server 2003 support lifecycle, however the RSA key in certificates used in Windows Server 2003 is limited to 1,024 bits. According to the National Institute of Standards and Technology (NIST) and RSA, this certificate length is no longer recommended. Currently, at least 2,048 bit keys are recommended. RSA keys of 2,048 bit lengths are supported in AD RMS running on Windows Server 2008 R2 or Windows Server 2012 in addition to Azure Information Protection.
For additional information on RSA key length recommendations, see TWIRL and RSA Key Size.
Article ID: 2853958 - Last Review: Oct 3, 2016 - Revision: 1