Symptoms
Consider the following scenario:
-
You configure the Active Directory Rights Management Services (AD RMS) service in a Microsoft Exchange Server 2010 environment.
-
You use the Information Rights Management (IRM) feature on the Exchange Server 2010 server that has the Client Access server role installed.
-
You create an AD RMS rights policy template that has the Request a new use license every time content is consumed option enabled. You assign the rights to a user group.
-
You send an IRM-protected email message that uses the RMS template to a user who is a member of the group.
-
The user can open the email message successfully by using Microsoft Office Outlook or by using Microsoft Outlook Web App (OWA).
-
You remove the user from the group.
In this scenario, the user can still open the email message by using Outlook or OWA.
Cause
This issue occurs because the Exchange server pre-fetches the use license and caches it in a property of the email message. Therefore, the Exchange server does not honor the NoLicCache flag that is set for the Request a new use license every time content is consumed option.
Resolution
To resolve this issue, install the following update rollup:
2645995 Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about AD RMS, visit the following Microsoft website:
General information about AD RMSFor more information about how to create a new rights policy template, visit the following Microsoft website:
General information about how to create a new rights policy templateFor more information about IRM, visit the following Microsoft website:
General information about IRMFor more information about how to enable or disable IRM on Client Access servers, visit the following Microsoft website:
General information about how to enable or disable IRM on Client Access servers
