Attempting to install Active Directory Rights Management Services (AD RMS) fails with the following event:
Product: Windows Operating System
ID: 204 Source: Active Directory Rights Management Services Version: 6.0 Symbolic Name: GetCertificateHierarchyFailedEvent Message: Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate hierarchySymptoms
This can occur if the Service Connection Point (SCP) is corrupt or invalid.
Cause
To resolve this issue, complete the following:
1. Open adsiedit.msc on a Domain Controller in the domain.
2. Connect to the Configuration container (“Select a well known Naming Context: Configuration”) 3. Navigate the following nodes: CN=Configuration [server name], CN=Services. 4. Verify that CN=RightsManagementServices and CN=SCP are missing.Recreate the nodes, leaving them empty:
1. Navigate to CN=Configuration [server name], CN=Services
2. Right-click in Services and choose New Object 3. Select Container. 4. Name the container RightsManagementServices 5. In that new container, right-click and choose New Object 6. Select Container. 7. Name the container SCPExit out of ADSIEdit.