Attempting to install Active Directory Rights Management Services (AD RMS) fails with the following event:
Product: Windows Operating System
Source: Active Directory Rights Management Services
Symbolic Name: GetCertificateHierarchyFailedEvent
Message: Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate hierarchy
This can occur if the Service Connection Point (SCP) is corrupt or invalid.
To resolve this issue, complete the following:
1. Open adsiedit.msc on a Domain Controller in the domain.
2. Connect to the Configuration container (“Select a well known Naming Context: Configuration”)
3. Navigate the following nodes: CN=Configuration [server name], CN=Services.
4. Verify that CN=RightsManagementServices and CN=SCP are missing.
Recreate the nodes, leaving them empty:
1. Navigate to CN=Configuration [server name], CN=Services
2. Right-click in Services and choose New Object
3. Select Container.
4. Name the container RightsManagementServices
5. In that new container, right-click and choose New Object
6. Select Container.
7. Name the container SCP
Exit out of ADSIEdit.