Tuning Your AD RMS Server to Work Well with the Exchange 2007 SP1 Pre-Licensing Agent

If you are already using the AD RMS Pre-Licensing agent that shipped with Exchange 2007 SP1, you probably know how it can speed up the experience of end users opening RMS protected content in Outlook, but did you also know that you can optimize the performance of your AD RMS server in this scenario?

The secret to this optimization is a clever cache that was added in the Windows Server 2008 version of AD RMS. When turned on, this cache stores a pre-RAC for each user in the DRMS_Config database. From this point on, any application that calls the PreCertify() web method on the AD RMS server (e.g. the Exchange AD RMS Pre-Licensing Agent) will receive a much faster response.

By default this pre-RAC cache is turned off. To turn it on you will need to update a setting in the DRMS_ClusterPolicies table of your DRMS_Config database.

[Warning: Make sure you have a fresh backup of your DRMS_Config* database before making any changes to it.]

Run the following SQL query to check the state of the pre-RAC cache setting:

SELECT PolicyData FROM dbo.DRMS_ClusterPolicies WHERE PolicyName = 'GroupIdentityCertificateStorage'

Run the following SQL query to turn ON the pre-RAC cache:

UPDATE dbo.DRMS_ClusterPolicies SET PolicyData = 1 WHERE PolicyName = 'GroupIdentityCertificateStorage'

Run the following SQL query to turn OFF the pre-RAC cache:

UPDATE dbo.DRMS_ClusterPolicies SET PolicyData = 0 WHERE PolicyName = 'GroupIdentityCertificateStorage'

Is there a downside? Well, there’s no such thing as a free lunch. All of these cached pre-RACs will consume a bit more space in your DRMS_Config database, so be prepared for it to grow slightly. In our test lab, we observed the DRMS_Config database growing by about 40 extra MBs, per 5000 new users, when this cache is turned on.

Peter Gilson, Senior Test Lead