3.1.1 Activate the Server
Before participating in RMS, the RMS server enrolls as defined in [MS-RMPR] section 3.1.3. To enroll, the RMS server needs to have a server licensor certificate (SLC). Server enrollment requests can be made synchronously by the server directly contacting the RMS cloud service, or asynchronously by an RMS administrator exporting the enrollment request and contacting the RMS cloud service from another computer.
Prior to RMS server version 2, the RMS server contacted the Microsoft enrollment cloud service to sign the SLC key into the hierarchy. The RMS version 2 server has a shared enrollment private key and certificate chain. On initialization of the RMS version 2 server, the server generates its own unsigned SLC, signs it with this shared enrollment private key, and then appends the certificate chain.
For more information about contacting the RMS cloud service, see [MS-RMPR] section 3.1.3.2.