Enabling the Decommissioning Service

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Decommissioning the RMS system requires the private key used to protect all published information. This private key is stored in the configuration database, encrypted by Data Protection API (DPAPI), and is based on the password that was entered during provisioning. If the RMS private key is stored on a hardware security module (HSM), the private key is stored in the HSM instead of the configuration database.


Before decommissioning the RMS system, make sure that you know your private key password. If you do not know this password, you should reset the private key password before decommissioning the RMS server.

The first step to remove the RMS system is to decommission the servers in the cluster. Because decommissioning is a licensing function, a server in a subenrolled RMS licensing-only cluster can be decommissioned without affecting the RMS root cluster or any other subenrolled RMS licensing-only cluster. Therefore, you need to separately decommission the RMS root cluster and any licensing-only clusters because each licensing-only cluster holds its own private key used to create publishing licenses.

Use the following procedure to enable the decommissioning service:

  1. Open the Windows RMS Administration Web site.

  2. Click Administer RMS and then click Security Settings.

  3. Select the check box Enable decommissioning of the RMS installation.

  4. When a dialog box asks you to confirm the decommissioning process, click OK.

When you decommission a server, it cannot be restored to a standard RMS configuration. This procedure is irreversible.

Once you have decommissioned RMS, RMS must be completely removed by using Add or Remove Programs before attempting to install another instance of RMS.