RMS Enrollment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The server enrollment process creates and delivers a server licensor certificate. Server licensor certificates validate the identity of the servers that are in the deployment, and provide credential validation during rights-protected content consumption. The first server in every licensing-only cluster is enrolled with the root cluster as part of the provisioning process. Subsequent servers that are in the cluster are not separately enrolled.

The initial server of a root cluster must be enrolled with the Microsoft Enrollment Service. This process can be done automatically as part of provisioning if the first server in the root cluster is connected to the Internet, or the enrollment process may be completed offline by exporting a request to a file and then submitting the file to the Microsoft Enrollment Service from another computer that has an Internet connection. The enrollment request will return a server licensor certificate for the root cluster that can then be imported using the RMS Administration Web pages.

The enrollment request includes the following information:

  • Revocation information. Whether the RMS installation will use standard or custom (third-party) revocation. If third-party revocation is being used, the public key of the revocation authority is included.

  • Certificate Public Key. The public key of the server licensor certificate. This public key is generated on the RMS server and is sent to the Microsoft Server Enrollment Service for obtaining the server licensor certificate.

  • SKU. The official RMS SKU title.

  • Version. The RMS assembly version number.

  • URL. The RMS root cluster base URL.

When the Microsoft Server Enrollment Service provides a response to the enrollment request it returns the following information to the RMS server in XML format:

  • Server Licensor Certificate.

  • Certificate chain of signing authorities.

Whether the first server in the RMS root cluster is enrolled using the online or offline method the same information is transferred. No additional information is gathered in either method.

For steps to perform an offline server enrollment, see "To Use Offline Enrollment to Enroll a Root Certification Server" in “RMS: Operations” in this documentation collection.

The client enrollment process creates and delivers a client licensor certificate that enables an author to publish rights-protected content from a computer that is not connected to the corporate network. An author can request a client licensor certificate at any time. Client enrollment is not required.

All enrollment requests are logged.

This section covers: