To Manually Enroll the First Server in the Root Cluster
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To perform this procedure, you must be logged on locally to the Administration Web site with a domain user account that is a member of the Administrators group. As a security best practice, consider using Run as to perform this procedure.
To open the Global Administration page, click Start, point to All Programs, point to Windows RMS, and then click Windows RMS Administration.
If you are using the Offline enrollment process, you should make sure that RMS clients do not attempt to connect to the RMS root cluster for licenses until after enrollment has occurred. If clients attempt to connect to an RMS server in the root cluster that is not enrolled, the Web services will enter an error condition that renders them unusable. If you cannot ensure that clients will not attempt to connect to the RMS server, as a best practice you should reset IIS after completing enrollment to clear any error conditions that could have been created. IIS can be reset by running IISRESET from a command prompt.
If you have selected to use Offline enrollment and are using a computer that has an enhanced browser security configuration, such as a computer running Windows Server 2003 SP1, to connect to the Internet and request a server licensor certificate, make sure to add the URL of the Microsoft Enrollment Service Web site to the Trusted Sites zone to allow the download of the server licensor certificate. This URL is https://go.microsoft.com/fwlink/?LinkId=25828.
If you are using the Offline enrollment process, make sure that the computer you use to submit the enrollment request to the Microsoft Enrollment Service has the GTE Cyber Trust Root CA installed in its certificate store. This certification authority is trusted by default on machines running Windows Server 2003. If the computer is running another version of Windows, you can trust this CA by installing the latest certificate updates from Windows Update.
Manually Enrolling the First Server in the Root Cluster
To Manually Enroll the First Server in the Root Cluster
After installing RMS on the server that dedeicated as the first server in the root cluster, open the Global Administration page, and then click Administer RMS on this Web site.
In the Cluster resources area, click Enroll. The Enroll dialog box opens.
Select the Offline option and then click the Export button. The File Download dialog box appears.
Click Save. The Save as dialog box appears.
Note
In the File Download dialog box, do not click Open. If you click Open an error message will be displayed and the enrollment request file will not be saved.
Click Save to export the enrollment request to a file. By default the file will be saved on your desktop and named Server_nameEnrollRequest.xml, where server_name is replaced with the name of your RMS server. You can save the file in a different location by choosing the location you want from the Save in drop-down menu. You can also change the file name from the default by typing a new entry in File name.
Transport the enrollment request file from your server to a computer that can connect to the Internet and then navigate to the Microsoft Enrollment Service Web site (https://go.microsoft.com/fwlink/?LinkId=25828).
Follow the instructions on the Web site to obtain a server licensor certificate.
Transport the server licensor certificate back to this server in the root cluster.
In the Cluster resources area, click Enroll. The Enroll dialog box opens.
In the Enroll dialog box, click the Browse button and locate the server licensor certificate you downloaded and then click the Import button.
Click Yes to confirm that you want to import this certificate.
The Cluster resources area will be updated to display the server licensor certificate.
Close the Global Administration page.