Event ID 64 — RMS Client Activation
Applies To: Windows Server 2008
When you use a Rights Management Services (RMS) version 1.0 client with no service pack installed for the first time, the RMS-enabled client contacts the Microsoft Activation service over the Internet to receive its machine certificate, which identifies the computer as trusted by RMS. If the activation URL is not available when the client attempts to activate, the activation process fails.
|Product:||Windows Operating System|
|Source:||Active Directory Rights Management Services|
|Message:||The Rights Management Services (RMS) client version 1.0 cannot locate the Active Directory Rights Management Services (AD RMS) activation URL. Ensure that the RMS client computer can access the Internet.|
Override the RMS activation URL
When an RMS version 1.0 client with no service pack installed activates for the first time, it is required to activate by connecting to the Microsoft Activation Service. The default activation URL is https://activation.drm.microsoft.com/activation/activation.asmx, but you can override this URL in the registry. Use these sections to test connectivity to the Microsoft Activation Services, ensure that the activation URL registry override is correct, and change the AD RMS proxy settings.
To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
Note: This is valid only for the RMS version 1.0 client with no service packs. The RMS with Service Pack 1 client and the RMS with Service Pack 2 client do not connect to the Microsoft Activation Service.
Check for connectivity to the Microsoft Activation Service
To check for connectivity to the Microsoft Activation Service:
Log on to a client computer.
Click Start, click All Programs, and then click Internet Explorer.
In the address bar, type https://activation.drm.microsoft.com/activation/activation.asmx, and then press ENTER.
If the URL resolves to a Web page with the title ActivationWebService Web Service, the activation URL is operating correctly.
If the URL does not resolve, check to make sure that it is allowed through the network proxy and that the URL is not being blocked by a firewall.
Check the activation URL registry override
To check the activation URL registry override:
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
- Log on to the client computer that is experiencing difficulties.
- Click Start. In the Start Search box, type regedit, and then press ENTER.
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\2.0.
- Verify that the ActivationURL registry entry is a valid URL. If the URL no longer exists, you can remove this registry entry and allow the RMS client to use the default activation URL.
Change the AD RMS proxy settings
To change the AD RMS proxy settings:
Open the Active Directory Rights Management Services console. Click Start, point to Administrative Tools, and then click Active Directory Rights Management Services.
Right-click the AD RMS cluster, and then click Properties.
Click the Proxy Settings tab.
Select the This cluster uses a proxy server to access external networks check box.
In the Address box, type the IP address or DNS name of the proxy server that you want to use.
In the Port box, type the port number that the proxy server uses to connect to the Internet.
If you do not use the proxy server to connect to local resources, select the Bypass proxy server for local addresses check box.
If you have addresses that should not be using the proxy server at all, type them in the Do not use proxy server for address beginning with box.
If appropriate, select the This proxy server requires authentication check box.
In Authentication type, choose the appropriate authentication type from the list: Basic, Digest, or Integrated Windows.
In User name, type the user name that should be supplied in response to the challenge from the proxy server.
In Password, type the password that should be supplied in response to the challenge from the proxy server.
In Confirm password, re-type the password supplied previously to verify that you typed it correctly.
If your proxy server uses Integrated Windows authentication, in Domain, type the domain to which the user belongs.
To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.
Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.
To verify the RMS client computer can successfully activate:
- Log on to an AD RMS-enabled client computer.
- Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
- In the new document type This is a test document.
- Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
- Select the Restrict permissions to this document check box.
- Type another AD RMS user's e-mail address in the Read box, and then click OK.
- Send this file to the person who was granted access in step 6.
- Have this person open the document and verify that he or she cannot do anything else with the document such as print it.