Event ID 134 — AD RMS Trust Policy Integrity
Updated: November 10, 2008
Applies To: Windows Server 2008
Trust policies in Active Directory Rights Managemenet Services (AD RMS) allow users to share rights-protected content across Active Directory Domain Services (AD DS) forests that are either internal or external to the organization.
|Product:||Windows Operating System|
|Source:||Active Directory Rights Management Services|
|Message:||The trusted user domain for the requestor's rights account certificate contains a trusted e-mail domain that is not valid. Remove the e-mail domain that is not valid from the trusted user domain by using the Active Directory Rights Management Services console.
Remove trusted e-mail domain that is not valid
To perform this procedure, you must be a member of the local AD RMS Enterprise Administrators group, or you must have been delegated the appropriate authority.
To remove a trusted e-mail domain that is not valid:
- Log on to a server in the AD RMS cluster.
- Click Start, point to Administrative Tools, and then click Active Directory Rights Management Services.
- Expand the AD RMS cluster, expand Trust Policies, and then click Trusted User Domain.
- Select the appropriate trusted user domain, and then click Properties.
- Click the Trusted E-mail Domains tab.
- Click the e-mail domain that is not valid, and then click Remove.
- Repeat step 6 for each trusted e-mail domain that is not valid.
To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.
Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.
To verify that the AD RMS trust policies are working correctly:
- Log on to an AD RMS-enabled client computer.
- Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
- In the new document type This is a test document.
- Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
- Select the Restrict permissions to this document check box.
- Type another AD RMS user's e-mail address in the Read box, and then click OK.
- Send this file to the person who was granted access in step 6.
- Have this person open the document and verify that he or she cannot print it.