Event ID 162 — AD RMS Cluster Configuration
Applies To: Windows Server 2008 R2
Servers in an Active Directory Rights Management Services (AD RMS) cluster are configured to both send and receive requests from AD RMS clients, other servers in the AD RMS cluster, and the AD RMS databases.
|Product:||Windows Operating System|
|Source:||Active Directory Rights Management Services|
|Message:||Active Directory Rights Management Services (AD RMS) group expansion across forests membership resolutions cannot be performed because MaxCrossForestCalls policy is set to 0.|
Increase MaxCrossForestCalls value
The current maximum cross forest calls policy is set to 0. The maximum cross forest calls value is used with AD RMS group expansion across forests.
To perform this procedure, you must be a member of the System Administrators database role, or you must have been delegated the appropriate authority.
To increase the value for MaxCrossForestCalls:
- Log on to the AD RMS configuration database server.
- Click Start, point to All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.
- In the Server name box, type the name of the AD RMS configuration database server, and then click Connect.
- Expand Databases, and then click the AD RMS configuration database. By default, the name of this database is DRMS_Config_clustername_portnumber where clustername is the name of the AD RMS cluster and portnumber is the TCP port in which the AD RMS Web services listens for requests.
- Click New Query.
- Type select * from drms_clusterpolicies where policyname = 'MaxCrossForestCalls', and then click Execute.
- To update the value of MaxCrossForestCalls, type update drms_clusterpolicies set policydata = '10' where policyname = 'MaxCrossForestCalls', and then click Execute. The default MaxCrossForestCalls value when AD RMS is installed is 10.
To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.
Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.
To verify that AD RMS is configured correctly, do the following:
- Log on to an AD RMS-enabled client computer.
- Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
- In the new document type This is a test document.
- Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
- Select the Restrict permissions to this document check box.
- Type another AD RMS user's e-mail address in the Read box, and then click OK.
- Send this file to the person who was granted access in step 6.
- Have this person open the document and verify that he or she cannot do anything else with the document such as print it.