Enrolling and Enabling Microsoft Federation Gateway Support

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 with SP1

In order to use the Microsoft Federation Gateway, after you add Microsoft Federation Gateway Support, you must enroll your Active Directory Rights Management Services (AD RMS) cluster with the Microsoft Federation Gateway. After this, you must configure and enable Microsoft Federation Gateway Support. The following procedure explains this process.

Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enroll the AD RMS cluster and enable Microsoft Federation Gateway Support

1. Log on to a server in the AD RMS cluster.

2. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

3. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support.

4. In the Actions pane, click Configure Microsoft Federation Gateway Support.

5. When the Enroll Cluster with the Microsoft Federation Gateway wizard appears, verify that the SSL certificate is the correct certificate that proves domain ownership for enrolling with the Microsoft Federation Gateway. If it is not, click Browse to select the correct certificate. For information about which certificate to select, see Important considerations for installing AD RMS Microsoft Federation Gateway Support.

6. Click Next, and then click Finish.

7. On all servers in the AD RMS cluster, do the following.

   1. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

   2. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support.

   3. In the Actions pane, click Grant permissions to token decryption certificate on this server.

Note

If this link is not present in the Actions pane, the necessary permission has already been granted on this server.

8. Perform the following tasks, as needed:

   • Setting the Microsoft Federation Gateway Support RAC Validity Period

   • Managing Licensing Domains

   • Managing Publishing Domains

9. In the Actions pane, click Enable Microsoft Federation Gateway Support.

Additional references

• Deploying and Configuring Microsoft Federation Gateway Support