I am having a problem setting up my RMS. I followed this guide http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part1.html and everything was going good up to the point where you run Test-IRMConfiguration –Sender administrator@contoso.com.
I have 2 mail servers and 1 passes the test but other fails at a step. The error it gives is
- FAIL: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC).This failure may cause features such as Transport Decryption, Transport Protection Rules, Journal Report
Decryption, IRM in Outlook Web App, IRM in Exchange ActiveSync, and IRM Search to not work. Make sure that
the Exchange Servers Group is granted "Read" and "Read & Execute" rights on the ServerCertification.asmx and
Publish.asmx pipelines on your AD RMS server. For details, see "Set Permissions on the AD RMS Certification
Pipeline" at http://go.microsoft.com/fwlink/?LinkId=186951.
----------------------------------------
Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to acquire server box RAC
from https://server.local/_wmcs/certification/servercertification.asmx. --->
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Exception of type
'System.Web.Services.Protocols.SoapException' was thrown. --->
Microsoft.DigitalRightsManagement.Cryptography.UnsupportedCryptographicSetException: Exception of type
'Microsoft.DigitalRightsManagement.Cryptography.UnsupportedCryptographicSetException' was thrown.
--- End of inner exception stack trace ---
at Microsoft.DigitalRightsManagement.Certification.BaseCertificationWebService.Certify(CAType caType,
CertifyParams requestParameters)
at Microsoft.DigitalRightsManagement.Certification.ServerCertificationWebService.Certify(CertifyParams
requestParams)
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message,
WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
at Microsoft.Exchange.Security.RightsManagement.SOAP.ServerCertification.ServerCertificationWS.EndCertify(
IAsyncResult asyncResult)
at Microsoft.Exchange.Security.RightsManagement.ServerCertificationWSManager.EndAcquireRac(IAsyncResult
asyncResult)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.EndAcquireInternalOrganizationRACAndC
LC(IAsyncResult asyncResult)
at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
I already did the correct permissions as my second mail server passes the test. So then I looked up the error: Microsoft.DigitalRightsManagement.Cryptography.UnsupportedCryptographicSetException' which was a problem with previous server versions and not Server 2012 and Exchange 2013 which is what I am running. I saw that that error refers to cryptography mode 2 which was the default when I installed RMS.
Now I assume because of this is why OWA isnt working. When I try to apply a template from OWA I get an error saying: The message can't be sent right now. Please try again later
But that does not happen with Outlook 2013. What else can I do?