Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

Configuring Site Module for RMS

« Go Back

Information

 
Article Number000003485
Article
 

Configure Security Sheriff for RMS

Prepare SharePoint for RMS

1.       Create an AD RMS SharePoint Services group in AD (Domain\ AD RMS SharePoint Services)

2.       Add the RMS Service account DOMAIN\AdRmsSrvc to the group

3.       Add the AD RMS Enterprise Administrators group to the group (optional for ease of future administration)

4.       Add the account running the SharePoint Web Application pool account to the group

5.       Add the SharePoint Farm account to the group

6.       Ensure that SharePoint Farm account has an email address configured

7.       Ensure that SharePoint Web Application pool account has an email address configured

8.       On the RMS server
Assign Read & execute NTFS Permissions to ServerCertification.asmx for the group Domain\AD RMS SharePoint Services

a.       Right Click and choose properties on C:\inetpub\wwwroot\_wmcs\certification\ServerCertification.asmx

b.      Click on the security tab

c.       Click on Edit

d.      Click on add

e.      Select the group AD RMS SharePoint Services

f.        Make sure Read & Execute and Read is selected

g.       Click on OK

h.      Click on OK

9.       Restart the RMS server (needed to reload the group membership of the RMS service account)
 

Configure Security Sheriff RMS settings

1.       In Central Administration
Navigate to General Application Setting -> Security Sheriff -> Configuration

2.       Configure AD RMS in Security Sheriff
User-added image

3.       Click on Save to store the configuration change

 

Troubleshooting.

 

1.       Review IIS logs on RMS server

a.       If you get HTTP 401 errors for any account then they are lacking NTFS Permission.

b.      If you get HTTP 500 errors then check that the account has an email address configured in AD

2.       If you get this error message during Manual Content protection
User-added image
or you see this error in the ULS log.
Error occurred retrieving Content Protection on item: <Document name>.
Possible causes include: Validity Time Expired. Exception Details: Microsoft.InformationProtectionAndControl.InformationProtectionException: The system cannot find the file specified. HRESULT: 0x80070002
  
Then run C:\inetpub\wwwroot\wss\VirtualDirectories\<WebApp>\RMS\Startup.cmd on the SharePoint servers

3.       Make sure AppFabric  is patched with at least CU3
https://support.microsoft.com/en-us/kb/2787717

4.       Make sure that you do not get timeout issues  in distributed cache see this article
https://blogs.msdn.microsoft.com/sambetts/2014/05/28/troubleshooting-appfabric-timeouts-on-sharepoint/

 



 

 

 

Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255