Archive for January 2015

Deploy and Configure Active Directory RMS 2012 for Exchange 2013 Part-1

Deploy Active Directory Rights Management Services 2012 R2

Installing Active Directory Right Management Services 2012 has some prerequisites like creating Service Account, Security Groups and DNS record.

Service Account: ADRMSSVC
Security Group: ADRMS_SuperUsers and Executives
DNS A record:

Open Active Directory Users and Computers and create Service Accounts "adrmssvc" and Host A record in DNS.

Create Security Groups ADRMS_SuperUsers and Executives

Create Host A record in DNS.

Note: This host A record will point to certificate and url name as and IP address is of adrms01 server.

Start the installation of Active Directory Right Management Services Role.

Now click on Post deployment-configuration in Server Manager.

 Note: I am using Windows Internal Database for this article.

Select Connection Type as SSL and before you click on next you will have to request and the certificate from Active Directory RMS server and complete the request. Open IIS Manager and select click on adrms server and click on Server Certificates under feature view. Click on Create Domain Certificate in the action pan.

If you get the above error message than go to your Certificate Authority Server and restart the Certificate Service. After restarting the service click on finish and the request will complete.
Now click on next on Cluster Address window and continue the process.

Click on close and open Server Manager and click on Tools and click on Active Directory Rights Management Services.

While opening the console if you get the below warning message that means you will have to install the certificate on adrms01 server.

After you click on Yes it will give you the below error message. Reason for this message is because name (adrms) on the certificate is different as what the name of the server (adrms01).

You will have create 2 DWORDS on the server under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Lsa and create DWORD DisableLoopbackCheck and value 1. Second DWORD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters create DWORD "DisableStrickNameChecking" and value 1. After making the changes restart the server and after that console will open without any error.

This completes deployment of Active Directory Rights Management Services, in next part we will see how to configure ADRMS for Exchange Server 2013.

Gulab Prasad

How to customize Exchange Server 2013 OWA Log In Page

I have been asked to customize Outlook Web App page several time in past by some of my clients.
Customizing Outlook Web App (OWA) page in Exchange 2013 is easy as compare to other previous versions.

Default OWA login page is regular Blue and White theme.

You will have change few file to make Log In page the way you want it to look.
On Client Access Server you will have to browse the location where all the theme files are store.
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\15.0.995\themes

Note: Before you make any changes to the existing files, make sure you take a backup of all the files by copying and pasting it some where on the server or on the network.

For this article I am making changes on 2 files which are highlighted olk_logo_white and owa_text_blue
Copy and paste the file and click on replace button once get the pop after pasting the file.

There's one more location you can make the changes. In IIS you can do the same thing.

After making the changes you can login to the owa URL in my case its and you should see the new owa login page.

Gulab Prasad