Deploy and Configure Active Directory RMS 2012 for Exchange 2013 Part-1

Deploy Active Directory Rights Management Services 2012 R2

Installing Active Directory Right Management Services 2012 has some prerequisites like creating Service Account, Security Groups and DNS record.

Service Account: ADRMSSVC
Security Group: ADRMS_SuperUsers and Executives
DNS A record: adrms.exchangeranger.net

Open Active Directory Users and Computers and create Service Accounts "adrmssvc" and Host A record in DNS.














































Create Security Groups ADRMS_SuperUsers and Executives



























Create Host A record in DNS.




















Note: This host A record will point to certificate and url name as https://adrms.exchangeranger.net and IP address 192.168.1.109 is of adrms01 server.

Start the installation of Active Directory Right Management Services Role.



































Now click on Post deployment-configuration in Server Manager.




 Note: I am using Windows Internal Database for this article.






































Select Connection Type as SSL and before you click on next you will have to request and the certificate from Active Directory RMS server and complete the request. Open IIS Manager and select click on adrms server and click on Server Certificates under feature view. Click on Create Domain Certificate in the action pan.
































If you get the above error message than go to your Certificate Authority Server and restart the Certificate Service. After restarting the service click on finish and the request will complete.
Now click on next on Cluster Address window and continue the process.







Click on close and open Server Manager and click on Tools and click on Active Directory Rights Management Services.

































While opening the console if you get the below warning message that means you will have to install the certificate on adrms01 server.



















After you click on Yes it will give you the below error message. Reason for this message is because name (adrms) on the certificate is different as what the name of the server (adrms01).















You will have create 2 DWORDS on the server under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Lsa and create DWORD DisableLoopbackCheck and value 1. Second DWORD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters create DWORD "DisableStrickNameChecking" and value 1. After making the changes restart the server and after that console will open without any error.





















This completes deployment of Active Directory Rights Management Services, in next part we will see how to configure ADRMS for Exchange Server 2013.

Cheers,
Gulab Prasad

Leave a Reply

EXCHANGE RANGER