Event ID 135 — AD RMS Trust Policy Integrity
Applies To: Windows Server 2008
.jpg)
Trust policies in Active Directory Rights Managemenet Services (AD RMS) allow users to share rights-protected content across Active Directory Domain Services (AD DS) forests that are either internal or external to the organization.
Event Details
| Product: | Windows Operating System |
| ID: | 135 |
| Source: | Active Directory Rights Management Services |
| Version: | 6.0 |
| Symbolic Name: | UntrustedPublishingDomainCertEvent |
| Message: | An untrusted server licensor certificate issued to the %1 computer was encountered in the list of trusted publishing domains certificates and will not be honored. Computer name: %1 |
Resolve
Delete trusted publishing domain that is no longer trusted
To perform this procedure, you must be a member of the local AD RMS Enterprise Administrators group, or you must have been delegated the appropriate authority.
To delete a trusted publishing domain:
Caution: If you delete a trusted publishing domain, any content that was protected by using the public key linked to the trusted publishing domain will not be accessible.
- Log on to a server in the AD RMS cluster.
- Click Start, point to Administrative Tools, and then click Active Directory Rights Management Services.
- Expand the AD RMS cluster, expand Trusted Policies, and then click Trusted Publishing Domains.
- Click the trusted publishing domain that is no longer to be trusted, and then click Delete.
- Click Yes to confirm.
- If these steps do not resolve the issue, restore the AD RMS configuration database from backup to a point where this error did not occur.
Verify
To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.
Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.
To verify that the AD RMS trust policies are working correctly:
- Log on to an AD RMS-enabled client computer.
- Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
- In the new document type This is a test document.
- Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
- Select the Restrict permissions to this document check box.
- Type another AD RMS user's e-mail address in the Read box, and then click OK.
- Send this file to the person who was granted access in step 6.
- Have this person open the document and verify that he or she cannot print it.