Event ID 197 — AD RMS Trust Hierarchy Determination
Applies To: Windows Server 2008
.jpg)
Active Directory Rights Management Services (AD RMS) supports two trust hierarchies: production, and ISV. The ISV hierarchy is used for developing AD RMS-enabled applications. The production hierarchy should be used for all production installations of AD RMS.
Important: The production hierarchy should be used for all AD RMS installations, unless you are developing an AD RMS-enabled application.
Event Details
| Product: | Windows Operating System |
| ID: | 197 |
| Source: | Active Directory Rights Management Services |
| Version: | 6.0 |
| Symbolic Name: | SelfEnrollmentSigningKeyAssemblyErrorEvent |
| Message: | Active Directory Rights Management Services (AD RMS) could not determine its trust hierarchy. |
Resolve
Change trust hierarchy registry entry to production hierarchy
Two trust hierachies are supported by AD RMS: Production and ISV. The Production hierarchy should be used, except in special scenarios such as when you are developing an AD RMS-enabled application and want to be in the ISV hierarchy.
To change the AD RMS hierarchy registry key to production hieracrchy:
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
- On the computer where you are installing AD RMS, click Start.
- In the Start Search box, type regedit, and then press ENTER.
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\uDRM.
- Right-click Hierarchy, and then click Modify.
- In the Value data box, type 0, and then click OK.
Verify
Two trust hierachies are supported by AD RMS: Production and ISV. The Production hierarchy should be used, except in special scenarios such as when you are developing an AD RMS-enabled application and want to be in the ISV hierarchy.
To perform this procedure, you must be a member of the local AD RMS Enterprise Administrators group, or you must have been delegated the appropriate authority.
To verify that the trust hierarchy is correct:
- Log on to a server in the AD RMS cluster.
- Open the Active Directory Rights Management Services console.
- Right-click the AD RMS cluster, and then click Properties.
- Click the Server Certificate tab. Verify that the value in the hierarchy box is Production.