AD RMS Trust Policy Integrity
Applies To: Windows Server 2008
Trust policies in Active Directory Rights Managemenet Services (AD RMS) allow users to share rights-protected content across Active Directory Domain Services (AD DS) forests that are either internal or external to the organization.
Events
| Event ID | Source | Message |
|---|---|---|
Active Directory Rights Management Services |
The private key does not match the public key extracted from the corresponding trusted publishing domain server licensor certificate. Make sure that the Active Directory Rights Management Services (AD RMS) service account has access to the private key store. If the cluster key is centrally managed by AD RMS, ensure that the AD RMS configuration database is available on the network. If the cluster key is stored in a hardware-based cryptographic storage provider, verify that the cluster key has been imported into the AD RMS cluster. Re-import the trusted publishing domain. Parameter Reference Context: %1 RequestId: %2 %3 %4 |
|
Active Directory Rights Management Services |
The trusted user domain for the requestor's rights account certificate contains a trusted e-mail domain that is not valid. Remove the e-mail domain that is not valid from the trusted user domain by using the Active Directory Rights Management Services console. Parameter Reference Context: %1 RequestId: %2 %3 %4 |
|
Active Directory Rights Management Services |
An untrusted server licensor certificate issued to the %1 computer was encountered in the list of trusted publishing domains certificates and will not be honored. Computer name: %1 |
|
Active Directory Rights Management Services |
E-mail claim is not present in the request. User Action Enable the E-mail claim on the Active Directory Federation Services (AD FS) server. |
|
Active Directory Rights Management Services |
Universal Principal Name (UPN) claim is not present in the request. Enable UPN claim on the Active Directory Federation Services (AD FS) server. | |
Active Directory Rights Management Services |
An Active Directory Rights Management Services (AD RMS) client issuance license does not contain a valid cluster. Ensure that all servers in the AD RMS cluster are part of the trusted publishing domain. Parameter Reference Context: %1 RequestId: %2 %3 %4 |
|
Active Directory Rights Management Services |
An invalid certificate chain was found in the trusted publishing domain or trusted user domain. Parameter Reference Context: %1 RequestId: %2 %3 %4 |
|
Active Directory Rights Management Services |
The friendly name for this Active Directory Rights Management Services (AD RMS) cluster is not valid. Change the AD RMS cluster friendly name to a valid one. |
|
Active Directory Rights Management Services |
A particular certificate was not found in the trusted publishing domain. Parameter Reference Context: %1 RequestId: %2 %3 %4 |