I've read lots about using a CName for the SQL server for DR purposes, how on a new install of Windows 2008 AD RMS do you specify the CName of the SQL server. As part of the install the only option you get is to pick the sql computer from an existing computer object in AD.
This isnt the case for the RMS Cluster which can easily be referenced by a CName during install.
Can you offer any advice?
On WS2008 you need to set the following in the registry (on the SQL server and the RMS server (to be safe)) before provisioning:
Create a DWORD value under this key named:
And set it to ‘1’
Then try provisioning.
I have RMS running on a machine we will call acme. It is also a file server, and there are so many things hard coded to acme, that can't be changed. We go a new windows storage server that will have to be named acme. I see two options, try to install RMS on a storage server, not sure if that is supported, or move RMS to some new box. The bad news is my DRMS_ClusterServer is set to the name acme. Suggestions? Thanks!
It appears you've got yourself into a bit of a pickle that stems from not using a cname record when provisioning the RMS server. If you need to change the cluster URL the terrible truth is you need to do this:
- First you need to make sure that you export the SLC and TPD certs out of the current installation.
- Then you need to remove the SCP, and deprovision RMS.
- Then you need to stand up an entirely new RMS infrastructure, keeping in mind to use cname records for the SQL server and Cluster URL *and* make sure that if the plan is to use HTTPS that you have a certificate all ready to go, and the secure channel open prior to provisioning.
- Once you stand up the new infrastructure you need to import the TPD certificate into the new installation.
- Now you have to write a logon script that will remove the DRM folder from every users machine in the environment, so that they will obtain a new RAC and CLC from the new installation.
- Then you need to set the licenseserverredirection key in the registry to tell every client that if they want to open something that was issued by the old licensing server, to redirect to the new licensing server.
Just look for the word LicenseServerRedirection on this blog and you should hit my blog post "All you can eat Office registry keys and a bag of chips". The key is defined in that post.
Lot's of people have used my previous posting detailing the steps necessary to move your database server
Just so you know, anytime I read your blogs I LOL all the time.
Anyway, I have the same issue as the guy with the "acme" server, though my server is not clustered and has SQL Desktop Engine running the database, not a SQL server. I don't understand what you meant by "SLC, TPD, SCP, RAC, CLC" and how to export the SLC and TPD certs.
Also, what is a good way to backup the RMS server?
SLC (Server Licensor Certificate)
This is what signs all the shiznit for your environment. You can back this up from the 'Trust Policies' menu in the RMS administration console. You also give this to companies that you want to swap RMS protected info with. You import theirs, and they import yours.
TPD (Trusted Publishing Domain)
This certificate is the keys to your kingdom. Whoever owns this, owns you so be careful with it and keep it protected. This too can be backed up in the 'Trust Policies' menu item in the RMS admin console. If you ever need to do a disaster recovery, you can rebuild your environment, import this key, and you will be able to decrypt all old content. You can also piut this certificate on remote RMS servers, that you want to be able to decrypt content from another server, without the users actually going to the originating server. This would require the LicenseServerRedirection key to be set in the users registry.
SCP (Service Connection Point)
This is an entry in your AD that tells all your users where to go to activate their machine. Essentially the url of the RMS server.
RAC (Rights Account Certificate) a.k.a. GIC
This certificate allows a user to participate in the RMS environment. Whenever they try to open content, they pass this cert to the RMS server to politely prove that they are who they say they are. Without it, you can't open content.
CLC (Client Licensor Certificate)
This certificate allows you to publish content offline. Without this you can't create any RMS protected shiznit.
Can I apply this article: "How to change the TCP port that SharePoint Portal Server or SharePoint Server uses to connect to SQL Server" support.microsoft.com/.../889647 to change the TCP port that RMS Server uses to connect to SQL Server?