Another from Carsten:
This is Carsten again. With this blog entry I’d like to provide some background information on a misleading error message in the MOSS Information Rights Management configuration page.
The Deploying Windows Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide explains in the To add SPS-SRV to the RMS Certification Pipeline section that the computer account of the MOSS computer requires Read & Execute permissions on the ServerCertification.asmx file. This guidance assumes that the Sharepoint web application is running under the Network Service account. Honestly, in a MOSS enterprise configuration, this is quite unlikely because Microsoft is recommending in Plan for administrative and service accounts to use dedicated service accounts for MOSS.
If you are following the recommended practices, the IIS web pool identity used by the SharePoint Central Administration and the IIS web pool identity used by the current MOSS web application requires Read & Execute permissions on the ServerCertification.asmx file. In this case, the computer account of the MOSS server does not matter.
If those two service accounts are not permitted correctly, the following misleading error is shown:
The following sample screenshot illustrates how to correctly permit the accounts used by the MOSS web application and the SharePoint Central Administration:
In your screenshot for the permissions you have the Farm Account set to Deny - did you mean to set this to Allow??
You are Right, you must grant allow access.
Thanks a lot for this post. I had granted access to my WFE servers on the ServerCertification.asmx file, but missed the identity pool account. After granting access to the service account, I am not seeing the error anymore.