Ever wonder how to setup a pre-production environment and use Office with it (after all Office is signed with a production cert)?
Live...via satellite from Germany <dunt duh da da..du du du du du dunt da ta da>...iiiiiiiiitttttt's Carsten!
Hi, Carsten here.
Today I want to share information how to set up Microsoft Office 2007 in a Windows Server 2008 RMS pre-production environment.
Setting up the RMS preproduction server
Let’s start with the RMS server:
1. Before the RMS server role is installed on the Windows Server 2008 server, you must configure the registry. As documented in Configure the Registry, the following value must be set:
2. As a next step, the Active Directory Rights Management server role must be installed. Once the role setup has finished, open the Active Directory RMS MMC and verify in the server’s Properties in the Server Certificate tab that the Hierarchy is set to Preproduction.
The following steps must be performed once on every client computer where Microsoft Office 2007 is used with certificates and licenses from the Preproduction RMS server.
1. As documented in Configure the Registry, the following value must be set:
2. Download the Office Format Protector Sample Code which is part of the Microsoft Office File Format Protectors home page.
3. Read the Office2007IRMInPreProductionHierarchy.docx document from the OfficePreProductionHierarchy folder within the downloaded ZIP file.
4. Make sure that you are backing up all XLM files as described in step #2 in the Step by Step instructions for configuring Office 2007 section in the document. If you don’t do so, you cannot change back from the pre-production hierarchy to the production hierarchy.
5. Note that step #7 in the Step by Step instructions for configuring Office 2007 section in the document says nothing about elevation. The command prompt that runs genmft.bat or genmft.64.bat must be elevated. The script will run without elevation but registration of the components will silently fail.Note: Do not rerun the script because it will silently replace the Office 2007 installation XML files that had been renamed to *.OLD in the first run. However, the Office 2007 installation XML files can be restored from the backup that you made according to step #2 in the Step by Step instructions for configuring Office 2007 section in the Office2007IRMInPreProductionHierarchy.docx document.
To test your own RMS enabled application, you can install the RMS SDK SP2 on the client computer.
If you have set up a preproduction RMS server but missed to configure the client you will receive the following error message from Microsoft Office 2007 when a new XrML certificate is requested from the RMS server:
Cannot use test manifests against production servers
In case you have enabled RMS tracing, you will see error DRMInitEnvironment HR=0x8004cf19 in the DebugView log.
Moving from preproduction to production
To revert the RMS server from the pre-production hierarchy back to the production hierarchy, perform the following steps:
1. Uninstall the Active Directory Rights Management server role. To do so, see the Step-by-Step guide Decommission AD RMS Root Cluster.
2. Set the following registry key on the RMS server
3. Re-Install the Active Directory Rights Management server role.
To change a client computer from the preproduction hierarchy to the production hierarchy, perform the following steps:
1. Change the following registry key
2. Restore the Office 2007 XLM files containing the production hierarchy back into %programfiles%\microsoft office\office12.
I am trying to setup my windows 2003 box as RMS server on a pre-production environment. The provisioning happens correctly and i find the hierarchy on my "Windows RMS administration" to be Pre-production. I install the RMS client after setting the required pre-production registry keys. When i try to protect my word document i get the error "cannot use test manifests against production servers". I tried running a code piece of mine and find the user and machine are activated. Any suggestions would be helpful
Useless sample, having lot of bugs, eg. registry values. Better do not write such like this "useful helps", because somebody can waist lot of time trying use it.