Getting IPCERROR_BROKEN_CERT_CHAIN? We have a fix
Hi folks,
Some partner developers recently raised the issue that they are getting IPCERROR_BROKEN_CERT_CHAIN error when testing in pre-production hierarchy. Our developer Sumanth fixed the bug and would like to explain the issue for you:
Thanks,
Dan
Hello,
I'm Sumanth Lingom, a developer on the RMS team. Some of our partner developers reported that they are getting the IPCERROR_BROKEN_CERT_CHAIN error when testing in the pre-production hierarchy. We have investigated this issue and determined that the root cause is an expired certificate in the pre-production certificate chain. We’re happy to announce that we now have a fix ready for this issue, and have also taken steps to ensure that this issue never happens again. We’ve achieved this by making our certificate validation much more forgiving in the pre-production environment. The result: your test certificates will continue to work even if your copy of the SDK gets stale. Don’t worry – these changes have no effect on production environments.
If you are facing this problem, you can resolve it with the following steps:
On your development machine (the machine where you build using the RMS SDK)
- Un-install the RMS SDK.
- Install the latest version of the RMS SDK from here
On your test machine (the machine where you will be testing your RMS applications)
- For 32-bit machines
copy ipcsecproc_isv.dll %ProgramFiles%\Active Directory Rights Management Services Client 2.1
copy ipcsecproc_ssp_isv.dll %ProgramFiles%\Active Directory Rights Management Services Client 2.1
(These files can be found in %MSIPCSdkDir%\bin\x86 folder on a machine which has the SDK installed)
2. For 64-bit machines:
copy ipcsecproc_isv.dll %ProgramFiles%\Active Directory Rights Management Services Client 2.1
copy ipcsecproc_ssp_isv.dll %ProgramFiles%\Active Directory Rights Management Services Client 2.1
(These files can be found in %MSIPCSdkDir%\bin\x64 folder on a machine which has the SDK installed)
copy ipcsecproc_isv.dll %ProgramFiles(x86)%\Active Directory Rights Management Services Client 2.1
copy ipcsecproc_ssp_isv.dll %ProgramFiles(x86)%\Active Directory Rights Management Services Client 2.1
(These files can be found in %MSIPCSdkDir%\bin\x86 folder on a machine which has the SDK installed)
3. Ensure that you have the correct registry key settings for the client to work against pre-production server.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC]
"Hierarchy"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC]
"Hierarchy "=dword:00000001
That’s it! Thanks to all who reported this issue. We appreciate your help in making our SDK better. As always, if you need further assistance please post your question in our Microsoft Connect forum. If the website shows 'Page not found' it may be that you haven’t registered on Microsoft Connect. So: Go tohttps://connect.microsoft.com, sign in with your Microsoft Account > Directory> Search for Rights Management Services > Join).
-Sumanth