AD RMS: Set-IRMConfiguration fails with No RMS server was found
Issue
Running Set-IRMConfiguration on an Exchange server fails as follows:
[PS] C:\Windows\system32>Set-IRMConfiguration -InternalLicensingEnabled $true
No RMS server was found. This setting requires an RMS server to be configured to communicate with Hub Transport
server. Please ensure this is setup correctly to enable IRM features.
+ CategoryInfo : InvalidOperation: (:) [Set-IRMConfiguration], NoRMSServersFoundException
+ FullyQualifiedErrorId : 63A82BB3,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
+ PSComputerName : adrms.cpandl.com
Enabling RMS client tracing on the Exchange server (reboot needed) turns up the following error.
[msdrm]:+DRMGetServiceLocation uServiceType = DRM_SERVICE_TYPE_CERTIFICATION,uServiceLocation = DRM_SERVICE_LOCATION_ENTERPRISE
[msdrm]: Parameters uServiceType=2,uServiceLocation=2,wszIssuanceLicense=(null)
[msdrm]: GetActiveDirectoryService FAILED : 8004cf48
0x8004CF48 = E_DRM_SERVICE_NOT_FOUND
All other client's RMS usage is functioning as expected.
Cause
Domain Users had read access to the RightsManagementServices service connection point (SCP) but not Authenticated Users. Hence computer accounts could not read the SCP in active directory.
Resolution
Ensure Authenticated Users are granted read access to the SCP:
