다음을 통해 공유

Using the IRM Diagnostic Tool to Troubleshoot Problems Opening an Information Protected Document or Email

  • 아티클

 

The IRM Diagnostics Tool (IRMDiag) is a tool available in Microsoft's Download Center that enables a user to troubleshoot issues with Information Rights Management scenarios while using Azure RMS or AD RMS.

The tool offers the following capabilities:

  • Display client configuration information, including software versions and relevant registry settings, including indication of reachable and unreachable URLs in the configuration.
  • Display template and certificate information on the client
  • Perform transactions against RMS based on the client configuration and display the results, such as client activation and success of failure creating and opening content protected with each of the available templates.
  • Clear the environment configuration to leave the RMS client (both MSIPC and MSDRM clients) in an uninitialized state.
  • Capture trace files while client operations are performed by the user so these files can be sent to a help desk person
  • Capture the client configuration to a file, and open client configuration files to remotely analyze a client's configuration.
  • Manually edit registry settings in the client to fix configuration problems.

This tool is currently pre-release.

Below are instructions for troubleshooting common scenarios with the IRMDiag tool. This tool is designed to be utilized by a skilled IT professional or under the guidance of one.

Reviewing a client computer's configuration

Download and launch the IRM Diagnostics tool. If using a 64 bit computer running a 64 bit version of the client applications (e.g. Office), use the x64 version of the tool in the download package. Otherwise use the 32 bit version of the tool.

Please note that the IRMDiag tool requires the .Net framework 4.0 libraries to run. If you don't have these libraries installed in your computer you can download them from http://www.microsoft.com/en-us/download/details.aspx?id=17851. You can easily find out if you have this library installed by trying to run the tool, the tool will warn you that the library is not installed if it is missing, and you can install it at that point and rerun the tool.

If this is the first time you run the tool, review and accept the license agreement.

On the first screen select Advanced Mode.

From the File menu, select the Scan Machine option.

Depending on your computer’s configuration the application may take a few minutes to display the information while it gathers and tests all configurations (including verifying reachability of all your client’s configuration URLs).

Review client software versions on the list at the top. The Status column indicates if the software version is within the currently supported ranges.

Review certificates (RACs and CLCs). Common errors are inconsistent issuance dates and bad validity ranges. For more information you can open these files in a text editor by clicking on the Open button at the end of each line.

Review the registry configurations below. You can hover the mouse over any column to get more information about the meaning of the setting, their recommended values or the causes for any errors displayed. Please note that an error sign does not necessarily indicate a problem, it just indicates that the URL in one of the registry values could not be reached.

Keep in mind that only values present in the client are displayed. If a registry value or key needs to be configured that is not currently present in the client it won’t be displayed in the tool.

If a technical professional determines that one of the registry values needs to be modified, this can be done by clicking on the contents column for that row. Please note that no validation of the values is done by the tool, so misuse of this capability could lead to a non-functional configuration.

 

Sending a client's configuration to a remote support person

If a remote technical professional needs to analyze the client’s configuration after scanning the computer with the tool, use the File/Save to File… option to save the client’s configuration in a specified location. You can then email the file to the support professional, who can open it in the same tool by using the File/Load from File… option.

At that point, the remote person will be seeing this client’s configuration as exported (editing of the configuration will be disabled on his/her computer).

 

Resetting a client's state

Some problems caused by simple misconfigurations can be resolved by resetting the client’s status to an uninitialized state. This is done by deleting the MSIPC and/or MSDRM folders in the client computer where certificates and licenses are stored. To do this, use the Tools/Clear MSIPC License Store or Tools/Clear MSDRM License Store (MSPIC is the library used by most recent applications, while MSDRM is used by Office 2010 and most older apps).

This will delete the contents of these folders. After trying to use RMS again from the client these folders will be automatically populated if the client can be normally activated

 

Verifying the client's configuration functionality and checking rights to open content

To determine if a client is configured properly to use RMS by using the MSIPC client, use the option Tools/Test Transaction on IRMDiag.

This will launch a process that will activate the client with MSIPC, try to protect content with all the available templates and then attempt to open the content. It will display the results of these operations alongside with the rights granted to the use for each of the templates.

This can be useful to isolate application-specific problems and to determine if problems a user has to open specific content are due to lack of rights with the template used.

Note: if the tool crashes while running this test, check if using the other version of the tool (x86 or x64) works successfully.

 

Troubleshooting opening a document in Office 2013 by capturing trace logs

If you can't open a document or email that has been rights-protected by AD RMS or Azure RMS, you can use the IRM Diagnostic tool to help you diagnose the problem. This tool is currently prerelease.

**

**

Instructions

1. Download the IRM Diagnostics tool from the Microsoft Download Center.

2. Select x86 or x64, depending on your client operating system.

3. Extract the tool to a temporary folder.

4. Right-click IrmDiagnosticsTool.exe and select Run As Administrator to install the tool.

5. Gather computer information:

a. Select Advanced Mode

b. Select File -> Scan Machine

c. Wait for the scan to complete

d. Select File -> Save to file …

 6. Clean the license stores:

a. Select Tools -> Clear MSIPC License Store

b. Select Tools -> Clear MSDRM License Store

7. Start capturing traces using DebugView tool:

a. Select Tools -> Download DebugView (if not already downloaded and installed from http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx)

b. Extract the tool to a temporary folder

c. Right click Dbgview.exe and select Run As Administrator to run the file

d. Select Capture -> Capture Global Win32

 8. Enable client logging if it’s not already enabled and start client tracing:

a. Select Advanced Mode

b. Select Tools -> Turn Client Tracing On

 9. Run the synthetic transaction test:

a. Return to the IrmDiagnostics tool

b. Select Tools -> Test Transaction

c. Optional: Download the Active Directory Rights Management Service Client 2.1 (from http://www.microsoft.com/en-us/download/details.aspx?id=38396) to a temporary folder

d. Right-click setup_msipc_x64.exe and select Run As Administrator to install the client

e. Select Tools -> Test Transaction

f. Wait for the test to complete.

10. Save the DebugView log to a file:

a. File -> Save As…

 11. Disable client trace logging:

a. Return to the IrmDiagnostics tool:

b. Select Tools -> Turn Client Tracing Off

12. Close both tools: DebugView and IrmDiagnosticsTool.exe

13. Review the log files from steps 5 and 10.