Microsoft has released public previews of two Rights Management Services Diagnostic Tools.
These tools diagnose settings, configurations and behavior of your Active Directory Rights Management Services (AD RMS) infrastructure. There are two tools, one for RMS Client and one for RMS Server.
The tools are very small, only about 200 kb each. That do not require installation and can be downloaded here:
http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=56564
This is what the RMS Client Diagnostic app looks like (see below for Server screenshots):
I ran diagnostics on my test client and you can see that I have some issues with Intranet Sites:
Clicking on Fix it in the left menu and then the View Operations button it displays what will be done if I choose to click Fix It Now.
When I did click Fix It Now, the fix succeed:
Running the diagnostics again shows no error this time:
You can also use this tool to reset the cached RMS-related files on tour client, even if no errors were found. Note that this action will not make you lose access to any RMS protected data, it only means that the next time RMS is used on the client you will be automatically bootstrapped (get a fresh set of user certificates and templates):
This is what the RMS Server Diagnostic app looks like:
By clicking Server in the left menu you get information about my RMS Server installation:
By running Diagnostics, RMS server related tests are performed. I got a warning that a group email address was not found my current account:
Clicking Templates enables me to download published RMS templates. I can expand each of them to get more detailed information. Here I have expanded the FTE – Edit and print template:
On the Membership menu you can quickly check if a user is member of an RMS enabled group or not. This can help troubleshoot users that cannot open documents they believe they should have access to:
The user Klara is not a member of the TeamHelix group:
The user Max however is a member of the TeamHelix group:
I hope you will find these tools useful.
Update 2015-05-13
There is a new version of this tool, read more about it here:
In the new version the Membership page has been updated to also include checking membership of Templates:
Does this work for Azure RMS? Is source code available? Thanks!
No, not with Azure RMS at the moment, but it will most likely do that before long. I’ll try to remember to comment here if/when it does.
I’ll look into the source code question, but my guess is that it will stay proprietary.
Ok, just that I haven’t figured out how to get it to work for my own application, following steps as per here: https://technet.microsoft.com/en-US/dn133057(v=vs.71).aspx
In particular it doesn’t seem to matter what I put in the IPC_CREDENTIAL_SYMMETRIC_KEY structure I either get “the user hasn’t been authenticated” or “parameter is incorrect”.
Pingback: Rights Management Services Analyzer Tool – updated | Microsoft Security Solutions