Appendix A - How to Install AD RMS with a CNAME Record

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Installing AD RMS using a CNAME Record

The following Appendix can be used to provide guidance for installing AD RMS using a CNAME record. This appendix is provided for individuals who may not be totally familiar with this process.

The environment

The following three virtual machines are used to complete the steps outlined in this Appendix.

Table 9 - Virtual Machines and Roles

Computer Name Forest Operating System Memory Applications and Services IP Address

DC

fabrikam.com

Windows Server 2008 x64 SP2

512

Active Directory, DNS, Certificate Authority

192.168.100.1

ADRMS

fabrikam.com

Windows Server 2008 x64 SP2

1024

AD RMS, IIS 7.0

192.168.100.2

SQL1

fabrikam.com

Windows Server 2008 x64 SP2

1024

Microsoft SQL Server 2008 SP2

192.168.100.10

CNAME Records

The following two CNAME records will be created in the steps outlined by this appendix.

Table 10 - CNAME Records

Name Record Type FQDN Target Description

RMS

CNAME

RMS.fabrikam.com

adrms.fabrikam.com

Alias record for the ADRMS Server.

RMS-SQL

CNAME

RMS-SQL.fabrikam.com

sql1.fabrikam.com

Alias record for the ADRMS SQL Server.

Installing the AD RMS server role in Windows Server 2012

For those who might not be familiar with the changes in how AD RMS is installed when working with win8_server_2, the following procedure helps explain how it works.

To install an AD RMS server using Windows Server 2012

  1. Log on to ADRMS.fabrikam.com as fabrikam\Administrator.

  2. Click Start and then click the Server Manager tile to launch the Server Manager.

  3. From the Server Manager, select Add roles and features.

    This will launch the Add Roles and Features Wizard.

  4. On the Before You Begin page, click Next.

  5. On the Select installation type page, click Next.

  6. On the Select destination server page, select ADRMS.fabrikam.com and click Next.

  7. On the Select server roles page, select Active Directory Rights Management Services.

    This will bring up a box that say Add features that are required for Active Directory Rights Management Services?. Click Add Features. Once this is complete, click Next.

  8. On the Select features page, click Next.

  9. On Active Directory Rights Management Services page, click Next.

  10. On the Select role services page for AD RMS, leave the defaults and click Next.

  11. On the Web Server (IIS) page, click Next.

  12. On the Select role services page for IIS, leave the defaults and click Next.

  13. Continue to the Confirm installation selections page and then click Install.

  14. When the installation completes, click the Perform additional configuration link.

    This will launch the AD RMS Configuration wizard.

  15. On the AD RMS page, click Next.

  16. On the AD RMS Cluster page, select to create a new AD RMS root cluster and click Next.

  17. On the Configuration Database page, select Specify a database server and a database instance.

    Under Server enter RMS-SQL.fabrikam.com and click List. In the Database Instance drop-down, select DefaultInstance. If this is successful, there should be no error message. Click Next.

  18. On the Service Account page, click Specify.

    This will bring up a Windows Security box. For User name enter ADRMSService and for Password enter Pass1word$. Click OK. On the Service Account page, click Next.

  19. On the Cryptographic Mode page, select Cryptographic Mode 1 and click Next.

  20. On the Cluster Key Storage page, select Use AD RMS centrally managed key storage. Click Next.

  21. On the Cluster Key Password page, for Password enter Pass1word$, for Confirm Password enter Pass1word$. Click Next.

  22. On the Cluster Web Site page, leave the default of Default Web Site and click Next.

  23. On the Specify Cluster Address page, leave the default of Use an SSL-encrypted connection (https://) and under Fully-Qualified Domain Name enter RMS.fabrikam.com. Leave the default port of 443. Click Next.

  24. On the Server Certificate page, select Choose a certificate for SSL encryption later. Click Next.

  25. On the Licensor Certificate page, leave the default Name of ADRMS and click Next.

  26. On the SCP Registration page, leave the default of Register the SCP now and click Next.

Additional Information

The following additional information is assumed for completion of the steps outlined in this Appendix.

  1. The AD RMS Service account used is fabrikam\ADRMSService. The password for this account is Pass1word$.

  2. Prior to installing AD RMS, SQL1 has had the proper network protocols enabled, firewall ports opened, and the DisableStrictNameChecking registry key has been added.