Event ID 70 — AD RMS Logging service availability

Applies To: Windows Server 2008

Active Directory Rights Management Services (AD RMS) uses Message Queuing on each server in the AD RMS cluster to send information to the logging database. This information is used to compile reports and assess how your AD RMS installation is performing.

Event Details

Product: Windows Operating System
ID: 70
Source: Active Directory Rights Management Services
Version: 6.0
Symbolic Name: LoggingServiceDatabaseWriteFailureEvent
Message: The Active Directory Rights Management Services (AD RMS) logging service could not write to the AD RMS logging database. It will try to write the last message to the AD RMS logging database. All other messages will not be read from Message Queuing until the AD RMS logging database is available.

Resolve

Check AD RMS logging database availability

When the AD RMS Web services log information to the AD RMS logging database, it stores the message in a message queue. The AD RMS message queue delivers the message to the AD RMS logging database. If AD RMS is not logging messages to the logging database, you should ensure that the AD RMS logging database is available on the network, ensure that both the AD RMS logging and Message Queuing services are started, and that the AD RMS service account has the appropriate rights to the AD RMS logging database. Finally, if the logging database is still not available, you grant permissions to the AD RMS Service Group on the AD RMS message queue.

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

Check AD RMS logging database network connectivity

To check AD RMS logging database network connectivity:

  1. Log on to the AD RMS logging database server.
  2. At a command prompt on the AD RMS logging database server, type ipconfig /all. Make sure that the AD RMS logging database server has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range).
  3. At a command prompt on the AD RMS logging database server, type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with the network adapter.
  4. At a command prompt on the AD RMS logging database server, type **ping **ip_address where ip_address is the IP address assigned to the computer. If you can ping the localhost address but not the local IP address, there may be an issue with the routing table or with the network adapter driver.
  5. At a command prompt on the AD RMS logging database server, type **ping **dns_server where dns_server is the IP address for the DNS server. If there are more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or the network in between the AD RMS logging database server and the DNS servers.

Check that the AD RMS logging service is started

To check that the AD RMS logging service is started:

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the results pane, double-click AD RMS Logging Service.
  3. Under Service status, make sure that the status is Started.  If the status is not Started, click Start.
  4. Make sure Startup type is set to Automatic.
  5. Click OK.

Check that the Message Queuing service is started

To check that the Message Queuing service is started:

  1. Click Start, point to Administrative Tools, and then click Services.
  2. In the results pane, double-click Message Queuing.
  3. Under Service status, make sure that the status is started.  If it is not started, click Start.
  4. Make sure Startup type is set to Automatic.
  5. Click OK.

Make sure the AD RMS service account has access to the AD RMS logging database

To make sure the AD RMS service account has access to the AD RMS logging database:

  1. Log on to the AD RMS logging database server.
  2. Click Start, point to All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.
  3. In the Server name box, type the name of the AD RMS logging database server, and then click Connect.
  4. Expand Databases.
  5. Expand the AD RMS logging database. By default, the name of this database is DRMS_Logging_clustername_portnumber, where clustername is the name of the AD RMS cluster and portnumber is the TCP port on which AD RMS communicates.
  6. Expand Security, and then expand Users.
  7. Make sure that the AD RMS service account is a user in the database.
  8. Right-click the AD RMS service account database user account, and then click Properties.
  9. Select the rms_service check box under Database role membership, and then click OK.

Add the AD RMS Service Group to the AD RMS message queue

To add the AD RMS service group to the AD RMS message queue:

  1. Click Start, point to Administrative Tools, and then click Server Manager.
  2. Expand Features, expand Message Queuing, and then expand Private Queues.
  3. Right-click **drms_logging_**clustername_portnumber, where clustername is the name of the AD RMS cluster and portnumber is the TCP port by which AD RMS clients communicate and then click Properties.
  4. Click the Security tab.
  5. Click Add.
  6. In the Select Users or Groups dialog box, type server_name**\AD RMS Service Group**, where server_name is the name of the local AD RMS server, and then click OK.
  7. Select the Full Control check box in the Allow column, and then click OK.

Check AD RMS logging database server performance

If the AD RMS logging database server is exhibiting signs of deadlock, ensure that the logging database server is performing acceptably and that it is not overloaded. If necessary, archive logging data that is out of date, or consider upgrading the logging database server hardware.

Verify

To perform this procedure, you must be a member of the System Administrators database role, or you must have been delegated the appropriate authority.

To verify that the AD RMS logging database is working correctly:

  1. Log on to the AD RMS logging database server.
  2. Click Start, point to All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.
  3. In the Server name box, type the name of the AD RMS logging database server, and then click Connect.
  4. Expand Databases, and then click the AD RMS configuration database. By default, the name of this database is DRMS_Logging_clustername_portnumber, where clustername is the name of the AD RMS cluster and portnumber is the TCP port in which the AD RMS Web services listens for requests.
  5. Click New Query.
  6. Type select * from drms_clusterpolicies, and then click Execute.

AD RMS Logging service availability

Active Directory Rights Management Services