Appendix A - How to Install AD RMS with a CNAME Record
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Installing AD RMS using a CNAME Record
The following Appendix can be used to provide guidance for installing AD RMS using a CNAME record. This appendix is provided for individuals who may not be totally familiar with this process.
The environment
The following three virtual machines are used to complete the steps outlined in this Appendix.
Table 9 - Virtual Machines and Roles
Computer Name | Forest | Operating System | Memory | Applications and Services | IP Address |
---|---|---|---|---|---|
DC |
fabrikam.com |
Windows Server 2008 x64 SP2 |
512 |
Active Directory, DNS, Certificate Authority |
192.168.100.1 |
ADRMS |
fabrikam.com |
Windows Server 2008 x64 SP2 |
1024 |
AD RMS, IIS 7.0 |
192.168.100.2 |
SQL1 |
fabrikam.com |
Windows Server 2008 x64 SP2 |
1024 |
Microsoft SQL Server 2008 SP2 |
192.168.100.10 |
CNAME Records
The following two CNAME records will be created in the steps outlined by this appendix.
Table 10 - CNAME Records
Name | Record Type | FQDN | Target | Description |
---|---|---|---|---|
RMS |
CNAME |
RMS.fabrikam.com |
adrms.fabrikam.com |
Alias record for the ADRMS Server. |
RMS-SQL |
CNAME |
RMS-SQL.fabrikam.com |
sql1.fabrikam.com |
Alias record for the ADRMS SQL Server. |
Installing the AD RMS server role in Windows Server 2012
For those who might not be familiar with the changes in how AD RMS is installed when working with win8_server_2, the following procedure helps explain how it works.
To install an AD RMS server using Windows Server 2012
Log on to ADRMS.fabrikam.com as fabrikam\Administrator.
Click Start and then click the Server Manager tile to launch the Server Manager.
From the Server Manager, select Add roles and features.
This will launch the Add Roles and Features Wizard.
On the Before You Begin page, click Next.
On the Select installation type page, click Next.
On the Select destination server page, select ADRMS.fabrikam.com and click Next.
On the Select server roles page, select Active Directory Rights Management Services.
This will bring up a box that say Add features that are required for Active Directory Rights Management Services?. Click Add Features. Once this is complete, click Next.
On the Select features page, click Next.
On Active Directory Rights Management Services page, click Next.
On the Select role services page for AD RMS, leave the defaults and click Next.
On the Web Server (IIS) page, click Next.
On the Select role services page for IIS, leave the defaults and click Next.
Continue to the Confirm installation selections page and then click Install.
When the installation completes, click the Perform additional configuration link.
This will launch the AD RMS Configuration wizard.
On the AD RMS page, click Next.
On the AD RMS Cluster page, select to create a new AD RMS root cluster and click Next.
On the Configuration Database page, select Specify a database server and a database instance.
Under Server enter RMS-SQL.fabrikam.com and click List. In the Database Instance drop-down, select DefaultInstance. If this is successful, there should be no error message. Click Next.
On the Service Account page, click Specify.
This will bring up a Windows Security box. For User name enter ADRMSService and for Password enter Pass1word$. Click OK. On the Service Account page, click Next.
On the Cryptographic Mode page, select Cryptographic Mode 1 and click Next.
On the Cluster Key Storage page, select Use AD RMS centrally managed key storage. Click Next.
On the Cluster Key Password page, for Password enter Pass1word$, for Confirm Password enter Pass1word$. Click Next.
On the Cluster Web Site page, leave the default of Default Web Site and click Next.
On the Specify Cluster Address page, leave the default of Use an SSL-encrypted connection (https://) and under Fully-Qualified Domain Name enter RMS.fabrikam.com. Leave the default port of 443. Click Next.
On the Server Certificate page, select Choose a certificate for SSL encryption later. Click Next.
On the Licensor Certificate page, leave the default Name of ADRMS and click Next.
On the SCP Registration page, leave the default of Register the SCP now and click Next.
Additional Information
The following additional information is assumed for completion of the steps outlined in this Appendix.
The AD RMS Service account used is fabrikam\ADRMSService. The password for this account is Pass1word$.
Prior to installing AD RMS, SQL1 has had the proper network protocols enabled, firewall ports opened, and the DisableStrictNameChecking registry key has been added.