Skip to content

Aerrow

Learn to Share, Share to Grow
Menu
  • Home
  • Azure
  • Active Directory
  • Microsoft 365
  • Exchange
  • Microsoft Teams
March 12, 2017
HomeActive Directory[Solved]Warning: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC)

[Solved]Warning: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC)

By pdhewjau Active Directory, Blog, Exchange  2 Comments

During configuration of RMS (Rights Management Services), I have found lot of people commonly getting this issue… and we struggle a lot to get it solve. So, over on this blog sharing my knowledge how did I resolve this issue. During integration of Exchange server with RMS we need to run few test command before setting it up permanently. While doing so, we might face this issue.

Issue:

On the issue, you can find that you have not given permission to ‘Exchange Servers Group’ to ‘Read’ and ‘Read & Execute’ rights to the ‘ServerCertification.asmx’ and ‘Publish.asmx’ document on your AD RMS Serve. Due to which Exchange server is not able to validate the configuration. But after doing these also you might face the same issue. So, you might go through several reboots to make sure all the configuration has been refresh. But only reboot will not solve your problem, there is missing puzzle.

Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC) …

– WARNING: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate

(CLC). This failure may cause features such as Transport Decryption, Transport Protection Rules, Journal

Report Decryption, IRM in Outlook Web App, IRM in Exchange ActiveSync, and IRM Search to not work. Make sure

that the Exchange Servers Group is granted “Read” and “Read & Execute” rights on the

ServerCertification.asmx and Publish.asmx pipelines on your AD RMS server. For details, see “Set Permissions

on the AD RMS Certification Pipeline” at http://go.microsoft.com/fwlink/?LinkId=186951.

—————————————-

Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to acquire server box RAC

from https://rms.pdhewaju.com.np/_wmcs/certification/servercertification.asmx. —> System.Net.WebException:

The request failed with HTTP status 401: Unauthorized.

at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult) at Microsoft.Exchange.Security.RightsManagement.SOAP.ServerCertification.ServerCertificationWS.EndCertify(IAsyncResult asyncResult)

at Microsoft.Exchange.Security.RightsManagement.ServerCertificationWSManager.EndAcquireRac(IAsyncResult asyncResult)

— End of inner exception stack trace —

at Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.EndAcquireInternalOrganizationRACAndC LC(IAsyncResult asyncResult)

at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()

Resolution:

Once the SCP has been confirmed as registered, we need to configure permissions so that the Exchange 2010 server can integrate with the RMS server as, by default, it will not be able to do so. Specifically, we need to give two groups permissions to the RMS certification pipeline; these groups are named Exchange Servers and AD RMS Service Group with Read &Execute and Read. This is achieved by modifying the security permissions on the ServerCertification.asmx file that is stored on the RMS server.

By default, this file is found in the \inetpub\wwwroot\_wmcs\certification folder. When you have located this file, bring up its properties and click the Security tab. By default AD RMS Service Group is provided ‘Read’ and ‘Read & Execute’ permission on the parent folder… but sometime you might need it to provide on those specific folder.

Also, you need to provide same permission to the Publish.asmx folder in \inetpub\wwwroot\_wmcs\licensing location.

Once you do these action… run the cmdlet again. You will get this success… 🙂

Have a good solving issue… 😀

Tags:Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC), ADRMS, Error, RMS, ServerCertifimatio, The request failed with HTTP status 401: Unauthorized

Related Posts

Schedule Task Manually…….how?

Schedule Task Manually…….how?

DirSync Vs Azure Active Directory Synchronization Service (AAD Sync)

Customizing Office 365 office Installer Package

About Author

pdhewjau

Prashant is a Principal Cybersecurity Specialist at Thakral One Nepal. His prior position as a Modern Work Security Specialist at Microsoft saw him providing invaluable guidance to major clients in Bangladesh, Brunei, Cambodia, and Myanmar, assisting them with their foundational security needs. Awarded the esteemed Microsoft Most Valuable Professional (MVP) accolade in 2017, Prashant is recognized globally among Microsoft peers. Since 2010, he has imparted his expertise as a Microsoft Certified Trainer (MCT), conducting specialized training across Nepal.

2 Comments
  1. Achim

    Great article! You saved me many time, thank you!

    December 8, 2017 Reply

Add a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

  • Unlocking the Power of Message Recall in Outlook Online: A New Era of Email Management
  • A Comprehensive Guide to Identity Governance in Entra ID: Features, Benefits, and Implementation Steps
  • A Comprehensive Guide to Azure Privileged Identity Management (PIM): Features, Benefits, and Implementation Steps
  • Mastering Identity Protection and Risk Detection with Azure AD: Features, Benefits, and Implementation Steps
  • Mastering Conditional Access Policies: The Backbone of Dynamic Security in Azure
  • Multi-Factor Authentication (MFA) with Microsoft Entra ID: Best Practices and Implementation Guide
  • Single Sign-On (SSO) with Microsoft Entra: Best Practices and Step-by-Step Implementation Guide
  • Azure Entra: 10 Key Features to Protect and Govern Your Identities
  • Immutable Hard matching on Azure AD
  • [FIX] : OneDrive Sync Pending for long time
Aerrow Copyright © 2025.
Theme by MyThemeShop. Back to Top ↑