Skip to content

Aerrow

Learn to Share, Share to Grow
Menu
  • Home
  • Azure
  • Active Directory
  • Office 365
  • Exchange
  • Microsoft Teams
March 12, 2017
HomeActive Directory[Solved]Warning: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC)

[Solved]Warning: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate (CLC)

By pdhewjau Active Directory, Blog, Exchange  2 Comments

During configuration of RMS (Rights Management Services), I have found lot of people commonly getting this issue… and we struggle a lot to get it solve. So, over on this blog sharing my knowledge how did I resolve this issue. During integration of Exchange server with RMS we need to run few test command before setting it up permanently. While doing so, we might face this issue.

Issue:

On the issue, you can find that you have not given permission to ‘Exchange Servers Group’ to ‘Read’ and ‘Read & Execute’ rights to the ‘ServerCertification.asmx’ and ‘Publish.asmx’ document on your AD RMS Serve. Due to which Exchange server is not able to validate the configuration. But after doing these also you might face the same issue. So, you might go through several reboots to make sure all the configuration has been refresh. But only reboot will not solve your problem, there is missing puzzle.

Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC) …

– WARNING: Failed to acquire a Rights Account Certificate (RAC) and/or a Client Licensor Certificate

(CLC). This failure may cause features such as Transport Decryption, Transport Protection Rules, Journal

Report Decryption, IRM in Outlook Web App, IRM in Exchange ActiveSync, and IRM Search to not work. Make sure

that the Exchange Servers Group is granted “Read” and “Read & Execute” rights on the

ServerCertification.asmx and Publish.asmx pipelines on your AD RMS server. For details, see “Set Permissions

on the AD RMS Certification Pipeline” at http://go.microsoft.com/fwlink/?LinkId=186951.

—————————————-

Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to acquire server box RAC

from https://rms.pdhewaju.com.np/_wmcs/certification/servercertification.asmx. —> System.Net.WebException:

The request failed with HTTP status 401: Unauthorized.

at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult) at Microsoft.Exchange.Security.RightsManagement.SOAP.ServerCertification.ServerCertificationWS.EndCertify(IAsyncResult asyncResult)

at Microsoft.Exchange.Security.RightsManagement.ServerCertificationWSManager.EndAcquireRac(IAsyncResult asyncResult)

— End of inner exception stack trace —

at Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.EndAcquireInternalOrganizationRACAndC LC(IAsyncResult asyncResult)

at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()

Resolution:

Once the SCP has been confirmed as registered, we need to configure permissions so that the Exchange 2010 server can integrate with the RMS server as, by default, it will not be able to do so. Specifically, we need to give two groups permissions to the RMS certification pipeline; these groups are named Exchange Servers and AD RMS Service Group with Read &Execute and Read. This is achieved by modifying the security permissions on the ServerCertification.asmx file that is stored on the RMS server.

By default, this file is found in the \inetpub\wwwroot\_wmcs\certification folder. When you have located this file, bring up its properties and click the Security tab. By default AD RMS Service Group is provided ‘Read’ and ‘Read & Execute’ permission on the parent folder… but sometime you might need it to provide on those specific folder.

Also, you need to provide same permission to the Publish.asmx folder in \inetpub\wwwroot\_wmcs\licensing location.

Once you do these action… run the cmdlet again. You will get this success… 🙂

Have a good solving issue… 😀

Tags:Acquiring Rights Account Certificate (RAC) and Client Licensor Certificate (CLC), ADRMS, Error, RMS, ServerCertifimatio, The request failed with HTTP status 401: Unauthorized

Related Posts

COMMAND FOR WINDOWS

COMMAND FOR WINDOWS

Steps to Recreate Exchange Mailbox/user

Creating Report for Exchange Online Protection

About Author

pdhewjau

Prashant is a Microsoft MVP for Office Servers and Services. He works as Technical Lead on Thakral One and a Microsoft Certified Trainer for Windows Server, Exchange Server and office 365.

2 Comments
  1. Achim

    Great article! You saved me many time, thank you!

    December 8, 2017 Reply

Add a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

  • Cross-Tenant shared channel communication for Microsoft Teams
  • Bulk Update Use Information in Microsoft 365 using PowerShell
  • Configuring Teams Webinar to Everyone
  • Configuring Teams PowerShell
  • The MVP Challenge- Microsoft 365 Challenge
  • Restrict Guest Access Permission in Azure Active Directory
  • Azure AD My Sign-Ins Activity Report
  • Turn on New Calling and Meeting Experience in MS Teams
  • Microsoft Teams Custom Backgrounds
  • Microsoft Teams Guest Access
Aerrow Copyright © 2023.
Theme by MyThemeShop. Back to Top ↑