AD RMS Troubleshooting: 500 exception on servicelocator.asmx
Issue
There are several sources online that still have recommendations to set "licensing\servicelocator.asmx" to anonymous authentication along with "licensing\license.asmx" when using federation.
This is incorrect. ONLY "licensing\license.asmx" should have anonymous enabled.
"servicelocator.asmx" expects a valid account and will fail with a 500 error when anonymous is enabled.
Users may experience a prompt to "Change User" or new clients who have never contacted RMS might simply fail with an "unexpected" error.
If there is an extranet URL configured, it will cause them to attempt contacting that instead resulting in slow performance or a failure depending on if this URL is resolvable
To resolve
- Go into the IIS Manager under ServerName\Sites\Default Web Site\wmcs.
- Right-click on licensing and choose “Switch to Content View”.
- Right-click on Servicelocator.asmx and choose “Switch to Features View”.
- (This gives you settings for JUST ServiceLocator.asmx).
- Open the Authentication dialog and Disable Anonymous Authentication.
- Run IISRESET.
NOTE
When ADFS is used you want the licensing/serviceloctor.asmx to be configured for Windows Authentication as well. It will return a 401 and then redirect to "/licensingexternal/servicelocator.asmx".