The required Windows Rights Management client is present but the server refused access

Another from Carsten: 

 

This is Carsten again. With this blog entry I’d like to provide some background information on a misleading error message in the MOSS Information Rights Management configuration page.

 

The Deploying Windows Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide explains in the To add SPS-SRV to the RMS Certification Pipeline section that the computer account of the MOSS computer requires Read & Execute permissions on the ServerCertification.asmx file. This guidance assumes that the Sharepoint web application is running under the Network Service account. Honestly, in a MOSS enterprise configuration, this is quite unlikely because Microsoft is recommending in Plan for administrative and service accounts to use dedicated service accounts for MOSS.

 

If you are following the recommended practices, the IIS web pool identity used by the SharePoint Central Administration and the IIS web pool identity used by the current MOSS web application requires Read & Execute permissions on the ServerCertification.asmx file. In this case, the computer account of the MOSS server does not matter.

 

If those two service accounts are not permitted correctly, the following misleading error is shown:

 

 

The following sample screenshot illustrates how to correctly permit the accounts used by the MOSS web application and the SharePoint Central Administration:

Comments

• Anonymous
  December 21, 2011
  Hi,      In your screenshot for the permissions you have the Farm Account set to Deny - did you mean to set this to Allow?? Thanks, James.

• Anonymous
  November 26, 2012
  You are Right, you must grant allow access.

• Anonymous
  September 17, 2013
  Thanks a lot for this post. I had granted access to my WFE servers on the ServerCertification.asmx file, but missed the  identity pool account. After granting access to the service account, I am not seeing the error anymore.