You Cannot Create a Trusted Publishing Domain (830694)
The information in this article applies to:
- Microsoft Windows Rights Management Services (RMS) for Windows Server 2003
SYMPTOMSWhen you try to create a trusted publishing domain, you cannot transfer a private key from the hardware security module (HSM)
that exists on one server to the HSM that exists on another server.
Therefore, you cannot create the trusted publishing
domain.CAUSEThe cause of this problem depends on
the types of the HSMs and the configuration of the associated HSM devices. RESOLUTIONTo resolve this problem, follow these steps:
- To
help secure the RMS private key for a server, reconfigure Microsoft Windows Rights Management Services
(RMS) to use the default, software-based private key protection method.
- From this server, export the RMS private key to a
file.
- From another server, import the RMS private key from the
file that you exported the key to in the previous step.
STATUS This
behavior is by design.MORE INFORMATIONTo create a trusted publishing domain, each server (for example, server A) must be
able to decrypt content that is published by the other server (for example, server B). To decrypt
content that is published by server B, server A must have access to
the private key on server B.
If a server stores a private key in an HSM, you
must transfer this private key to the HSM that exists on the other server. To
perform this transfer, follow the instructions in the HSM
documentation.
Note If you use an HSM to help protect your RMS private key, before you
import a server licensor certificate from an RMS installation that uses
software-based private key protection, you must specify a private key password
on the Security settings page of your server.
| Modification Type: | Major | Last Reviewed: | 11/3/2003 |
|---|
| Keywords: | kbdomain kbTrusts kbCrypt kbSecurity kbprb KB830694 kbAudDeveloper |
|---|
|