More MOSS and IRM tips, tricks, and stuff to pick your nose to.

So I thought I'd catalog some things that I've seen recently in case people are searching the web for specific MOSS, Sharepoint, WSS (hmmm..let's think of more keywords people might enter) Share point, Office Sharepoint Server Services,  evil application that made me pull out the rest of my hair, Argghhhh, Doh!, WTF!!!. Yep that about covers it.

Tip 1 - Enabling IRM on MOSS, when it refuses to work with RMS:
1. Repro the problem:
2. Go to a command prompt on the MOSS machine, and type iisapp:
3. Write down the name of the Sharepoint App pools that are running:
4. Open IIS and expand App Pools:
5. Right click on the App Pool gathered in step 3 and click on Properties:
6. Go to the identity tab, and write down who the app pool is running as.:
7. Go to the RMS machine, and go into the file properties of c:\InetPub\wwwroot\_wmcs\Certification\ServerCertification.asmx:
8. Go to the security tab.:
9. Add the “RMS Service Group” the Moss machine name account (i.e. “MOSS01$”), and the account name you gathered in step 6. (If it is network service then the machine name should be enough). Give them Read + Read/Execute permissions.**:
10. Go to a command prompt and type iisreset
11. If this fails, call support and I'll pull out my hair with you, and try to help you figure it out.
**NOTE - I have also been told that in a pinch, you can give 'Authenticated Users' access to the ServerCertification.asmx' and it will work. I believe that the sun has to be aligned with Pluto, and a Capricorn must be present in the room, be dressed like a moon pie, and be singing 'I'm a little teapot'.

Tip 2 - Custom autonomous protectors don't fire the HrIsProtected method on download.
You need to execute stsadm –o setproperty –pn irmaddinsenabled –pv “yes” on the MOSS server, or you will die trying to get your autonomous protectors to work.

Tip 3 - If you add (or change) an email address for a user, 'after' you've already added them to MOSS:
You will either need to remove, then add the user back, so their data from the AD is refreshed in the dbase or follow these steps:
1. In MOSS, create an SSP.
2. In that SSP, configure and run a Profile import. (this imports the data from AD to SharePoint)
3. Wait an hour. After doing step 2, every hour a timer job will run to update the SharePoint sites with the user info that is now in the profile database.
4. If you plan on changing AD some more, schedule a profile import to happen every X days (or hours or weeks).

Tip 4 - If you need to fart, while working on MOSS, do so immediately.
Hey, I didn't write the rules. I just follow them.
The facts are here:

Tip 5 - Make sure you are using RMS SP2 server as a minimum, and RMS SP2 client on the MOSS server.

Tip 6 - Yes, it is required for the client machines to also have the RMS client installed on them.

Tip/Fact 7 - Chuck Norris once punched his MOSS server so hard, that all the documents decrypted themselves and fell out. He later responsibly disclosed this exploit to the MSRC, and it was marked as

Status:Can't Fix
Reason: Chuck Norris

I hope these tips help you out. I'm sure I will run into more, and I'll go ahead and post them to this same blog post as I get them.


Skip to main content