This is an oldie, but a goodie, and we get enough calls on it to warrant a blog post.
Picture the following scenario:
You are sending an email with your favorite secret brownie recipie to a few friends at work. You decide to protect the email (it's a secret after all). You begin typing people you know will love grandma's favorite recipie. You're at 200 recipients, then 300 recipeints...everyone will love it!!!! You click send.
Immediately your inbox is filled with people on the recipient list saying they can't open your email. They got a message saying they don't have rights.
Well most likely what happened is that your SOAP request to the RMS server was too big, because instead of using a group called "Grandma's brownie Lovers" with the 300 recipients in it, you added 300 individual users to the To line, thus making the Issuance License in the content that gets passed to the RMS server gigantic, causing your ADRMS server to become angered and add your recipeints to the "lump of coal" list it secretly stores in memory (EnableNoRightsCaching), until its default 12 hour temper tantrum is over.
In reality, the ADRMS server gives you a "System.Web.HttpException: Maximum request length exceeded." in the debug trace.
So what is the solution?
There are two actually.
1.) Don't be a weirdo. Use a DL for emails that require a large amount of recipients in the To line.
2.) If you *must* you can adjust the acceptable size of the HTTP request by going into c:\inetpub\wwwroot\_wmcs\licensing\web.config and playing with the value in this line:
<httpRuntime maxRequestLength="2048" executionTimeout="300" />
Try doubling the maxRequestLength at first, and play with that value until people can open the message (you may also want to set the EnableNoRightsCaching in the ClusterPolicies table to 0, so they can be removed from the "naughty" list).
Hope this helps.