The AD RMS Service Connection Point

 

The AD RMS Service Connection Point

The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster.  AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

Only one SCP can exist in your Active Directory forest.  If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly.  It must be removed before you can establish the new SCP.  A SCP can be viewed using ADSI Edit or LDP.  To view the SCP, connect to the configuration container in ADSI Edit and navigate the following nodes: CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP.  You can remove an SCP by using the ADScpRegister.exe tool included in the RMS Administration Toolkit, which you can download from the Microsoft Download Center: http://www.microsoft.com/downloads/details.aspx?familyid=BAE62CFC-D5A7-46D2-9063-0F6885C26B98&displaylang=en .

The AD RMS SCP can be registered automatically during AD RMS installation, or it can be registered after installation has completed.  To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.  If the user account installing AD RMS does not have permission to register the SCP you will see and Event ID: 190 in the Event Viewer .  You can manually register the SCP in the AD RMS console.  Open SCP tab in the cluster's Properties box and select the Change SCP check box. 

If a client computer is not located within the Active Directory Forest, you must use registry keys to point the AD RMS client to the AD RMS cluster.  These registry keys are created in HKEY_Local_Machine\Software\Microsoft\MSDRM\ServiceLocation.   Create a key called Activation with the value of http(s)://<your_cluster>/_wmcs/certification where <your_cluster> is the URL of the root cluster used for certification.

If you are registering the SCP from an AD RMS cluster in a child domain you may receive an error stating that SCP registration failed.  In many cases, the registration was successful, but the registration first takes place in the top-level domain and it takes time to replicate to the child domain where the AD RMS cluster checks for the SCP object.  Once the SCP has been replicated to all global catalog servers in the forest, the message will no longer appear.

转载于:https://blog.51cto.com/ironkui/1130963