RMS in Depth
By Jian Shuo Wang on 2004-08-24 23:11 · MiscCaution: This is a technical article. I tried to summarize what I have learnt today in case I will need it someday later, or it may be useful for others. This is not an interesting post as the rest of the articles on this site. Just ignore this page if you just came here for Shanghai information or have fun. :-D
Disclaimer: All information provided in this post is provided as it without any garentee.
About This Article
I am working on a RMS (Windows Rights Management Services). No many documents provides hands-on information to perform some in-depth operation. Let’s have a try. You may need to have some basic RMS concept before you continue to read.
Client GIC and CLC Certificate
If you meet trouble in RMS, you need to know how to reset a client to the initial status.
As revealed by Filemon when I run IRMCheck.exe, they find the certificate by listing the files under the folder C:\Documents and Settings\Local Settings\Application Data\Microsoft\DRM
To find GIC certificate, it uses command “DIR GIC-*.drm”
To find CLC certificate, it uses command “DIR CLC-*.drm”
It list all the files that matches the name pattern until no more files are found.
Having find out the location, you can delete these files at any time and the client can request the information from the server again.
The Machine Certificate is at C:\Documents and Settings\All Users\Application Data\Microsoft\DRM with file name CERT-Machine.drm.
Name of the GIC and CLC
The name of GIC is in the following format:
GIC–GUID1-GUID2.drm
The name of CLC is in the following format:
CLC–GUID1-GUID2.drm
You may also get other certificate (all in XrML format) under the same folder, such as EUL-*.drm (the Use License).
According to this article,
A computer can hold several GICs: for different users; for the same user but with different authentication types (Windows or Passport); and for the same user and type, but obtained from different service locations.
To start with a fresh environment, just delete all the files under DRM folder.
Function Calls
After setting up the RMS Server address in Registry (using RMSHost.exe and verified) or auto-discover in AD, you click on the Permission button in Word. The following call were made to server:
HTTP: POST Request from Client
HTTP: User-Agent =Windows Rights Management Client
HTTP: Uniform Resource Identifier =/_wmcs/Certification/Certification.asmx
HTTP: SOAPAction =“http://microsoft.com/DRM/CertificationService/Certify"
The GIC license is returned in HTTP response, wrapped by SOAP header and body.
HTTP: POST Request from Client
HTTP: User-Agent =Windows Rights Management Client
HTTP: Uniform Resource Identifier =/_wmcs/Licensing/publish.asmx
HTTP: SOAPAction =“http://microsoft.com/DRM/PublishingService/GetClientLicensorCert"
The CLC license is returned the same way.