Archive

Archive for the ‘ADRMS (Active Directory Right Management Services)’ Category

How to migrate ADRMS Database to another SQL server with CNAME records


 

This document has outlined steps need to move the backend SQL server database for your ADRMS installation to another SQL instance or a server. This link provides you the step by step guidance to install Active Directory Right Management Services with the Microsoft Best practices. But due to some reasons if you had to install ADRMS feature and Database in the same server and later on if you need to separate the database from the server for a hardware upgrade or for any other reason how could you migrate your ADRMS configuration database without affecting to the production environment. These are the steps you should follow to move the current database by creating CNAME record.

image

 

Prior to the migration check weather you have below prerequisites,

1. User name and password which used to provision the servers in the ADRMS cluster that use this DB

2. If a software-based cryptographic service provider (CSP) is used for storing the AD RMS private key, the AD RMS private key password that was originally specified during provisioning

3. Backup all the ADRMS related DB’s

4. The name of the database server that is hosting the AD RMS databases is stored in the AD RMS configuration database. After the database files have been migrated to the new database server, you must update the AD RMS configuration database. To do this particular configuration you can use two methods,

MS Config Editor tool from the RMS Administration Toolkit

SQL Management Studio.

image

 

Let’s start the migration…

1. Stop ADRMS Logging service, IIS Admin service and World Wide Wed publishing service

2. Create CNMAE in DNS server by adding the newly installed ADRMS database server

image

3. Restore all the backed up databases to the newly installed ADRMS Database server

image

4. Update the AD RMS configuration database

4.1. Using RMS Config Editor

You have to put the CNAME of the ADRMS DB server for the new Database server

  • Log in to ADRMS server with a member of Domain Admin user
  • Install the RMS Administration Toolkit from the Microsoft Download Center     (http://go.microsoft.com/fwlink/?LinkId=98961).
  • Go to %SystemDrive%:\Program Files\RMS SP2 Administration Toolkit\RMSConfigEditor, and then double-click RMSCONFIGEDITOR.EXE.
  • Enter the server name and click go
  • In the Database box, click DRMS_Config_<RMS cluster name>_<Port>, where <RMS cluster name> is the name of the RMS cluster and <Port> is the TCP port on which RMS communicates, and then click Go
  • Click DRMS_ClusterPolicies
  • In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name.
  • Click Persist.
  • Change the value in the PolicyData column of the CertificationUserKeyStorageConnectionString row to reflect the new database server. The value should be data source=<new database server name>;integrated where <new database server name> is the name of the new database server.
  • Click Persist.
  • Repeat steps 9–10 for the value in the PolicyData column of the DirectoryServicesCacheDatabaserow.
  • Close RMS Config Editor.

image

 

4.2. Using SQL Server Management Studio

  • Log on to the AD RMS configuration database server with a admin privileged user
  • Click Start, point to All Programs, point to Microsoft SQL Server 2012, and then click SQL Server Management Studio.
  • On the Connect to Server page, ensure that the new database server name is listed in the Server name box, and then click Connect.
  • Expand Databases, expand DRMS_Config_<RMS cluster name>_<Port>, and then expand Tables.
  • Right-click DRMS_ClusterPolicies, and then click Open Table.

image

 

  • In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name.
  • Change the value in the PolicyData column of the CertificationUserKeyStorageConnectionString row to reflect the new database server. The value should be data source=<new database server name>;integrated where <new database server name> is the name of the new database server.
  • Repeat below steps for the value in the PolicyData column of the DirectoryServicesCacheDatabase row.
  • Right-click DRMS_ClusterPolicies, and then click Open Table.
  • In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name
  • Close Microsoft SQL Server Management Studio.

Update the registry values in ADRMS server

  • Log on to a server in the AD RMS server with admin privileged user.
  • Click Start, and then click Run.
  • Type regedit.exe, and then click OK.
  • Navigate to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdRMSLoggingService\Params.

  • Change the ConnectionString and LoggingDatabaseServer registry entries so that the data source value matches the new database server name. (CNAME)

image

 

  • Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\2.0\ConnectionString.

 

image

 

  • Change the ConfigDatabaseConnectionString registry entry so that the data source value matches the new database server name. (CNAME)
  • Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\KeyProtection
  • There is a REG_BINARY Value here that starts “PASSWORDDERIVEDKEY_<name of your old SQL Server here>“.  Rename this Value to match the new database server name. (CNAME)

Add DisableStrictNameChecking Registry Key

This step explains how to add the DisableStrictNameChecking registry key.  This key allows connections to be made to the SQL server by names other than the proper name.  By default, SQL Server 2008 will not allow this.

To add the DisableStrictNameChecking Registry Key

  • Log on to ADRMS DB server as Administrator.
  • Click Start, type regedit.exe in the Start Search box, and then press ENTER.
  • Expand the following registry key:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
    Right-click Parameters, click New, and then click DWORD (32-bit) Value.
  • In the Value name box, type DisableStrictNameChecking, and then press ENTER.
  • Double-click the DisableStrictNameChecking registry value and type 1 in the Value data box, and then click OK.
  • Close Registry Editor.

As the final step we have to start ADRMS Logging service, IIS Admin service and World Wide Wed publishing service… Now we good to go Smile

 

Hope this article would useful for you…

Advertisements