Installing Active Directory Rights Management Services fails with error ID 204

Article ID: 2799251 - View products that this article applies to.
Expand all | Collapse all


Attempting to install Active Directory Rights Management Services (AD RMS) fails with the following event:

Product: Windows Operating System
ID: 204
Source: Active Directory Rights Management Services
Version: 6.0
Symbolic Name: GetCertificateHierarchyFailedEvent
Message: Active Directory Rights Management Services (AD RMS) was not able to retrieve the certificate hierarchy 


This can occur if the Service Connection Point (SCP) is corrupt or invalid.


To resolve this issue, complete the following:

1. Open adsiedit.msc on a Domain Controller in the domain.
2. Connect to the Configuration container (“Select a well known Naming Context: Configuration”)
3. Navigate the following nodes: CN=Configuration [server name], CN=Services.
4. Verify that CN=RightsManagementServices and CN=SCP are missing.

Recreate the nodes, leaving them empty:

1. Navigate to CN=Configuration [server name], CN=Services
2. Right-click in Services and choose New Object
3. Select Container.
4. Name the container RightsManagementServices
5. In that new container, right-click and choose New Object
6. Select Container.
7. Name the container SCP

Exit out of ADSIEdit.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.


Article ID: 2799251 - Last Review: January 9, 2013 - Revision: 2.0
Applies to
  • Active Directory Rights Management Services for Windows Server 2008 R2

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from