** Disclaimer **

The contents of this blog and all posts herein are the sole property of the author. 

All opinions and comments are the author’s solely and are not necessarily reflective of any employer, organization or Microsoft itself.

Windows Server Virtualization Validation Program and Support Wizard

Microsoft has launched the Server Virtualization Validation Program (SVVP) (http://www.windowsservercatalog.com/svvp.aspx).

SVVP is open to any vendor that delivers a machine virtualization solution that hosts Windows Server 2008 R2, Windows Server 2008, Windows 2000 Server Service Pack 4 (SP4)and Windows Server 2003 Service Pack 2 (SP2) and subsequent service packs. The virtualization solution can either be hypervisor-based or a hosted solution. The program enables vendors to validate various configurations so that Microsoft customers can receive technical support for Windows Server in virtualized environments.  The list of vendors currently includes:

  • Cisco Systems, Inc.
  • Citrix Systems, Inc.
  • Novell, Inc.
  • Oracle, USA Inc.
  • Red Hat, Inc.
  • Riverbed Technology, Inc.
  • Sun Microsystems
  • Unisys Corp.
  • Virtual Iron Software
  • VMware, Inc.


Perhaps more importantly for you, when designing infrastructure, you now have an easy reference for determining whether or not a product or application is fully supported using Virtualization…and not just Hyper-V.  The list of virtualization technologies currently includes:

·       Hyper-V

·       Cisco WAAS Virtual Blades 4.1

·       Novell SUSE Linux Ent Server 10 SP2

·       VMWare ESX 3.5 Update 2, 3, 4

·       VMWare ESXi 3.5 Update 3, 4

·       VMWare vSphere 4

·       Citrix XenServer 5, 5.5

…validated against Windows 2000 Server SP4, Windows Server 2003 SP2, Windows Server 2008 or Windows Server 2008 R2 and your choice of architecture (x86, x64, or IA64).

The list of Microsoft Products is fairly comprehensive and will continue to be updated as needed.  It includes all items below:

·       Application Virtualization 4.5 (App-V)

·       BizTalk Server 2000

·       BizTalk Server 2002

·       BizTalk Server 2004

·       BizTalk Server 2006

·       BizTalk Server 2006 R2

·       Certificate Server

·       Commerce Server 2007

·       Dynamics AX 2009

·       Dynamics GP

·       Exchange 2000 Conferencing Server

·       Exchange Server 2000

·       Exchange Server 2003

·       Exchange Server 2007

·       Exchange Server 5.5

·       Forefront Client Security

·       Forefront Intelligent Application Gateway 2007 (IAG)

·       Forefront Threat Management Gateway (TMG)

·       Forefront Security for Exchange (FSE)

·       Forefront Security for Sharepoint (FSSP)

·       Host Integration Server 2006

·       ldentity Integration Server (MIIS)

·       ldentity Lifecycle Manager (ILM)

·       ISA Server 2000 (Standard or Enterprise)

·       ISA Server 2004 (Standard Only)

·       ISA Server 2006 (Standard or Enterprise)

·       Microsoft Dynamics CRM 4.0

·       Microsoft Dynamics NAV2009

·       Microsoft Operations Manager (MOM) 2005

·       Office Communications Server 2007

·       Office Groove Server 2007

·       Office SharePoint Server 2007

·       Office Project Server 2007

·       Search Server 2008

·       SQL Server 2000

·       SQL Server 2005

·       SQL Server 2008

·       System Center Configuration Manager 2007

·       System Center Data Protection Manager

·       System Center Essentials 2007

·       System Center Operations Manager 2007

·       System Center Virtual Machine Manager 2008

·       Systems Management Server 2003 (SMS)

·       Visual Studio Team System 2008

·       Windows HPC Server 2008

·       Windows Server 2000

·       Windows Server 2003

·       Windows Server 2008

·       Windows Server Update Services 3.1

·       Windows SharePoint Services 3.0


Let’s walk through the wizard using Dynamics AX 2009 as our example product (i.e. – we want to virtualize Dynamics AX but are unsure of the supportability of our proposed configuration).

The Support Policy Wizard can be accessed here: http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvpwizard.htm

Step 1: We select our product and any version variable necessary (the Version field will display SP revision level, etc., depending on the product chosen).

Step 2: Select your proposed virtualization technology and the OS Version and architecture that the guest system will run.

Step 3: Your Summary Support Statement is produced. 


While this wizard won’t serve as the last word in Virtualization Support, it will prove useful in determining the basics of support for any of these products.

Happy Virtualizing!



Enhancements to Hyper-V in Windows Server 2008 R2

The release of Windows Server 2008 R2 Hyper-V is eagerly anticipated, due in large part to the many excellent new features coming with this release.  The following information provides an overview of the feature set (as announced) that we can expect to have at RTM.


Live Migration

This is probably the most compelling new feature and certainly the most anticipated in Windows Server 2008 R2 Hyper-V.  In a nutshell, live migration provides the ability to move running VMs from one physical host to another (currently, within a single cluster) without any service interruption or any downtime as perceived by end-users.  I’ll detail more about live migration vs. Quick Migration and the requirements for each in another post.


Dynamic VM storage

We can now hot-add / remove storage!  This feature allows the addition and removal of both Virtual Hard Drive (VHD) files and pass-through disks to the existing SCSI controllers of VMs – while a VM is running!  Much needed and much appreciated, Microsoft!  Thanks…

Note: Hot add and removal of storage requires the Hyper-V Integration Services supplied with Windows Server 2008 R2 to be installed in the guest operating system.  I think this is a small price to pay and something that you should really be doing anyway for the best functionality with your VMs.


Enhanced Processor Support

Have you ever wanted to run a 32-processor SQL Server 2008 Hyper-V VM but were frustrated with the limitation of 24 logical processors provided through Windows Server 2008 Hyper-V?  Well, this is going to make your day then…

2008 R2 Hyper-V will now support up to 32 logical processor cores.  It also introduces support for Second-Level Address Translation (SLAT) and CPU Core Parking. 

Funny Note: SLAT is not the same as the South Lake Union Trolley with its unfortunate acronym.  J  

Disclaimer: This may only be humorous to readers, local to the Seattle area.


Quote from Microsoft: “SLAT uses special CPU functionality available in Intel processors that support Extended Page tables and AMD processors that support Rapid Virtualization Indexing to carry out some VM memory management functions that reduce the overhead of translating guest physical address to real physical addresses.  This significantly reduces Hypervisor CPU time and saves memory for each VM, allowing the physical computer to do more work while utilizing fewer system resources.  CPU Core Parking enables power savings by scheduling VM execution on only some of a server’s CPU cores and placing the rest in a sleep state.”


Enhanced Networking Support

Finally, a couple of networking capabilities from earlier Windows releases are making their way into the Virtualization stack (along with one feature new for just the virtual world)…

The first feature extension is Jumbo Frames support in your VMs.  This feature enables virtual machines to use Jumbo Frames up to 9014 bytes in size if the underlying physical network supports it.  Supporting Jumbo frames reduces the network stack overhead incurred per byte and increases throughput.  In addition, there is also a significant reduction of CPU utilization due to the fewer number of calls from the network stack to the network driver. 

TCP Chimney, which allows the offloading of TCP/IP processing to the network hardware, has also been extended to work in the virtual world.  TCP Chimney improves VM performance by allowing the VM to offload network processing to hardware, especially with networks over 1 Gigabit.   This feature will prove of particular value when VMs are involved in large data transfers.

 As for the new feature, the Virtual Machine Queue (VMQ) feature allows the NICs of the physical computer to use DMA to place the contents of packets directly into VM memory, increasing I/O performance.


Cluster Shared Volumes (CSV)

Cluster Shared Volumes (CSV) is another of the big additions to Server 2008 R2.  While it is commonly misunderstood to be a requirement for Hyper-V live migration (it is not required; other third-party products can also provide the shared volume support needed to permit live migration to function), it is perhaps the best solution as it is in the box with R2 and it simply works (and it’s free).

CSV is a significant departure from the last 13+ years of cluster disk architecture from Microsoft, in that it now provides access to a single volume from multiple cluster nodes simultaneously. I’ll get into the details of CSV in another blog post, but suffice it for now to say that CSV greatly simplifies the process of working with SAN volumes in large clusters (no more drive letter vs. volume GUID deliberations) and enables us to use live migration without additional third-party software.



Exchange Server 2010 Beta Released to the Public

In case you’re interested in Exchange Server happenings, the Beta of Exchange Server 2010 has been released and you can download it now!



Download Microsoft Exchange Server 2010 Beta.


Offer lower-cost, high-value communications solutions to your customers.

Always an industry standard, Microsoft Exchange Server 2010 has been improved in three major ways.

It is more flexible and reliable. And easier to deploy and administer. So it can save you and your customers money by reducing IT overhead and help-desk loads. Online options let you and your customers leverage cost and technology advantages of cloud-based solutions, which also support data backup, storage, and disaster recovery.

It delivers anywhere access. Let’s face it. Nothing is going to work better with Microsoft Office Outlook-enabled devices than Exchange. But interoperability goes beyond that. Beyond Windows without walls. Beyond even the Windows Mobile software platform. Exchange Server 2010 can help users access all their communications from a single location, wherever it might be. Whatever the device. Whatever the platform or browser. So everyone gets more done.

It provides better communications protection and compliance. Exchange Server 2010 delivers integrated information-loss prevention and compliance tools that make it easier to protect communications and meet regulatory requirements. Built-in defenses against viruses and junk e-mail. Support for an array of third-party security products. The ability to respond quickly to litigation and discovery requests without workflow disruption. It’s a package your customers will want.

Test-drive the new Exchange Server—download the beta version now and share it with your customers.



Exchange Server 2010 Product Overview.


What’s new in Exchange Server 2010?


MSDN Exchange Server Developer Center and Exchange Server 2010 TechCenter.


Introducing Windows 7

Here’s a free 26 minute video presentation (Learning Snack) from Microsoft to help you get up to speed with Windows 7. 

 Free Learning Snack Offer: Introducing Windows 7
See the Windows 7 client operating system technologies and capabilities that reduce operating costs and improve performance, security, and reliability. This Learning Snack offer is a free, interactive presentation that can help you get up to speed quickly.

There’s a lot more of these “Learning Snacks” like this one on different topics, accessible from here: http://www.microsoft.com/learning/snacks/default.mspx – Topic include Virtualization, Windows Server 2008, Silverlight, etc.

Vista is an "Unsupported Guest OS?"

Have you ever seen the “Unsupported Guest OS” error message below when trying to stand up a Vista VM in Hyper-V?


The error text reads: “An error has occurred: The specified program requires a newer version of Windows.”  Huh?…newer than Vista? 

Well, it turns out that this is only experienced with Vista RTM…not with an integrated SP1 build of Vista.  While it’s becoming less and less likely that you’re working with just the RTM bits for Vista, it can come up for some folks and can be a huge time-sink to resolve.

In short, the fastest way around this problem is simply to use a slipstreamed SP1 build of Vista and you’ll avoid the whole issue.  However, if for some reason this isn’t feasible, here’s a brief description of a couple of solutions for this issue.

The main challenge is that there is no network card (NIC) installed in a basic Vista RTM Hyper-V VM (due to the lack of support for the Integration Services/Components).   Two approachs to resolving this:

1. Use the Vista SP1 CD / .ISO file and mount it as a CD/DVD for the VM. 
2. Shut down the Vista RTM VM, Add a Legacy Network Adapter, reboot, download Vista SP1.

After either option,

  • Install SP1
  • Reboot
  • Install the Hyper-V Integration Services
  • Reboot again

You should be fine at this point.  If you’ve chosen to install the Legacy Network Adapter, you can safely remove this extraneous hardware at the final reboot if you wish.


The technical reason for this is that Windows Server 2008 and Vista Service Pack 1 (based on the same code base) are the first 2 OSes considered to be “fully enlightened.”  This includes both driver enlightenment and kernel enlightenment.  What each of these terms refer to is the way in which the Hyper-V hypervisor interacts with the underlying hardware for a given OS.  Vista RTM didn’t have the same level of enlightenment support, hence the lack of synthetic device support.  There’s a great reference to Hyper-V terminology over on Ben’s blog: http://blogs.msdn.com/virtual_pc_guy/archive/2008/02/25/hyper-v-terminology.aspx 


Hyper-V Licensing Explained!

I’ve spoken to a lot of people who have expressed a lot of confusion about the OS licensing model when virtualizing systems using Hyper-V products.

There are some simple guidelines to observe when planning your Hyper-V infrastructure to take advantage of the licensing models for each edition of Windows Server 2008.

First, a term definition: Microsoft uses the term “OSE” to refer to an operating system environment, either physical or virtual.  Also, Microsoft refers to a “processor” in the context of a single processor socket on the motherboard.  This calculation is not affected when considering multiple core processors or hyper-threading capabilities on certain processor types.


Microsoft Hyper-V Server 2008, the latest product is a free download from Microsoft.  While this initially seems like the only answer to your needs, remember that Hyper-V Server provides no licensing for OSEs.  Each virtual OSE requires its own licensing.  It is also limited in terms of support for total RAM, number of processors and has no Quick Migration or High Availability capabilities.


Windows Server 2008 Standard Edition provides a single license to run a single instance of the software.  My understanding of these terms is that this permits you to run a single virtual OSE on top of the Standard Edition server without requiring additional licenses.  This arrangement also means that you are only permitted to use the physical server itself to run the Hyper-V virtualization software and to manage the OSEs on the server. 

Standard Edition is the most cost-effective if you want to run up to three simultaneous instances in a virtual OSE on the server.


Windows Server 2008 Enterprise Edition expands upon these terms, providing licensing for up to four simultaneous virtual OSEs in addition to the physical OSE.  You can run either Standard or Enterprise Edition in the virtual OSEs. 

Enterprise Edition is most cost-effective if you want to run four simultaneous instances in a virtual OSE per processor. Enterprise Edition is licensed by server, not per processor, but more than one Enterprise Edition license may be assigned to a server to have the rights to run more than four instances of Windows Server. For example, one license for Enterprise Edition for a one-processor server running four instances of Windows Server in a virtual OSE is slightly less expensive than one Datacenter processor license. And, two licenses for Enterprise Edition for a two-processor server running eight instances of Windows Server in a virtual OSE is slightly less expensive than two processor licenses for Datacenter Edition.


Windows Server 2008 Datacenter Edition completes the journey, with unlimited licensing for virtual OSEs.  You can run Standard, Enterprise or Datacenter in the virtual OSEs.

While Datacenter Edition is licensed by processor, not per server, it is most cost-effective for running more than four instances per processor. At four instances per processor, Datacenter Edition is slightly more expensive than Enterprise Edition, but provides room to add instances in a virtual OSE on the server at no additional cost. The flexibility gained from “unlimited” virtualization rights reduces concern of licensing compliance.


Microsoft Hyper-V Server 2008

Windows Server 2008 Standard

Windows Server 2008 Enterprise

Windows Server 2008 Datacenter

No Licenses

1 Physical + 1 Virtual

1 Physical + 4 Virtual

1 Physical + unlimited virtual


There are two great Windows Server Virtualization Calculators available online to help you estimate your needs and the cost impact of each edition. You can find them here:  



One last note is that Datacenter is no longer an OEM-only SKU.  The availability of Datacenter changed back in the Server 2003 R2 days and has continued through the Server 2008 release.


Happy Virtualizing!



How-To: Manipulate Hyper-V VM Symbolic Links (or How to Unregister and Register Virtual Machines without Deleting Them)

How-To: Manipulate Hyper-V VM Symbolic Links (or How to Unregister and Register Virtual Machines without Deleting Them)

Hyper-V operates using a list of symbolic links in a specific directory:

·         C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines

Each of these are links to the actual VM configuration files in their own respective subdirectories – whether stored locally or on shared storage, the link doesn’t change in its nature.

All you need to know in order to control which VMs are displayed in Hyper-V Manager follows:

1.   First you need to identify the GUID of the specific VM.  Look in the directory location for the VM you wish to manipulate and note the name of the .XML file in the Virtual Machines subdirectory.


     Our example will use the LitwareSpeech VM, located at D:\VMs\LitwareSpeech.  In the “D:\VMs\LitwareSpeech\Virtual Machines” path is the configuration file for this VM, named “D546B942-76AF-4C3B-97C6-9EE74828BC91.XML”

2.   To delete the reference to this VM in Hyper-V Manager, browse to “C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines\” and locate the symbolic link that is named after the VM GUID.  Deleting this link only deletes the reference to the VM in Hyper-V Manager – it does not delete the actual configuration of the VM or the VHD.



The path “C:\ProgramData” is a hidden directory path.  See “Viewing Hidden Folders” section later to complete these steps, if necessary.


3.   To later restore the reference to the VM, browse to the location, “C:\ProgramData\Microsoft\Windows\Hyper-V” and Shift-RightClick on the Virtual Machines directory.  Select Open Command Window Here.

4.   Using the VM GUID that you determined above in Step 1, run the following command:

mklink <GUID>.XML <VMConfigPath.XML> or in our example

mklink D546B942-76AF-4C3B-97C6-9EE74828BC91.xml “D:\VMs\LitwareSpeech\Virtual Machines\D546B942-76AF-4C3B-97C6-9EE74828BC91.xml”

This restores the reference to your VM in Hyper-V Manager.


The catch to this operation that I’ve learned is that when you create a VM, Hyper-V creates a security entry (ACE) on this symbolic link for the SID of the worker process for the VM.  Unfortunately, this ACE isn’t re-created when you recreate the symbolic link using mklink as detailed above.

If you try to start your re-registered VM at this point, you’re likely to receive this error message:


To address this requirement, follow these steps:

1.   Again, locate and note the GUID of the VM.

2.   Using this GUID, run the following command:

icacls “C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines\<GUID>.xml” /grant “NT VIRTUAL MACHINE\<GUID>“:(F) /L


Or in our example from above:

icacls “C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines\D546B942-76AF-4C3B-97C6-9EE74828BC91.xml” /grant “NT VIRTUAL MACHINE\D546B942-76AF-4C3B-97C6-9EE74828BC91”:(F) /L

3.   This process regenerates the necessary ACE on the symbolic link using the Service SID of the VM, rather than on the configuration file itself, replicating the initial state of the symbolic link.

4.    Once this command has been run successfully, you should be able to start your VM without further issues.



Viewing Hidden Folders

1.   Open Windows Explorer.  Select Tools, Folder Options…


2.   Select the View Tab and choose the option to “Show hidden files and folders”

3.   Click OK.



Migrating the AD RMS Databases

This post documents the steps necessary for moving the back-end SQL Server databases for your AD RMS installation to another SQL Server instance / server.  The steps for successfully updating the AD RMS server nodes differ from the process used for Windows RMS as originally outlined in this TechNet article: http://technet.microsoft.com/en-us/library/cc747607.aspx

 This post is essentially a re-write of the article mentioned, with all the steps updated to reflect the correct procedure to follow for AD RMS database migrations…enjoy!



There are instances in which a database server needs to be retired. An AD RMS database server hardware upgrade is one example. Before the database server is retired, the configuration database must be moved to a different database server. To protect the data in the configuration database, including the key pairs that it contains, you should carefully plan and implement a migration.

Microsoft recommends creating a CNAME alias for the AD RMS database server and then configuring AD RMS to use this alias. This eliminates the need to manually change the database server name in the AD RMS configuration database if the name of the server changes. When using a CNAME alias, you would only have to update the alias record.

Before you begin the configuration database migration, ensure that you have the following information:

  • The account name and password that was originally used to provision the servers in the AD RMS cluster that use this database.
  • If a software-based cryptographic service provider (CSP) is used for storing the AD RMS private key, the AD RMS private key password that was originally specified during provisioning. If a hardware security module (HSM) is used to store the RMS private key password, this step is not required.


Migrating the configuration database does not require a new server licensor certificate or a new server private key because AD RMS retains the settings from the original configuration database.


You should back up the AD RMS databases before doing anything on the database server. If this is not an option, you must, at a minimum, export your server licensor certificate. For more information about exporting the server licensor certificate, see To Export Your Server Licensor Certificate to a File. If an error occurs when the databases are migrated, you can import the server licensor certificate into a new RMS installation and consume content that was rights-protected with the older installation.

To migrate a configuration database, use the following steps:

  • Update the AD RMS configuration database to reflect the name of the new database server name.
  • Update the registry on each server in the AD RMS cluster to use the new database server name




This topic assumes that the AD RMS databases have already been copied to the new database server hosting the AD RMS databases.


1.    Stop the AD RMS Logging Service either through the Services interface or by typing net stop AdRmsLoggingService at a command prompt.

2.    Stop IIS services (IIS Admin Service and World Wide Web Publishing Service) either through the Services interface, through Internet Information Services (IIS) Manager or by typing IISRESET /stop at a command prompt.


The name of the database server that is hosting the AD RMS databases is stored in the AD RMS configuration database. After the database files have been migrated to the new database server, you must update the AD RMS configuration database. This can be done by using either the RMS Config Editor tool from the RMS Administration Toolkit or by using SQL Management Studio.

To update the AD RMS database server name by using RMS Config Editor, use the following steps:

To update the AD RMS configuration database by using RMS Config Editor

  1. Log on to an AD RMS server in the cluster as member of the System Administrators database role.
  2. Install the RMS Administration Toolkit from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=98961).
  3. Navigate to %SystemDrive%:\Program Files\RMS SP2 Administration Toolkit\RMSConfigEditor, and then double-click RMSCONFIGEDITOR.EXE.
  4. In the Server box, type the name of the new server hosting the AD RMS configuration database, and then click Go.


Windows Firewall, in its default configuration will not permit the RMS Config Editor program to successfully connect to the target database server / instance.  You must either disable Windows Firewall (not recommended) or add an exception for the RMS Config Editor program directly (recommended).


  1. In the Database box, click DRMS_Config_<RMS cluster name>_<Port>, where <RMS cluster name> is the name of the RMS cluster and <Port> is the TCP port on which RMS communicates, and then click Go.
  2. Click DRMS_ClusterPolicies.
  3. In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name.
  4. Click Persist.
  5. Change the value in the PolicyData column of the CertificationUserKeyStorageConnectionString row to reflect the new database server. The value should be data source=<new database server name>;integrated where <new database server name> is the name of the new database server.
  6. Click Persist.
  7. Repeat steps 9–10 for the value in the PolicyData column of the DirectoryServicesCacheDatabase row.
  8. Close RMS Config Editor.

To update the AD RMS configuration database by using SQL Server Management Studio, do the following steps:

To update the AD RMS configuration database by using SQL Server Management Studio

  1. Log on to the AD RMS configuration database server as local Administrator or another user account that is a member of the local Administrators group.
  2. Click Start, point to All Programs, point to Microsoft SQL Server 2005, and then click SQL Server Management Studio.
  3. On the Connect to Server page, ensure that the new database server name is listed in the Server name box, and then click Connect.
  4. Expand Databases, expand DRMS_Config_<RMS cluster name>_<Port>, and then expand Tables.
  5. Right-click DRMS_ClusterPolicies, and then click Open Table.
  6. In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name.
  7. Change the value in the PolicyData column of the CertificationUserKeyStorageConnectionString row to reflect the new database server. The value should be data source=<new database server name>;integrated where <new database server name> is the name of the new database server.
  8. Repeat steps 6–7 for the value in the PolicyData column of the DirectoryServicesCacheDatabase row.
  9. Close Microsoft SQL Server Management Studio.

To configure each server in the AD RMS cluster to use the new database server name, you must update three registry entries. Once this is complete, you must restart Internet Information Services (IIS) for the changes to take effect.


Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

To update the registry on each server in the AD RMS cluster

  1. Log on to a server in the AD RMS cluster as a member of the local Administrators group.
  2. Click Start, and then click Run.
  3. Type regedit.exe, and then click OK.
  4. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdRMSLoggingService\Params.
  5. Change the ConnectionString and LoggingDatabaseServer registry entries so that the data source value matches the new database server name.
  6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\2.0\ConnectionString.
  7. Change the ConfigDatabaseConnectionString registry entry so that the data source value matches the new database server name.
  8. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\2.0\KeyProtection
  9. There is a REG_BINARY Value here that starts “PASSWORDDERIVEDKEY_<name of your old SQL Server here>“.  Rename this Value to match the new database server name.
  10. Repeat steps 1–9 for every server in the AD RMS cluster.


1.    Start the RMS Logging Service either through the Services interface or by typing net start AdRmsLoggingService at a command prompt.

2.    Start IIS services (IIS Admin Service and World Wide Web Publishing Service) either through the Services interface, through Internet Information Services (IIS) Manager or by typing IISRESET /start at a command prompt.

How-To: Remove Crashed or Dead AD RMS Nodes from the cluster

I recently went through this procedure in my Test Lab environment, while planning for the Production implementation. 

Migrating from a much older version of Windows Rights Management Services (RMS) to Active Directory Rights Management Services (AD RMS), I was left with a couple of older RMS servers that needed to be manually removed from the RMS cluster.

Here are the steps:

Use the RMS Config Editor (part of the Rights Management Services Administration Toolkit with SP2):

http://www.microsoft.com/downloads/details.aspx?familyid=bae62cfc-d5a7-46d2-9063-0f6885c26b98&displaylang=en , and follow these steps:

1. Enter the name of the database server in the Server field (i.e. – Server_Name\SQL_Instance)
2. Select the DRMS_Config_<servername>_80 Database in the database dropdown field
3. Choose the DRMS_ClusterServer entry in the left-hand pane and you’ll see the names of all your RMS Servers – past and present
4. Click the arrow next to any row you want to remove and hit the Delete key (no delete button within the interface)
5. Finally, and perhaps most importantly, at the top right, under Actions: you must click the “Persist” button to commit the changes to the SQL database.

Refresh your RMS console and voila!  The crashed / dead RMS server node is gone (under Properties, AD RMS Servers Tab)!

You might want to take the appropriate / necessary precautions prior to performing this little bit of surgery.  Consider stopping the AD RMS Logging service and IIS on each active RMS Server and try to confirm that there are no connections to the RMS Databases (through SQL Enterprise Manager or SP_who2 in SQL Query Analyzer) and at least take a backup of all three RMS Databases, just in case, right?  🙂

Hope this helps,