Ok, I’m still learning about Windows Rights Management Services (RMS) and SharePoint Information Rights Management (IRM) and the configuration black art that it is … so … precision and accuracy of the solution below is not guaranteed.
Problem
A document library configured with information rights management protection will not display the contents of Office documents after they’re originally created/uploaded. When you try and open, for example, a Word document from the IRM protected SharePoint library all you see is this:
Solution
SharePoint IRM and Windows RMS require that the user’s email address be present for both the user account (AD account or local account) AND for the user’s SharePoint profile.
The reason why the email attribute is so important goes something like this: RMS uses the email address to uniquely identify each user and the first time a user tries to protect content, RMS will provision a client certificate from the RMS server. So, I guess this infers that without the email attribute, RMS can’t get a certificate for the user and, therefore, doesn’t know if the user can legitimately see the document and, therefore, does not show the document just in case? Make sense?
Anyway, I had seen/heard somewhere that the email attribute must be present for the user’s Active Directory account. So, I ensured that my test user had an AD email attribute. But things still didn’t work (i.e. blank documents as above). Then, on a call with Microsoft Product Support, we were told that when using SharePoint Information Rights Management (which uses RMS), the user’s SharePoint profile must also have an email address for the “Work e-mail” attribute as shown here:
After ensuring this e-mail attribute was set then, voila, things started working with IRM protected SharePoint document libraries. If your environment is using Active Directory and the user’s AD “E-mail” attributes contain email addresses, then using SharePoint profile import will automatically import the email addresses for the SharePoint user profiles.
Thanks for this post! Worked like a charm. I was having the same issue using a test account and I couldn’t figure out why the document kept coming up blank.
Thanks again!
I am having exactly same problem as you described in your post, I checked user profile, it has the Work e-mail info set, so what’s the next step I need to check to fix the problem? Thanks.
Anne, just to confirm, is the email attribute also set for the user’s active directory account?
My problem persist. The user have a AD and profile email set. But still the document don’t open. Maybe I need to restart the sharepoint server or AD server? Thanks in advance.
Wow I have searched for a reason why my IRM was not working and here I come across this lovely site that with one screen shot the answer was given. Thank you so much!!
Furthermore, the user accessing the Library must also have sufficient permissions on his workstation. For example; a “default” test user got an error of “Could not open “. Upgrading him to a Local Administrator made it work just fine.
This is my findings, just thought I would share.
/Simon