Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 24 Source: RMS

Source
Level
Description
A client request includes a publishing license that is not trusted. The following information was reported: Microsoft.DigitalRightsManagement.Licensing.UntrustedRightsLabelException: The publishing license was not issued by a trusted source.
   at Microsoft.DigitalRightsManagement.Licensing.LicensePipeline.ValidateSignedRightsLabel(SignedRightsLabelDocument oSignedRightsLabel Boolean fSuperUser)
   at Microsoft.DigitalRightsManagement.Licensing.LicensePipeline.GenerateEUL(PersonaCertificate oPersonaCert SignedRightsLabelDocument signedRightsLabel String Ticket IDrmsPropertyBag propertyBag)
   at Microsoft.DigitalRightsManagement.Licensing.LicensePipeline.PipelineAcquireLicense(AcquireLicenseParams[] RequestParams HttpRequest request IIdentity userIdentity).
Comments
 
From a newsgroup post: "If you re-provisioned your RMS server, then I suspect the user that sent the email still has a publishing license that was signed by the original instance of RMS. The new instance of RMS will not be able to provide use licenses for content protected by those legacy credentials (unless you import the old key material as a "trusted publishing domain"). This is only possible if you exported/backed up the key material before you re-provisioned.
You should make sure that any clients that received credentials (RACs and CLCs) from the legacy RMS server remove those credentials and get new ones from the current RMS server; otherwise, you will keep having this problem. The RACs are valid for a year, and the CLCs do not expire, so the clients will merrily continue to use them as long as they are there on their systems.
Clients can remove their old credentials by opening an RMS enabled app (like Word 2003), selecting File -> Permission -> Restrict Permission As, selecting their email address and clicking "Remove". The next time they try to use an RMS function, they will automatically go get a new set of credentials from the new server".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...