The AD RMS Service Connection Point

The AD RMS Service Connection Point

The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster.  AD RMS-enabled applications use the SCP to discover the AD RMS service; it is the first connection point for users to discover the AD RMS web services. 

Only one SCP can exist in your Active Directory forest.  If you try to install AD RMS and an SCP already exists in your forest from a previous AD RMS installation that was not properly deprovisioned, the new SCP will not install properly.  It must be removed before you can establish the new SCP.  A SCP can be viewed using ADSI Edit or LDP.  To view the SCP, connect to the configuration container in ADSI Edit and navigate the following nodes: CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP.  You can remove an SCP by using the ADScpRegister.exe tool included in the RMS Administration Toolkit, which you can download from the Microsoft Download Center:

The AD RMS SCP can be registered automatically during AD RMS installation, or it can be registered after installation has completed.  To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.  If the user account installing AD RMS does not have permission to register the SCP you will see and Event ID: 190 in the Event Viewer.  You can manually register the SCP in the AD RMS console.  Open SCP tab in the cluster's Properties box and select the Change SCP check box. 

If a client computer is not located within the Active Directory Forest, you must use registry keys to point the AD RMS client to the AD RMS cluster.  These registry keys are created in HKEY_Local_Machine\Software\Microsoft\MSDRM\ServiceLocation.   Create a key called Activation with the value of http(s)://<your_cluster>/_wmcs/certification where <your_cluster> is the URL of the root cluster used for certification.

If you are registering the SCP from an AD RMS cluster in a child domain you may receive an error stating that SCP registration failed.  In many cases, the registration was successful, but the registration first takes place in the top-level domain and it takes time to replicate to the child domain where the AD RMS cluster checks for the SCP object.  Once the SCP has been replicated to all global catalog servers in the forest, the message will no longer appear.

Leave a Comment
  • Please add 4 and 5 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
  • Richard Mueller edited Revision 5. Comment: Removed (en-US) from title

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
  • Richard Mueller edited Revision 5. Comment: Removed (en-US) from title

  • Sometimes using typical way to register SCP doesn't really work so you have to create a new container that has the value SCP and then re-change SCP in ADRMS cluster.


  • @alokemc: I wanted to answer your question in case others have the same issue. In order to create/delete the AD RMS SCP the account doing that must be a domain enterprise administrator. You are trying to write to the configuration container for the whole forest, thus need to be an EA. (

  • sad

  • after i uninstall the ADRMS i ran this tool with the following command

    C:\Program Files\RMS SP2 Administration Toolkit\ADScpRegister>ADScpRegister.exe


    General access denied error

    i am always getting this error. Please note that i am logged in as rmsdevelopment\adrmsadmin in my system.

    I want to unregister because when i try to reinstall the AD rms in pre production I don't see the SCP checkbox option as i had seen on my fresh installation



Page 1 of 1 (5 items)