Overview

The following is an abridged version of the official TechNet documentation.  This version is slightly shorter than the original and does not go into testing the databases once they have been moved.  This version does however provide accompanying video to assist and clarify the steps.  For the original TechNet version see AD RMS Database Relocation without a CNAME Record – Step-by-Step (http://go.microsoft.com/fwlink/?LinkID=188464) or a full version can be downloaded from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=191155) .

This topic consists of the following three articles:

• Relocating the AD RMS databases – Part 1 – Preparing the new SQL Server (http://go.microsoft.com/fwlink/?LinkID=191125)
• Relocating the AD RMS databases – Part 2 – Backing up the existing AD RMS databases (http://go.microsoft.com/fwlink/?LinkID=191126)
• Relocating the AD RMS databases – Part 3 – Restoring the AD RMS databases (http://go.microsoft.com/fwlink/?LinkID=191127)

 

Scenario description

 Fabrikam, a fictitious company, wants to move their current AD RMS databases from an existing Microsoft SQL Server 2008 server to a brand new server.  When AD RMS was originally installed, the old Fabrikam Administrator used the physical name of the SQL Server.  The new Administrator wants to minimize the downtime for AD RMS in the event of a disaster recovery.  To do this, the new Administrator wants to move to using a CNAME record when the database is moved.  Prior to doing this in production, Fabrikam would like to setup a test environment that will allow them to walk through the process of moving the database.  This will also allow them to verify that everything is working after the database move.

 

Table 1 - Machines and Roles

Computer Name	Forest	Operating System	Memory	Applications and Services	IP Address
DC	fabrikam.com	Windows Server 2008 x64 SP2	512	Active Directory, DNS, Certificate Authority	192.168.100.100
EX	fabrikam.com	Windows Server 2008 x64 SP2	2048	Exchange 2007, IIS 7.0.	192.168.100.101
ADRMS	fabrikam.com	Windows Server 2008 x64 SP2	1024	AD RMS, IIS 7.0	192.168.100.102
SQL1	fabrikam.com	Windows Server 2008 x64 SP2	1024	Microsoft SQL Server 2008 SP2	192.168.100.103
SQL2	fabrikam.com	Windows Server® 2008 R2 x64	1024	Microsoft SQL Server 2008 SP2	192.168.100.104
CLT	fabrikam.com	Windows 7 Enterprise x86	1024	Microsoft Office 2007 Enterprise Edition SP2	192.168.100.105

 

Table 2 - Required Accounts

Account	Display name	Forest	Group Membership	Password	Description
ADRMSService	ADRMS Service	fabrikam.com	NA	Pass1word$	The ADRMS Service account.  This account was used during the installation of ADRMS.  Installing ADRMS is a prerequisite to using this document.

Preparing the new SQL Server

The following steps cover how to prepare the new SQL server prior to moving the databases.  This is done first, to minimize any downtown of the AD RMS Server.  The following five steps are covered below:

• Add DisableStrictNameChecking Registry Key
• Enable SQL Firewall Ports
• Enable SQL Server Network Protocols
• Add ADRMSService to SQL Logins
• Create CNAME Record

Add DisableStrictNameChecking Registry Key

This step explains how to add the DisableStrictNameChecking registry key.  This key allows connections to be made to the SQL server by names other than the proper name.  By default, SQL Server 2008 will not allow this.

 To add the DisableStrictNameChecking Registry Key:

1. Log on to SQL2.fabrikam.com as fabrikam\Administrator.
2. Click Start, type regedit.exe in the Start Search box, and then press ENTER.
3. Expand the following registry key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
4. Right-click Parameters, click New, and then click DWORD (32-bit) Value.
5. In the Value name box, type DisableStrictNameChecking, and then press ENTER.
6. Double-click the DisableStrictNameChecking registry value and type 1 in the Value data box, and then click OK.
7. Close Registry Editor.

Figure 1 - DisableStrictNameChecking

 Video 1 - Add DisableStrictNameChecking Registry Key

Enable SQL Firewall Ports

This step explains how to enable the firewall rules on the new SQL server.  These rules are required to allow the AD RMS cluster to communicate with the SQL Server.

 To enable the firewall ports on SQL2:

1. Log on to SQL2.fabrikam.com as fabrikam\Administrator.
2. Click Start, select Administrative Tools and click Windows Firewall with Advanced Security.  This will bring up Windows Firewall with Advanced Security.

     Figure 2 – Windows Firewall with Advanced Security

    

3. On the left, select Inbound Rules and on the right click New Rule.  This will bring up the New Inbound Rule Wizard.

Figure 3 – New Inbound Rule Wizard

    

4. On the Rule Type screen, select Port and click Next.

Figure 4 – Protocols and Ports

    

5. On the Protocol and ports screen, select TCP and enter 445 in the box next to Specific local ports: and click Next.
6. On the Action screen, select Allow the connection and click Next.

Figure 5 - Action

    

7. On the Profile screen, select Domain, Private, and Public then click Next.

Figure 6 - Profile

    

8. On the Name screen, enter SQL Server Named Pipes in the box and click Finish. 
9. Repeat these steps for all of the entries in the table below.

Table 3 - SQL Server Firewall Port Exceptions

Protocol	Port Number	Name
TCP	445	SQL Server Named Pipes
TCP	1433	SQL Server Listening Port
UDP	1434	SQL Server Browser Service

Video 2 -  Enable SQL Firewall Ports

Enable SQL Server Network Protocols

This step explains how to enable the allowed network protocols for SQL2.  This is done so that the AD RMS Server can communicate with the database server.

To enable SQL Server Network Protocols

1. Log on to SQL2.fabrikam.com as fabrikam\Administrator.
2. Click Start, select All Programs, click Microsoft SQL Server 2008, click Configuration Tools, and select SQL Server Configuration Manager.  This will bring up the SQL Server Configuration Manager.

Figure 7 – SQL Server Configuration Manager

3. In SQL Server Configuration Manager, on the left, expand SQL Server Network Configuration and click Protocols for MSSQLSERVER.  This will populate the right pane with four protocols and their status.

Figure 8 – Protocols for MSSQLSERVER

4. On the right, right-click Disabled next to Named Pipes and select Enable.  This will bring up a pop-up box that says Any changes made will be saved; however, they will not take effect until the service is stopped and restarted.  Click OK.

Figure 9 – Enable Protocols

Figure 10 – Restart box

5. On the right, right-click Disabled next to TCP/IP and select Enable.  This will bring up a pop-up box that says Any changes made will be saved; however, they will not take effect until the service is stopped and restarted.  Click OK.

Figure 11 – Protocol Summary

6. In SQL Server Configuration Manager, on the left, click SQL Server Services.  This will populate the right pane with three services and their state.

Figure 12 – SQL Server Services

7. On the right, right-click SQL Server (MSSQLSERVER) and select Stop.  This will stop the SQL Server service.
8. On the right, right-click SQL Server (MSSQLSERVER) and select Start.  This will start the SQL Server service.
9. Close SQL Server Configuration Manager.

Video 3 -  Enable SQL Server Network Protocols

Add ADRMSService to SQL Logins

This step explains how to add the AD RMS Service Account (ADRMSService) to SQL Logins on SQL2.  This allows the service account to connect to SQL2. 
To add ADRMSService to SQL Logins

1. Log on to SQL2.fabrikam.com as fabrikam\Administrator.
2. Click Start, select All Programs, click Microsoft SQL Server 2008 and select SQL Server Management Studio.  This will bring up the Connect to Server dialog box.  Ensure that the Server name is SQL2 and that Authentication is set to Windows Authentication.  Click Connect.
3. On the right, expand Security, right-click Logins, and select New Login.  This will bring up the Login – New screen.

Figure 13 – Login - New

4. On the Login – New screen, click Search.  This will bring up a Select User or Group box.
5. On the Select User or Group box, enter fabrikam\ADRMSService in the box below Enter the object name to select (examples) and click Check Names.  This should resolve with an underline.  Click Ok.

Figure 14 – Name Resolved

6. On the Login – New screen, click OK.  This will close the Login – New screen.
7. Close SQL Server Management Studio.

 Video 4 - Add ADRMSService to SQL Logins

 

Create CNAME Record

This step explains how to create a CNAME record in DNS.

Figure 15 – Create CNAME Record

To create a CNAME Record:

1. Log on to DC.fabrikam.com as fabrikam\Administrator.
2. Click Start, point to Administrative Tools, and then click DNS.  This will bring up the DNS Manager.
3. From the DNS Manager, on the left, expand DC, expand Forward Lookup Zone, and click fabrikam.com.  On the right, right-click a blank portion of the screen and select New Alias (CNAME) from the menu.  This will bring up the New Resource Record dialog box.
4. On the New Resource Record box, under Alias name (uses parent domain if left blank): enter RMS-SQL.
5. On the New Resource Record box, under Fully qualified domain name (FQDN) for target host: enter sql2.fabrikam.com.  Click OK.
6. Close DNS Manager.

Figure 16 – DNS Manager

Video 5 - Create CNAME Record