In order to use the Microsoft Federation Gateway, after you add Microsoft Federation Gateway Support, you must enroll your Active Directory Rights Management Services (AD RMS) cluster with the Microsoft Federation Gateway. After this, you must configure and enable Microsoft Federation Gateway Support. The following procedure explains this process.

Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enroll the AD RMS cluster and enable Microsoft Federation Gateway Support
  1. Log on to a server in the AD RMS cluster.

  2. Open the Active Directory Rights Management Services console and expand the AD RMS cluster.

  3. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support.

  4. In the Actions pane, click Configure Microsoft Federation Gateway Support.

  5. When the Enroll Cluster with the Microsoft Federation Gateway wizard appears, verify that the SSL certificate is the correct certificate that proves domain ownership for enrolling with the Microsoft Federation Gateway. If it is not, click Browse to select the correct certificate. For information about which certificate to select, see Important considerations for installing AD RMS with Microsoft Federation Gateway Support.

  6. Click Next, and then click Finish.

  7. On all servers in the AD RMS cluster, perform the task described in Grant the AD RMS Service Group Permission to the SSL Certificate.

  8. Perform the following tasks, as needed:

  9. In the Actions pane, click Enable Microsoft Federation Gateway Support.

Important

If the certificate you select in step 5 contains a subject alternate name (SAN), the last entry in the SAN list must be the fully qualified domain name of the domain you want to enroll with the Microsoft Federation Gateway.

Additional considerations

Additional references

Table Of Contents