@DP
Thank your for your time and patience throughout this issue. I received an update from our engineering team and will post their troubleshooting steps below.
Troubleshooting in order to narrow down the issue:
- Verify that the HSM-based key is working properly on AD RMS by creating an AD RMS template on the AD RMS server.
- Double check the imported TPD is marked as the active key in AIP, using the command Get-AipServiceKeys, also take note of the KeyIdentifier of the active key.
- Reset a new client that does not have registry redirections configured, protect a Word document. Open the Word document with Notepad and search the KeyIdentifer found in the previous step.
- Retry unprotecting the protected document on the client with AD RMS redirections.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.