Troubleshooting IRM with modern authentication in Office 2013

This article describes problems you may encounter & their workarounds using IRM and modern authentication together in Office 2013.

If you are configured to use IRM and modern authentication together, you may experience the following issues.

Issues with Azure RMS

Note: the below only applies to Azure Rights Management (Azure RMS). For problems affecting Active Directory Rights Management Services (AD RMS), see the section below.

1. When opening an IRM document, you see the following error: You do not have credentials that allow you to open this document. You can request updated permission from <sender>. Do you want to request updated permission?
   
2. When opening an IRM email, you see the following error: You do not have permission to open this message. Do you want to open it with a different set of credentials?
   
3. When protecting a new document or email with IRM via the "Protect Document" button in the File > Info tab, or the "Permission" button in an Outlook mail message, you see the following error: Your machine isn't set up for Information Rights Management (IRM). To set up IRM, sign in to Office, open an existing IRM protected message or document, or contact your help desk.
   

Workaround

• Update Office 2013 to the latest version (June 2015 update or later)

Other workarounds

• Use Active Directory Rights Management Services (AD RMS) instead of Azure RMS.
• Opt-out of modern authentication by reverting the registry entries on your machine as explained on this page.
• For documents: documents stored in SharePoint Protected Libraries can still be viewed in the Office Online viewer apps in the browser.
• For emails: IRM-protected emails can still be opened and created using Outlook Web Access (OWA).

Note: the above only applies to Azure Rights Management (Azure RMS). For problems affecting Active Directory Rights Management Services (AD RMS), see below.

Issues with AD RMS

Note: the below only applies to Active Directory Rights Management Services (AD RMS). For problems affecting Azure Rights Management (Azure RMS), see above.

When opening an IRM document or email, you see the following error: The Active Directory Rights Management Services client needs to display a window to complete the operation, but the application requested silent mode.

Workaround #1

1. Click File > Protect Document > Restrict Access > Connect to RMS and get templates
2. Try again to open the protected document or email

In some cases, this will fix the problem. If the problem persists, try workaround #2 below.

Workaround #2

1. Close all Office applications
2. Add the following registry key: HKEY_USERS\user SID>\SOFTWARE\Classes\Local Settings\Software\Microsoft\MSIPC\server name>\UserConsent (DWORD). Set the value to 1
   • <user SID>: the SID of the account that is using IRM. To figure out what SID belongs to your account, run the following command from a command prompt. wmic useraccount where name='%username%' get sid
   • <server name>: the name of the AD RMS server in your environment. For example: adrms.contoso.com
3. Open Office and open the document or email again

Note: Applying this workaround will suppress the dialog that asks for user permission to connect to the specified AD RMS server.