Office 2010, Office 2007 or MSDRM throws E_DRM_BROKEN_CERT_CHAIN? Here is the fix.
Hi folks,
Some partner developers recently raised the issue that they are getting E_DRM_BROKEN_CERT_CHAIN error in Office 2010, Office 2007 or MSDRM when testing in pre-production hierarchy. Our developer Sumanth fixed the bug and would like to explain the issue for you,
Thanks,
Dan
I'm Sumanth Lingom, a developer on the RMS team. Some of our partners using MSDRM have reported E_DRM_BROKEN_CERT_CHAIN error when testing their applications in the pre-production environment. Our investigation revealed that the cause of this error is a stale certificate in the application signing certificate chain (used to create application manifest). To fix this and make sure this never happens again, we have made the pre-production application manifest validation liberal. This also helps the application developers to focus on feature development without having to worry about the post-development specific activities. If you are wondering if this has any effect on the production environment, the answer is NO. We assure you that the production environment remains unchanged, its just that we've become more developer friendly. If you are facing this problem, you can resolve it with the following steps:
On your test machine (where the application you are testing is running)
- For 32-bit machines - Download the 32-bit versions of secproc_isv.dll and secproc_ssp_isv.dll in the attached zip file and overwrite the existing ones in the folder %SystemRoot%\System32
NOTE: By default, the ownership of each of these files belongs to Trusted Installer. You cannot overwrite the files without taking their ownership. To take the ownership of the files, open the command prompt as an administrator (right click on command promptshort cut and then select ‘Run as administrator’), navigate to the folder %SystemRoot%\System32 and run the following commands.
takeown /f secproc_isv.dll
takeown /f secproc_ssp_isv.dll
Once you have successfully obtained the ownership, you can replace the files with the downloaded ones.
END OF NOTE.
2. For 64-bit machines
Download the 32-bit versions of secproc_isv.dll and secproc_ssp_isv.dll in the attached zip file and overwrite the existing ones in the folder %SystemRoot%\SysWOW64 (after taking the ownership of the existing files as described in step #1)
Download the 64-bit versions of secproc_isv.dll and secproc_ssp_isv.dll in the attached zip file and overwrite the existing ones in the folder %SystemRoot%\System32 (after taking the ownership of the existing files as described in step #1)
3.Ensure that you have the correct registry key settings for the client to work against pre-production server.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uDRM]
"Hierarchy"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\uDRM]
"Hierarchy "=dword:00000001
We thank all those who reported this issue. As always, if you need further assistance please post your question in our Microsoft Connect forum. If the website shows 'Page not found' it may be that you haven’t registered on Microsoft Connect, Go to https://connect.microsoft.com, sign in with your Microsoft Account > Directory> Search for Rights Management Services > Join.
-Sumanth