Azure Information Protection Scanner deployment - error acquiring token

0

I am trying to deploy Azure Information Protection Scanner on a Windows Server 2016 VM following the instructions here.

I have completed the Pre-Requisites and Install the scanner sections and the Azure Information Protection Scanner service is running with an AD account that is synced to Azure AD and does have logon locally rights as a local administrator on the VM. I am now trying to complete the Get an Azure AD token for the scanner section. I have created the 2 Azure applications that the above guide describes, noted the details and then tried to run the following PowerShell command to acquire an Azure AD token:

Set-AIPAuthentication -webAppId "The ID of my Web app / API app" -webAppKey" The Key value generated by my Web app / API app" -nativeAppId "The ID of my Native app"

When prompted I then enter Azure AD credentials for the service account. These are accepted and I see the following: Microsoft sign in popup screenshot

I click on accept and then see the following PowerShell error:

Set-AIPAuthentication error acquiring token screenshot

Can you advise are there further steps that are required to acquire the Azure AD token for the AIP scanner/

I have included the contents of the MSIPPowershell.iplog below. Thanks, Gareth


MSIPPowershell.iplog

Error 2018-11-14 15:14:31.4437 MSIP.ServiceClient powershell (4996) Failed to bootstrap to azure rights management service server https://b69c1d0c-2d7f-47d9-a438-410f53dcdd38.rms.eu.aadrm.com/_wmcs/licensing "System.Threading.ThreadPoolWorkQueue.Dispatch System.Threading.Tasks.Task.ExecuteEntry System.Threading.Tasks.Task.ExecuteWithThreadLocal System.Threading.Tasks.Task.Finish System.Threading.Tasks.Task.FinishContinuations System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run System.Threading.ExecutionContext.Run System.Threading.ExecutionContext.RunInternal Microsoft.InformationProtection.ServiceClient.Bootstrapping.Bootstrapper+d__66.MoveNext" "Microsoft.InformationProtectionAndControl.InformationProtectionException: The request is not supported. HRESULT: 0x80070032 at Microsoft.InformationProtectionAndControl.SafeNativeMethods.ThrowOnErrorCode(Int32 hrError) at Microsoft.InformationProtectionAndControl.SafeNativeMethods.IpcGetTemplateList(ConnectionInfo connectionInfo, Boolean suppressUI, Boolean offline, Boolean hasUserConsent, IntPtr parentWindow, CultureInfo cultureInfo, GetTemplateListFlags flags, Object credentialType, WaitHandle cancelCurrentOperation) at Microsoft.InformationProtection.RMS.MSIPC.Msipc.GetTemplateList(ConnectionInfo connectionInfo, Boolean forceDownload, Boolean suppressUI, Boolean offline, IntPtr parentWindow, CultureInfo cultureInfo, Object credentialType, CancellationToken cancellationToken) at Microsoft.InformationProtection.RMS.MSIPC.RightsPolicyTemplate.GetAll(ConnectionInfo connectionInfo, Boolean forceDownload, Boolean suppressUI, Boolean offline, IntPtr parentWindow, Object credentialType, CancellationToken cancellationToken) at Microsoft.InformationProtection.ServiceClient.Bootstrapping.Bootstrapper.ListTemplates(ConnectionPoint connectionPoint, Boolean silent, Boolean forceDownloadTemplates, String oauth2AccessToken, IntPtr parentWindow, CancellationToken cancellationToken) at Microsoft.InformationProtection.ServiceClient.Bootstrapping.Bootstrapper.<>c__DisplayClass68_0.b__0() at System.Threading.Tasks.Task.Execute() --- End of stack trace from previous location where exception was thrown --- ...and: Error 2018-11-14 15:14:31.4594 AIP powershell (4996) Error acquiring token "System.Management.Automation.Interpreter.Interpreter.Run System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run System.Management.Automation.Interpreter.ActionCallInstruction`6.Run System.Management.Automation.PipelineOps.InvokePipeline System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate System.Management.Automation.CommandProcessorBase.DoExecute System.Management.Automation.CommandProcessor.ProcessRecord Microsoft.InformationProtection.Powershell.AIP.Commandlets.SetAIPAuthenticationCmdLet.ProcessRecord Microsoft.InformationProtection.Powershell.AIP.Commandlets.AIPBaseCmdlet.HandleTerminatingException" "Microsoft.InformationProtectionAndControl.InformationProtectionException: The request is not supported. HRESULT: 0x80070032 at Microsoft.InformationProtection.Powershell.AIP.Commandlets.SetAIPAuthenticationCmdLet.ProcessRecord()" DS\svc-aip-scanner 10

azure
asked on Server Fault Nov 15, 2018 by Gareth

1 Answer

0

We have now discovered that as our Azure subscription was acquired before February 2018 we had to activate Azure Rights Management to get this to work. As soon as this was activated the Set-AIPAuthentication cmdlet completed successfully.

answered on Server Fault Dec 19, 2018 by Gareth

User contributions licensed under CC BY-SA 3.0