This is my first post in a series discussing the use of Information Rights Management (IRM) functionality with Windows Mobile 6. I’m the fortunate owner of a recently upgraded T-Mobile Dash, so I figured I’d be a great candidate to start this out. Unfortunately, it looks like I’m going to need to wait a little longer until I can enjoy the encrypted goodness of IRM-protected content.
PointBridge has Rights Management Services 1.0 Service Pack 2 deployed and functional both internally and externally. We use Exchange 2007 Server and Office 2007 for all of our productivity needs and our entire desktop environment runs on Windows Vista Business Edition. So we’re current on our technology and like any other company, we’re always concerned about information leakage. So I figured we’re a prime candidate to "dogfood" this kind of stuff. As it turns out, being ahead of the curve can sometimes lead to some disappointments.
For starters, one should know that a Windows Mobile 6 phone requires activation before it can consume IRM protected content. This activation process can only be achieved by using Microsoft ActiveSync 4.5. There is no "Advanced Tools" section in Windows Mobile Device Center. If you’re a Vista user like me, you’re currently out of luck. If you’re thinking of firing up a Virtual PC with Windows XP and ActiveSync 4.5 to do this with, think again. Virtual PC does not support USB 2.0 pass-through from your host to the guest VM, so you’re going to have trouble connecting your phone. So I fired up a Virtual Machine using an (ahem) alternative virtualization platform that supports USB 2.0 for guest Operating Systems and started the configuration process.
I should mention that before diving into ActiveSync 4.5, you need to make sure your Windows XP SP 2 computer is joined to the Active Directory domain and the RMS 1.0 SP 2 client is installed and activated. In my case, I actually RMS-protected a test document to be sure the machine could access the RMS server and pass my Windows Integrated credentials without issue. All of that worked fine.
After installing ActiveSync 4.5, things started off pretty well. I was able to create a partnership with my phone and could access the "Activate Information Rights Management" option in the "Advanced Tools" section.
After selecting the option, the Activation Process kicked in. Again, things seemed to be going as expected.
However, I kept getting prompted to authenticate. After repeated attempts, I just couldn’t get past this prompt.
I disconnected and figured I could at least try to see if I could access RMS-protected content from the Inbox of my phone. I sent myself an RMS-protected message and promptly received the following error message when trying to open it:
Message cannot be opened. Information Rights Management is not configured properly. Connect to your PC, start ActiveSync and click "Activate Device Rights Management" in the "Advanced Tools" menu.
So obviously something went wrong with the activation process. When I attempted to re-connect the phone with the hopes of repeating the setup steps, I discovered the entire "Activate Information Rights Management" option was now greyed out. Not good.
Not to be deterred, I wiped my phone with the thought that the activation status is probably stored in the registry somewhere and needed to be removed. Unfortunately, after a clean re-install of Windows Mobile 6 and a brand new partnership, the option is still greyed out. I even re-installed Active Sync to no avail. Curiously enough, I did notice an RMS Machine Certificate on my phone. It’s located under: Application DataMicrosoftDRM. I’ll go into the details of that in a later post.
I must say I’m rather disappointed. I’m willing to admit I did something wrong, but it’s really hard to tell since there is absolutely no documentation from Microsoft on this that I can find. I’m going to try to reach out to the product group and see what’s going on here and how to get it fixed. Stay tuned.