Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Users cannot open or create content that is protected by Active Directory Rights Management Services, and an error code 12057 is logged

View products that this article applies to.


Consider the following scenario:
  • You use Active Directory Rights Management Services (AD RMS) to protect content.
  • In your deployment, Secure Sockets Layer (SSL) authentication is required by the Rights Management Server.
  • A user tries to open or create some content that is protected by AD RMS.
In this scenario, the operation that the user is trying to complete fails.

If you search the Debug View logs on the Rights Management Services (RMS) client, you find an error 0x8004cf3b that has an error code 12057. If you map the error code to the corresponding WinInet error code, this error is an ERROR_INTERNET_SEC_CERT_REV_FAILED error.

↑ Back to the top


This problem occurs because the SSL certificate has an invalid Certificate Revocation List (CRL) Distribution Point (CDP) specified. Therefore, the Cryptographic API revocation that checks for this certificate fails.

↑ Back to the top


To resolve this problem, make sure that the SSL certificate uses the correct CRL.

↑ Back to the top

Keywords: kbtshoot, kbexpertiseinter, kbsurveynew, kbprb, kb

↑ Back to the top

Article Info
Article ID : 969608
Revision : 4
Created on : 8/28/2018
Published on : 8/29/2018
Exists online : False
Views : 539