| Event Id | 219 |
| Source | Active Directory Rights Management Services |
| Description | A request was made with a payload that was too big or to a URI that was too long. |
| Event Information | According to Microsoft : Cause : This event is logged when a request was made with a payload that was too big or to a URI that was too long. Resolution : Increase maximum size of URI in registry The Uniform Resource Identifier (URI) in the AD RMS request is too long. To resolve this, do one of the following: a)Decrease the length of the URI by applying rights-protection to smaller files or by using shorter computer names for the AD RMS-enabled clients. b)Increase the maximum bytes that Internet Information Services (IIS) will accept in an AD RMS request. To increase the maximum size of the URI in the registry: To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. 1.Log on to the AD RMS server that is logged in the event. 2.In theStart Search box, typeregedit, and then press ENTER. 3.Navigate toHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Http\Parameters. 4.Right-click Parameters, point toNew, and then clickDWORD (32-bit) Value. 5.TypeUriMaxUriBytes for the name, and then press ENTER. 6.Right-clickUriMaxUriBytes, and then clickModify. 7.Type the new value in bytes, and then click OK. The default value for this registry entry is 4096 with a maximum value of 16777216. Verify : AD RMS allows the user to apply rights-protection to a document and specify a Windows Live ID user to consume the content. Use the first procedure, "Ensure that the AD RMS cluster can contact the Windows Live ID service," to ensure that the AD RMS cluster can access the Internet to establish this trust policy. To perform these procedures, you must be a member of the local Users group, or you must have been delegated the appropriate authority. Ensure that the AD RMS cluster can contact the Windows Live ID service To ensure that the AD RMS cluster can contact the Windows Live ID service: 1.Log on to the AD RMS server as the AD RMS service account. 2.ClickStart, point to All Programs, and then click Internet Explorer. 3.In the address bar, type http://certification.drm.microsoft.com, and then type ENTER. Check for connectivity to the Microsoft Activation service. To check for connectivity to the Microsoft Activation Service: 1.Log on to a client computer. 2.ClickStart, clickAll Programs, and then clickInternet Explorer. 3.In the address bar, type https://activation.drm.microsoft.com/activation/activation.asmx, and then press ENTER.If the URL resolves to a Web page with the title ActivationWebService Web Service, the activation URL is operating correctly. Ensure that the AD RMS cluster is available on the network To ensure that the AD RMS cluster is available on the network: 1.Log on to an AD RMS-enabled client computer. 2.ClickStart, point toAll Programs, point toMicrosoft Office, and then clickMicrosoft Office Word 2007. 3.In the new document typeThis is a test document. 4.Click theMicrosoft Office Start Button, point to Prepare, point toRestrict Permissions, and then clickRestricted Access. 5.Select theRestrict permissions to this document check box. 6.Type another AD RMS user's e-mail address in the Read box, and then click OK. 7.Send this file to the person who was granted access in step 6. 8.Have this person open the document and verify that he or she cannot do anything else with the document such as print it. |
| Reference Links | Event ID 219 from Source Active Directory Rights Management Services |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.