Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

apply policy to Microsoft Office documents

Avatar

Level 3

Hi,

    Is there anyone who protected Microsoft Office documents ? we met a big trouble when we protect Office Documents with Adobe LauchPad or java program to batch protect office documents , the problem is : it seems that all of the protections are successful , but when we try to open the protected office documents , it displays the error message :Access Denied , without poping out the authentication window sometime (just sometime ,not always),sometime it's ok .We have installed the office plug-in , Office 2007 . I think there must be some programs in the clients' PC conflicting with the plug-in , but it's really very strange .

   Any help or advice is welcome !

12 Replies

Avatar

Former Community Member

I have not seen this issue before...

Is there any kind of pattern that you can determine?

Is the problem related to a specific policy? 

Do the documents that cause the error message do so over and over or can the documents be opened sometimes? 

Does the error occur on any specific machines or random machines?

Thanks

Steve

Avatar

Level 3

Thanks a lot for your reply!

I find that each protected Office document can be opened on Win XP (office 2007 ), and every Office document protected one by one with Office plug-in can be opened very well , but when I secured the office documents with lauchpad or java program , this case will display .

On the same machine , same documents ,same OS ( Win 7) , the documents can be opened sometime , not over and over . sometime just display "Access denied " without popping out the authentication window .

In fact , we met this case on all the Win7 machines we tested .

Now , I think perhaps something wrong with lauchpad and java program protecting Office documents , because the documents protected one by one with the plug-in can work normally .

  The java code I copied from the API samples as followed :

  RMSecureDocumentResult secureResult = documentManager.protectDocument(inPDF, tobeProtectedFile.getName(), "Global Policy Set", "policyname", null, null,null);

And I secured documents with SOAP method , the URL is http://servername:port , not https://servername:securedport

ps , when I try to protect document with "https://servername:8443 ", I get the error message as followed :

com.adobe.edc.sdk.SDKException: Internal error. -- An error occured while performing this operation(error code bin: 1, hex: 0x1)
at com.adobe.edc.sdk.impl.ExceptionHandler$SDKExceptionTranslator.getSDKException(ExceptionHandler.java:128)
at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:450)
at com.adobe.edc.sdk.impl.ExceptionHandler.throwException(ExceptionHandler.java:397)
at com.adobe.livecycle.rightsmanagement.client.impl.scf.SCFConnection.protectDocument(SCFConnection.java:1064)
at com.adobe.livecycle.rightsmanagement.client.impl.DocumentManagerImpl.protectDocument(DocumentManagerImpl.java:146)
at com.zony.samples.adobe.rms.PolicyApplyer.encryptFile(PolicyApplyer.java:57)
at com.zony.samples.adobe.rms.PolicyApplyer.main(PolicyApplyer.java:23)
Caused by: ALC-DSC-000-000: com.adobe.idp.dsc.DSCRuntimeException: Internal error.
at com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapAxisDispatcher.throwExceptionHandler(SoapAxisDispatcher.java:211)
at com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapAxisDispatcher.doSend(SoapAxisDispatcher.java:129)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispatcher.java:66)
at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
at com.adobe.livecycle.rightsmanagement.client.impl.scf.SCFConnection.protectDocument(SCFConnection.java:1050)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapAxisDispatcher.doSend(SoapAxisDispatcher.java:127)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 16 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 27 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 32 more

Avatar

Level 3

Just addition: I tested with EJB mode , this case still exists .

Now , we have tested in : Win 7 + Office 2007 EN ; Win 7 (English lauguage package) + Office 2007 EN ; Win7 (English lauguage package ) + Office 2007 CN , all failed to open documents sometime .

Avatar

Former Community Member

You need to use SSL.  If you are receiveing errors, then I suspect that your configuration of SSL is flawed and will need to be corrected.  The Base URL configuration of the RM server must reference a secure URL (i.e. https://servername:secureport).

When SSL is configured correctly, you will be able to access the  https://yourservername:secureport URL from a browser with no security warnings.

To properly troubleshoot this issus, the SSL problem must be resolved first.

Regards

Steve

Avatar

Former Community Member

I performed some testing and I was not able to duplicate the problem you have reported.

Here is what I did...

Machine 1 - Windows 2003 Server 64bit, JBoss with SSL enabled, LiveCycle Rights Management ES2, LaunchPad ES2

Machine 2 - Windows XP Professional 32 bit, MS Office 2007, Adobe LiveCycle Rights Management ES2 Extension for Microsoft Office ver. 9.0.0.1, SSL Certificate from Machine 1 installed and trusted in Windows certificate store

Test 1

1) On Machine 2 (XP), I configured the RM Plugin to communicate with Machine 1 (running RM ES2)

2) On Machine 2 (XP), I opened Word 2007, created a new document and applied a policy "ForumTest" (using the RM Plugin) to the Word doc.

3) I was able to repeatedly open the protected Word doc and was prompted for the credentials each time

Test 2

1) On Machine 1 (2003), I applied the same policy ("ForumTest") to a Word doc using LaunchPad ES2

2) I copied the protected Word doc to Machine 2 (XP)

3) On Machine 2 (XP), I opened Word 2007 doc (protected using LaunchPad ES2) with MS Word 2007

4) I was able to repeatedly open the protected Word doc and was prompted for the credentials each time

This may not help you, but at least we know that everything should work.  I suspect that you problem may be related to the SSL configuration (or lack of it)

Regards
Steve

Avatar

Level 3

Hi Steve

    Thanks a lot for your help !

    But perhaps I did't emphasize that all the protected office documents can work normally on WinXP machines , but sometime do not work on WINDOWS 7 (JUST WINDOWS 7 OS ) .  the documents protected by the plug-in can be opened normally on all the platforms  include Windows 7 .

    And I've checked the Base URL of the RMS configuration , it is correct .

    If there is something different in the protection between the plug-in and the API or lanchpad , I think it's just the https and http .

    Would you like testing the protected document on Windows 7 , Office 2007 ?

    Thanks and Regards !

    Evan

Avatar

Level 3

The Error message is just like the following:

function(){return A.apply(null,[this].concat($A(arguments)))}

Avatar

Former Community Member

Evan

What is the exact version of the Plug-in that you are using?

Unfortunately, I do not have access to a 32bit Windows 7 machine (the plugin is not supported on Windows 7 64bit).

I would suggest that you log this issue with Adobe technical support so further testing can be performed.

Regards

Steve

Avatar

Level 3

Hi Steve ,

    The enterprise support has reproduced this case now , I think perhaps there is some bug with the plug-in on Windows 7 or there is some bug with ES2 - RMS . The enterprise support is consulting with escalation team for workaround/solution .

    Thanks a lot for your help !

Evan

Avatar

Former Community Member

Hi,

Have anyone encounter with the following Launchpad errors :

DSC Invocation Resulted in Error: class com.adobe.idp.DocumentError : java.net.UnknownHostException: adobe.ipsinfonomics.com : java.net.UnknownHostException: adobe.ipsinfonomics.com

I tried to policy protect a MS Word 2010 document as well as PDF document with Launchpad ES2. The file was uploaded and status shows processing. Thereafter, the error message occurs.

The problem started when we place the LC Server behind the firewall. We opened all the follow ports : 8080, 8443 that is used by LC server. I suspect it is the firewall that give the problem because before that, we didn't encounter the problem. Is the Launchpad using another port that we do not know off. There is little documentation or reference on this area for us to troubleshoot.

Any help?

Avatar

Level 3

I think you'd better to read the log of the application server and the event records in the console , perhaps there is some help . You can check whether there is events show that the office documents have been secured or not .

Avatar

Former Community Member

Boon Toh

Your question appears to be unrelated to the original problem that this thread was addressing.  I would suggest that you should start a new thread for your issue.

Regards

Steve