Just wanted to create a quick post to share an issue i had recently while on a customer site installing an AD RMS High Availability solution.
The solution had two AD RMS servers using a HLB for redundancy, both servers were installed and joined to the same RMS cluster with no problems. However when the HLB was introduced we couldn’t protect content. Also we couldn’t reach the certification cluster URL (https://ADRMS.yourdomain.com/_wmcs/certification/certification.asmx) IE would just time out eventually.
To cut a long story short after checking all the usual things such as SCP, connectivity, Load Balancer config, DNS etc. it turns out that AD RMS doesn’t like cookie encryption on the HLB! Once we disabled cookie encryption clients were getting load balanced as expected and able to protect content
(note: This particular HLB was F5 BIG-IP)