Exchange server was 2013 and patched on a Windows 2012 R2 server
This issue was because the environment had an RMS server in the past that had been decommissioned. The Exchange server that was failing to use RMS was doing so because it already had machine certificates. The fix was to backup these cache files, and reboot the Exchange server, then the command passed and it rebuilt the cached files using the new RMS instance. Of course, the old instance was Type 1 Cryptographic mode, hence the mismatch error.
- On the impacted Exchange server, go to c:\ProgramData\Microsoft\DRM\Server (Server is a hidden folder, so you need to specify it)
- You will see SID's like below in there. I just moved both into a new subfolder for now. You can see an example of the content of these folders below as well.
- Reboot the Exchange server
- Re-test the Test-IRMConfiguration