When deploying to Azure, error in RightsManagementServices call RRS feed

  • Question

  • This works perfectly locally, but when I deploy to Azure, via an App Service or a VM, I get an object null reference error:

    at Microsoft.RightsManagementServices.Online.IdCrl.OrgIdNativeMethods.GetIdentityCrlDllPath()
       at Microsoft.RightsManagementServices.Online.IdCrl.OrgIdNativeMethods.Initialize()
       at Microsoft.RightsManagementServices.Online.Admin.PowerShell.AdminCommandBase..ctor()

    Looking through the modules list in Visual Studio on a working machine, I don't see any DLLs loading that don't already exist.

    Based on a decompilation, the error appears to occur when new OrgIdManager() is called in the base class, which is from Microsoft, named AdminCommandBase:

    namespace Microsoft.RightsManagementServices.Online.Admin.PowerShell
      public abstract class AdminCommandBase : AadrmCommandBase
        private readonly OrgIdManager _orgIdMgr = new OrgIdManager();

    Here's a snipped of the inheritance:

    internal class AzureActiveDirectoryRmsServiceClient : AdminCommandBase
        private const string StsSiteId = "";
        private const string UserSessionStateFqn = "Microsoft.RightsManagementServices.Online.Admin.PowerShell.UserSessionState";
        private const string DiscoveryServiceLocatorUrl = "";

    Any ideas from Microsoft on this one? I'm stumped for now. Is there something I can install on the Azure VM so this call works??

    Thanks in advance!


    Tuesday, October 17, 2017 12:31 PM

All replies

  • Looking a little closer I see a call to a registry entry. It seems to correlate to Microsoft Sign-In Assistant. However, I can't run that installer on Windows Server after a few tries. Any ideas?

             using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\MSOIdentityCRL"))
            return Path.Combine((string) registryKey.GetValue("TargetDir"), "msoidcli.dll");

    Tuesday, October 17, 2017 12:48 PM
  • Figured it out... here's what you need to do for that call to work in Azure:

    Install Microsoft Online Services Sign On Assistant:

    Then grant Everyone access to the Registry key:


    Local Machine:  Software\\Microsoft\\MSOIdentityCRL


    Then grant Everyone Read access to the folder in that key's TargetDir folder.


    And things start working. Well, that was fun :)

    I hope it helps someone else!

    • Proposed as answer by Barry Wang Wednesday, October 18, 2017 1:46 AM
    Tuesday, October 17, 2017 12:56 PM

  • @AuriRahimzadeh,

    It seems this is more related to Azure forum and I will recommend you post on related forum next time. By the way, to make your reasonable answer help others, please remember to mark the case so that other communities can search and find your answer more quickly.

    Best regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Wednesday, October 18, 2017 1:47 AM