RMS and user impersonation

[Baruch]

Hi all,

I'm developing an RMS aware application that can protectes office files
using the AD RMS SDK.
It all works fine, but I'm having some difficulties with user impersonation.

The impersonation succeeds, however when trying to activate the user, i get
an error that the machie needs activation even though it was activiated right
before.
Furthermore, event after activating the machine and than calling
DRMIsActivated with DRM_ACTIVATE_MACHINE, it returns
E_DRM_NEEDS_MACHINE_ACTIVATION.

I'm also creating the client session with the corect user id of the user
being impersonated.

I'm doing the impersonation using LognUser and ImpersonateLoggedOnUser:

/////////////////////////
HANDLE token;
BOOL res = LogonUser( L"MyUser",
L"MyDomain",
L"MyPassword",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&token ) );

if( S_OK == res )
{
res = ::ImpersonateLoggedOnUser( token ) );

if( S_OK == res )
{
//Continue here...
}
}

//////////////////////////

Without impersonation everyting works fine.
Do you know how exactly i can combine RMS and user impersonation?
From looking at Office applications suce as Word, it seems possible to
impersonate and restrict permission as other user.

Best regards,
Baruch

[Baruch]

Any input?