I've been running through the steps to set up a pre-production environment for AD RMS. Yesterday I got to the application manifest step. The Creating an Application Manifest Topic states:

"An application manifest is a self-generated certificate. You create it by supplying a plaintext manifest configuration file to the Genmanifest.exe program included with the SDK."

First, I created a manifest configuration file (.mcf) that contains content like the following:

AUTO-GUID

"C:\\Program Files\\Microsoft SDKs\\Windows\\v6.0\\Bin\\isvtier5appsigningprivkey.dat"

MODULELIST
    REQ HASH "C:\\development\\firstapp.exe"
    REQ NOHASH "C:\\Windows\\system32\\msdrm.dll"

POLICYLIST
    INCLUSION
        PUBLICKEY "C:\\Program Files\\Microsoft SDKs\\Windows\\v6.0\\Bin\\isvtier5appsigningpubkey.dat"
    EXCLUSION

Once I had this .mcf file created, I ran the genmanifest utility, passing in the name of my .mcf file, with the following command: genmanifest -chain isvtier5appsignsdk_client.xml genman_config.mcf manifest_out.xml

It didn't work the first time (I can't remember the exact error at the moment). I figured this was because I had not created "firstapp.exe" mentioned in the .mcf. This indeed was the case. When I changed the .exe name to an existing .exe on my machine, it worked. So, just a tip - create the .exe before you create the manifest. I probably should have known this, but hey, I'm a newbie.