Microsoft KB Archive/239551

= XCLN: Recovering Key Management Server Digital ID Password =

Article ID: 239551

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 5.0 Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q239551



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
This article describes what to do if a user is enrolled in advanced security, that user's security token is recovered, and the user cannot remember the digital ID password.



CAUSE
If you recover a user's security key in the Exchange Server Administrator program, it generates a new security token.

The user must take that new token, and in the Microsoft Outlook client, on the Tools menu, click Options, click Security, and then set up advanced security.

When the user enters the recovered security token, that user is prompted for a password. That password is used to safeguard the user's digital ID. If the user forgets the password that he or she entered during the initial setup of advanced security, the user cannot continue with advanced security setup. The user cannot recover the security key.



WORKAROUND
To work around this problem, you must rename a key in the registry.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 Start Registry Editor (Regedt32.exe). Locate the following key in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Microsoft Exchange Cryptographic Provider\ 

NOTE: This registry key is one path; it has been wrapped for readability. Rename the  part of the registry key. Quit Registry Editor.

The user must start the Outlook client, and on the Tools menu, click Options, click Security, and then set up advanced security.

When the user enters the recovered security key, that user is prompted to supply a password to safeguard the digital ID. This password is the user's new password for that digital ID. The user can set a new password and finish the recovery.

Additional query words: KMS

Keywords: kbprb KB239551

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.