Microsoft KB Archive/278201

= OL: Exchange 2000 Account with Revoked Security Can Send and Receive E-mail =

Article ID: 278201

Article Last Modified on 7/28/2006

-

APPLIES TO


 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook 2000 Standard Edition

-



This article was previously published under Q278201



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When your Exchange mailbox account security has been revoked, you may still be able to send and receive signed e-mail. Also, the signature and certificate in your e-mail messages still show as being valid.



CAUSE
This behavior can occur because Exchange 2000 Server does not automatically replicate the Key Management (KM) server Certificate Revocation List (CRL).



RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this behavior, edit the appropriate registry key to enable the CRL:  In Microsoft Outlook, start Registry Editor (Regedt32.exe). Locate the PolicyFlags value under the following key in the registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\{7801ebd0-cf4b-11d0-851f-0060979387ea}

NOTE: The above registry key is one path; it has been wrapped for readability.

 On the Edit menu, click DWORD, type 0x00010000, and then click OK. Quit Registry Editor. In Windows Explorer, locate the Internet Explorer Temp folder, and then delete its contents. In Exchange 2000 Server, set the certificate authority to force the server to publish a list of revoked users.</li></ol>

Keywords: kbnetwork kbpolicy kbprb KB278201

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.