Microsoft KB Archive/282835

= Encrypted E-mail Messages Go Successfully to Untrusted Recipient but No Warning or Event Appears =

Article ID: 282835

Article Last Modified on 1/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q282835



SYMPTOMS
When two Exchange 2000 servers belong to different Exchange organizations, and one server sends a Simple Mail Transfer Protocol (SMTP) message to the other server over a Secure Sockets Layer (SSL) SMTP connector, the message is sent successfully in the encrypted manner even though the other server is an untrusted recipient. No warning appears in Event Viewer.



CAUSE
This behavior can occur if the first server has an SSL certificate installed and the second server has an SMTP connector to the first server, using SSL/TLS. The certificate that is installed on the second server is issued by a third-party certificate authority that is not trusted by the first server. The name in the certificate on the second server (common name) does not match the name that the first server uses to refer to the second server.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later:

  Date        Time     Version         Size     File name --  5/31/2001   03:31p   5.0.2195.3649   320,272  Aqueue.dll 5/31/2001  03:31p   5.0.2195.3649    44,816  Fcachdll.dll 5/31/2001  03:32p   5.0.2195.3651    434,44  Smtpsvc.dll



STATUS
Microsoft has confirmed that this is a problem in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 3.



MORE INFORMATION
When the first server sends an SMTP message to the second server over the SSL SMTP connector, the secured SMTP connection should not be established and the Event Log should display an error message that cites the Schannel.dll file as its source.

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Additional query words:

Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbwin2000sp3fix kbsecurity kbhotfixserver KB282835

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.