Microsoft KB Archive/927909

= Error message when you try to log on to Groove 2007: &quot;Certificate validation error for identity 'Identity Name'” =

Article ID: 927909

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Office Groove 2007

-



SYMPTOMS
When you try to log on to Microsoft Office Groove 2007, you receive the following error message:

Login Problem for

Certificate validation error for identity “ ”:

Note In this error message,  is a placeholder for one of the following messages:

Up-to-date revocation status for the identity’s certificate is unavailable.

The identity’s certificate has expired.

The identity’s certificate has been revoked.

The identity’s certificate does not match the identity’s Groove contact name.

The identity’s certificate no longer satisfies the current policy in regard to acceptable CA certificates.

The identity’s certificate no longer satisfies the current policy in regard to private key protection.

When you click OK, you are prompted to select an Identity Authentication Certificate. You cannot log on to Groove until you select a valid certificate.



CAUSE
This issue occurs because your Groove administrator deployed a security policy that requires that you sign your Groove identity by using certain certificates.

You cannot log on to Groove to access your identity and its associated workspaces and messages if one or more of the following conditions are true:
 * You have not signed your identity.
 * The certificate with which you previously signed your identity is no longer valid.
 * Groove cannot connect to the certification authority to validate the certificate.



RESOLUTION
To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Reconnect to the corporate network
If you have a valid certificate, but you have been away from your office or otherwise unable to connect to your corporate network for some time, Groove may be unable to check your certificate’s revocation status. In this case, Groove blocks access to your identity.

To resolve this issue, you must reconnect to your corporate network so that Groove can check the revocation status.

Method 2: Select a valid certificate
If you have connectivity to the certification authority, you received this error message because your identity does not have a valid certificate. To resolve this issue, select a certificate from the list that is displayed in the Select Identity Authentication Certificate dialog box.

To access the Select Identity Authentication Certificate dialog box, follow these steps:
 * 1) In Groove 2007, click Preferences on the Options menu.
 * 2) In the Preferences dialog box, click Change Identity Authentication Certificates on the Identities tab.

Method 3: Install a new certificate
If you do not have any valid certificates with which to sign your identity, the Select Identity Authentication Certificate dialog box displays the following message:

Groove did not find any certificates to attach to your identity.

If no certificates appear in the Select Identity Authentication Certificate dialog box, you have no current certificates that Groove can use. In this case, you must close the Groove logon dialog box, install a new certificate that meets the security requirements of the Groove domain, and then try to log on to your Groove account again.

When you do this, you receive the same error message. However, the newly installed certificate appears in the Select Identity Authentication Certificate dialog box.

To install a new certificate on the computer, follow these steps:
 * 1) Obtain a new certificate from your Groove domain administrator.
 * 2) Open Microsoft Internet Explorer.
 * 3) On the Tools menu, click Internet Options.
 * 4) Click the Content tab, and then click Certificates.
 * 5) Click Import, and then complete the Certificate Import Wizard. Provide the location of the certificate file.

Note In the Certificates dialog box, you see all the certificates that are available on the computer. Groove lets you use certificates for which the following conditions are true:
 * The certificate has not expired.
 * The “Issued To” name matches the name of your Groove identity.
 * The “Issued By” authority is one that is considered allowed by your Groove administrator.

Keywords: kberrmsg kbtshoot kbexpertiseinter kbprb KB927909

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.