Microsoft KB Archive/810376

= XADM: You Cannot Enroll In Exchange Server Security When You Click &quot;Get a Digital ID&quot; in Outlook =

Article ID: 810376

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft Exchange Server 5.5 Standard Edition

-



SYMPTOMS
When you try to enroll in Exchange 2000 Server security and obtain a digital ID in Microsoft Outlook, you may automatically be directed to a Certification Authority Web page in Microsoft Internet Explorer. The Get a Digital ID (Certificate) dialog box does not appear. As a result, you do not have the option to select the method that you want to obtain a digital ID.



CAUSE
This issue may occur if the value of the kMServer attribute of the site encryption object on the Exchange 2000 Server-based computer is not configured as the distinguished name of the Exchange Server 5.5-based Key Management (KM) server.

This issue may occur if your site includes a mixed environment of Exchange Server 5.5-based computers, Exchange 2000 Server-based computers, and you install KM server on an Exchange Server 5.5-based computer in the site. In this situation, the kMServer attribute is not configured correctly for the Encryption-Cfg object in the site.



RESOLUTION
To work around this issue, use ADSI Edit to set the kMServer attribute on the Encryption-Cfg object on the Exchange 2000 Server-based computer to the distinguished name (DN) of the Exchange Server 5.5-based KM server:  Click Start, point to Programs, point to Windows 2000 Support Tools, and then click ADSI Edit. Locate the following Active Directory container:

CN=Encryption, CN=Advanced Security, CN= ,CN=Administrative Groups, CN=, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC= , DC=com

To locate this item, double-click each of the following objects to expand them:

'''Configuration Container

CN=Configuration

CN=Services

CN=Microsoft Exchange

CN=

CN=Administrative Groups

CN=

CN=Advanced Security'''

 In the right pane, right-click CN=Encryption, click Properties, and then click Attributes. In the Select which properties to view box, click Both. In the Select a property to view box, click kMServer. In the Edit Attribute box, type the DN of the of the Exchange 5.5 Server-based KM server, and then click Set.

Note The DN is the complete specification of a directory object. It specifies the name of the root or organization, the name of each parent directory, and the name of the directory object. Click OK, and then quit ADSI Edit.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
ADSI Edit is included in the Microsoft Windows 2000 Support Tools.

For additional information about how to install the Windows 2000 Support Tools, click the following article number to view the article in the Microsoft Knowledge Base:

301423 How to Install the Windows 2000 Support Tools

Keywords: kbprb kbnofix kbbug KB810376

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.