Article ID: 927463
Article Last Modified on 10/25/2007
APPLIES TO
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition
SYMPTOMS
When you try to send a digitally signed or encrypted e-mail message by using Microsoft Office Outlook Web Access, the message is not sent. Additionally, you receive one of the following error messages:
- Error message 1
- Error message 2
CAUSE
This issue occurs because the trusted root certification authority (CA) certificate or the intermediate CA certificate for the issuer of the digital ID that you are using is not installed on the Microsoft Exchange Server 2003 front-end servers and back-end servers that are used for Outlook Web Access.
RESOLUTION
To resolve this issue, use one of the following methods.
Method 1: Use a Group Policy configuration
Use a Group Policy configuration to distribute certificates that will be trusted by all member computers of the domain. For more information about how to add a trusted root CA to a Group Policy object, visit the following Microsoft Web site:
http://technet2.microsoft.com/WindowsServer/en/Library/4b7ea7f9-311a-479b-aecc-c856165b97c11033.mspx
Method 2: Manually install certificates
- Use an account that has Domain Administrator credentials to log on to the Exchange server that is used for Outlook Web Access.
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- Click Add.
- Click Certificates, and then click Add.
- Click My user account, and then click Finish.
- Click Add, click Computer account, click Next, and then click Finish.
- Click Close, and then click OK. The list of certificate categories for the local computer appears in the snap-in window.
- Expand Certificates - Current User, right-click Intermediate Certification Authorities, point to All Tasks, and then click Import.
- Use the wizard to import the file that you obtained from your CA.
- Expand Certificates - Local Computer, right-click Intermediate Certification Authorities, point to All Tasks, and then click Import.
- Use the wizard to import the file that you obtained from your CA.
- Repeat steps 9 through 12 for the trusted root CA certificate.
MORE INFORMATION
Exchange 2003 requires that you add the trust chain to the administrator account and to the local computer accounts. A trust chain can have more than one intermediate CA. After you add the trust chain, the certification path is available to Exchange Server. This allows for S/MIME to work successfully.
Additional query words: xadm OWA
Keywords: kbexchowa kberrmsg kbprb kbtshoot KB927463