Article ID: 263966
Article Last Modified on 2/27/2007
APPLIES TO
- Microsoft Exchange 2000 Server Standard Edition
This article was previously published under Q263966
SYMPTOMS
Exchange 2000 Server Key Management server (KM server) installation may not work and the following message may be displayed:
The component "Microsoft Exchange Key Management Service cannot be assigned the action "Install" because:
-At least one Enterprise Certificate Authority must be installed and have been configured to issue "Enrollment Agent (Computer)", "Exchange User", and "Exchange Signature Only" certificates
RESOLUTION
This article assumes that the Enterprise certification authority (CA) is already installed in the domain. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
231881 How to Install/Uninstall a Public Key Certificate Authority for Windows 2000
To resolve this issue if the Enterprise CA is already installed in the domain, add the appropriate policies:
- Add the Certificate Authority object snap-in. In Microsoft Management Console (MMC), click to expand the Certificate Authority object, and then click the server that you want to issue the certification to KM server (a subordinate CA is preferred).
- Navigate to the Policy Settings folder.
- Click Policy Settings, right-click it, click New, and then click Certificate to issue.
- A window that contains several icons is displayed (these are certificates that contain cogs). Select the following (to select more than one item, press and hold the CTRL key while you are selecting):
- Enrollment Agent (Computer)
- Exchange User
- Exchange Signature Only
- Click OK. The three icons that you selected should be displayed in the right pane when you select the Policy Settings folder.
- Quit Setup (the certification information is read during initialization).
- Install KM server (you may need to wait for the information to replicate between domain controllers).
Keywords: kbprb KB263966
