Microsoft KB Archive/291116

From BetaArchive Wiki
Knowledge Base


XADM: Exchange 2000 Setup Stops During Key Management Service Installation

Article ID: 291116

Article Last Modified on 2/27/2007


APPLIES TO

  • Microsoft Exchange 2000 Server Standard Edition


This article was previously published under Q291116

SYMPTOMS

After you have installed the Certificate Authority and Enrollment Agent (Computer), Exchange User, and Exchange Signature Only Certificate Templates, Exchange 2000 Setup stops during Key Management Service setup with the following error in the Exchange Server Setup Progress Log:

CAtomKMS::ScCreateAutoEnrollmentObject K:\admin\src\udog\exsetdata\components\kms\a_kms.cxx:564
Error code 0X80070005 (5): Access denied.

CAUSE

There are two possible causes:

  • Replication has not occurred or is not complete throughout Active Directory.
  • The account that you used to install the Certificate Authority is not the same account that you are using to install Exchange 2000. Therefore, the Exchange 2000 setup account that Key Management Service is using to set permissions on the Certificate Templates does not have access to them.


RESOLUTION

If the cause is attributed to replication latency, simply wait for replication to finish.

If the cause is attributed to separate accounts being used to install the Certificate Authority and Exchange 2000, then do the following:

  1. In Control Panel, double-click Administrative Tools, and then double-click Active Directory Sites and Services. On the View menu, click Show Services Node.
  2. Expand the Services node, expand the Public Key Services node, and then click the Certificate Templates object.
  3. Right-click the ExchangeUser Certificate Template, and then click Properties. On the Security tab, note the account that has Full Control to that template. Use that account to log on to the server. Grant the account that you are using for the Exchange 2000 installation Full Control to that template.
  4. Repeat the preceding steps for the ExchangeUserSignature and the MachineEnrollmentAgent templates.
  5. After you have changed the security settings on all of the templates, restart Certificate Services. Then restart the Key Management Service installation. There might be some replication latency for the security changes after you restart the Certificate services.


MORE INFORMATION

For additional information about installing a Public Key Certificate Authority, click the article number below to view the article in the Microsoft Knowledge Base:

231881 How to Install/Uninstall a Public Key Certificate Authority for Windows 2000


For additional information about installing Certificate Templates, click the article number below to view the article in the Microsoft Knowledge Base:

272280 XADM: Templates Error Message Installing the Exchange Key Management Service



Additional query words: kms exch2kp2w

Keywords: kberrmsg kbfix kbprb KB291116



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/291116&oldid=159192
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki