XCLN: Recovering Key Management Server Digital ID Password (239551)


The information in this article applies to:

  • Microsoft Exchange Server 5.0
  • Microsoft Exchange Server 5.5
This article was previously published under Q239551
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

This article describes what to do if a user is enrolled in advanced security, that user's security token is recovered, and the user cannot remember the digital ID password.

CAUSE

If you recover a user's security key in the Exchange Server Administrator program, it generates a new security token.

The user must take that new token, and in the Microsoft Outlook client, on the Tools menu, click Options, click Security, and then set up advanced security.

When the user enters the recovered security token, that user is prompted for a password. That password is used to safeguard the user's digital ID. If the user forgets the password that he or she entered during the initial setup of advanced security, the user cannot continue with advanced security setup. The user cannot recover the security key.

WORKAROUND

To work around this problem, you must rename a key in the registry.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Start Registry Editor (Regedt32.exe).
  2. Locate the following key in the registry:

    HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Microsoft Exchange Cryptographic Provider\user name

    NOTE: This registry key is one path; it has been wrapped for readability.
  3. Rename the user name part of the registry key.
  4. Quit Registry Editor.
The user must start the Outlook client, and on the Tools menu, click Options, click Security, and then set up advanced security.

When the user enters the recovered security key, that user is prompted to supply a password to safeguard the digital ID. This password is the user's new password for that digital ID. The user can set a new password and finish the recovery.
Modification Type:MinorLast Reviewed:4/28/2005
Keywords:kbprb KB239551
©2004 Microsoft Corporation. All rights reserved.