Encrypted E-mail Messages Go Successfully to Untrusted Recipient but No Warning or Event Appears (282835)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Exchange 2000 Server
This article was previously published under Q282835

SYMPTOMS

When two Exchange 2000 servers belong to different Exchange organizations, and one server sends a Simple Mail Transfer Protocol (SMTP) message to the other server over a Secure Sockets Layer (SSL) SMTP connector, the message is sent successfully in the encrypted manner even though the other server is an untrusted recipient. No warning appears in Event Viewer.

CAUSE

This behavior can occur if the first server has an SSL certificate installed and the second server has an SMTP connector to the first server, using SSL/TLS. The certificate that is installed on the second server is issued by a third-party certificate authority that is not trusted by the first server. The name in the certificate on the second server (common name) does not match the name that the first server uses to refer to the second server.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later:
   Date        Time     Version         Size     File name
   ----------------------------------------------------------
   5/31/2001   03:31p   5.0.2195.3649   320,272  Aqueue.dll
   5/31/2001   03:31p   5.0.2195.3649    44,816  Fcachdll.dll
   5/31/2001   03:32p   5.0.2195.3651    434,44  Smtpsvc.dll

STATUS

Microsoft has confirmed that this is a problem in Windows 2000. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

When the first server sends an SMTP message to the second server over the SSL SMTP connector, the secured SMTP connection should not be established and the Event Log should display an error message that cites the Schannel.dll file as its source.

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Modification Type:MinorLast Reviewed:9/26/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbSecurity kbWin2000PreSP3Fix kbWin2000sp3fix KB282835
©2004 Microsoft Corporation. All rights reserved.