XADM: You Cannot Enroll In Exchange Server Security When You Click "Get a Digital ID" in Outlook (810376)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange Server 5.5

SYMPTOMS

When you try to enroll in Exchange 2000 Server security and obtain a digital ID in Microsoft Outlook, you may automatically be directed to a Certification Authority Web page in Microsoft Internet Explorer. The Get a Digital ID (Certificate) dialog box does not appear. As a result, you do not have the option to select the method that you want to obtain a digital ID.

CAUSE

This issue may occur if the value of the kMServer attribute of the site encryption object on the Exchange 2000 Server-based computer is not configured as the distinguished name of the Exchange Server 5.5-based Key Management (KM) server.

This issue may occur if your site includes a mixed environment of Exchange Server 5.5-based computers, Exchange 2000 Server-based computers, and you install KM server on an Exchange Server 5.5-based computer in the site. In this situation, the kMServer attribute is not configured correctly for the Encryption-Cfg object in the site.

RESOLUTION

To work around this issue, use ADSI Edit to set the kMServer attribute on the Encryption-Cfg object on the Exchange 2000 Server-based computer to the distinguished name (DN) of the Exchange Server 5.5-based KM server:
  1. Click Start, point to Programs, point to Windows 2000 Support Tools, and then click ADSI Edit.
  2. Locate the following Active Directory container:

    CN=Encryption, CN=Advanced Security, CN=YourAdministrativeGroup,CN=Administrative Groups, CN=YourOrganization, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=YourDomain, DC=com



    To locate this item, double-click each of the following objects to expand them:

    Configuration Container
    CN=Configuration
    CN=Services
    CN=Microsoft Exchange
    CN=YourOrganization
    CN=Administrative Groups
    CN=YourAdministrativeGroup
    CN=Advanced Security

  3. In the right pane, right-click CN=Encryption, click Properties, and then click Attributes.
  4. In the Select which properties to view box, click Both.
  5. In the Select a property to view box, click kMServer.
  6. In the Edit Attribute box, type the DN of the of the Exchange 5.5 Server-based KM server, and then click Set.

    Note The DN is the complete specification of a directory object. It specifies the name of the root or organization, the name of each parent directory, and the name of the directory object.
  7. Click OK, and then quit ADSI Edit.

MORE INFORMATION

ADSI Edit is included in the Microsoft Windows 2000 Support Tools.

For additional information about how to install the Windows 2000 Support Tools, click the following article number to view the article in the Microsoft Knowledge Base:

301423 How to Install the Windows 2000 Support Tools

Modification Type:MinorLast Reviewed:12/30/2003
Keywords:kbprb kbnofix kbBug KB810376
©2003 Microsoft Corporation. All rights reserved.