Archived from groups: microsoft.public.win2000.security (More info?)
Recently one of my clients email encryption expired and when we tried
to renew her certificate we get the standard error "The message from
the Microsoft Exchange Key Management Server could not be processed.
Contact your administrator for a new security token, and set up
advanced security again." I have tried to enroll other accounts and
they all get the same message if they are new or current users. We did
have this problem in the past and it was related to the CA having an
expired cert. I checked this and the cert is fine and I even renewed
it to be safe.
I get the error below in the app log of the Exchange/KMS server with
and event ID: 5005 with a source of MSExchangeKMS when trying to
enable Advanced Security. (this is a brand new test account I have
created)
Mailbox "o=xxxxxx, ou=xxxxxx, cn=recipients, cn=testuser" has failed
being enabled or recovered.
And I get the error below on the CA event ID: 21 source of CertSvc.
Certificate Services could not process request 1148 due to an error: A
certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider. 0x800b0112
(-2146762478). The request was for CN=testuser, CN=recipients,
OU=xxxxxx, O=xxxxxx.
I was able to renew another CA from the main CA that the KMS talks to
and I can renew certs for websites on our internal network... just the
exchange that is giving us problems...
Any help you could provide would be greatly appreciated.
microsoft.public.security.crypto
microsoft.public.exchange2000.admin
microsoft.public.exchange2000.general
Recently one of my clients email encryption expired and when we tried
to renew her certificate we get the standard error "The message from
the Microsoft Exchange Key Management Server could not be processed.
Contact your administrator for a new security token, and set up
advanced security again." I have tried to enroll other accounts and
they all get the same message if they are new or current users. We did
have this problem in the past and it was related to the CA having an
expired cert. I checked this and the cert is fine and I even renewed
it to be safe.
I get the error below in the app log of the Exchange/KMS server with
and event ID: 5005 with a source of MSExchangeKMS when trying to
enable Advanced Security. (this is a brand new test account I have
created)
Mailbox "o=xxxxxx, ou=xxxxxx, cn=recipients, cn=testuser" has failed
being enabled or recovered.
And I get the error below on the CA event ID: 21 source of CertSvc.
Certificate Services could not process request 1148 due to an error: A
certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider. 0x800b0112
(-2146762478). The request was for CN=testuser, CN=recipients,
OU=xxxxxx, O=xxxxxx.
I was able to renew another CA from the main CA that the KMS talks to
and I can renew certs for websites on our internal network... just the
exchange that is giving us problems...
Any help you could provide would be greatly appreciated.
microsoft.public.security.crypto
microsoft.public.exchange2000.admin
microsoft.public.exchange2000.general
Facebook
Twitter
Instagram