000026010 - KCA has problems publishing to Microsoft Exchange Server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026010
Applies ToKeon Certificate Authority 6.0.2
Microsoft Windows 2000 Server SP4
Microsoft Exchange Server 2000
Microsoft Windows XP
Microsoft Outlook 2000
Microsoft Active Directory
IssueKCA has problems publishing to Microsoft Exchange Server
Enable KCA Publishing to Exchange Server/GAL
If user is located in cn=users, dc=na, dc=acme, dc=com, certificate does get published to user's GAL. If the user is located anywhere else such as cn=users, ou=pki, dc=na, dc=acme, dc=com it fails to post.
User not located in standard Microsoft Active Directory location of cn=users, dc=na, dc=acme, dc=com
ResolutionUsing multiple locations for User records in Active Directory is currently not supported with Microsoft Exchange/Outlook integration in RSA Keon CA.

The ActiveX component (kcaoutlook.dll) responsible for publishing the Certificate to the Global Address List (GAL) does not have administrative rights that enables it to search for user locations in the Active Directory through the LDAP interface. Therefore, it assumes the publishing location is always CN=<user name>, CN=Users, <base dn>, where 'base dn' is created from the FQDN of the exchange server (e.g. if FQDN is server.company.com, base dn is DC=server,DC=company,DC=com).
Legacy Article IDa22266