KCA has problems publishing to Microsoft Exchange Server
Originally Published: 2004-07-15
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Microsoft Exchange Server 2000
Microsoft Windows XP
Microsoft Outlook 2000
Microsoft Active Directory
Issue
Enable KCA Publishing to Exchange Server/GAL
If user is located in cn=users, dc=na, dc=acme, dc=com, certificate does get published to user's GAL. If the user is located anywhere else such as cn=users, ou=pki, dc=na, dc=acme, dc=com it fails to post.
Cause
User not located in standard Microsoft Active Directory location of cn=users, dc=na, dc=acme, dc=com
Resolution
The ActiveX component (kcaoutlook.dll) responsible for publishing the Certificate to the Global Address List (GAL) does not have administrative rights that enables it to search for user locations in the Active Directory through the LDAP interface. Therefore, it assumes the publishing location is always CN=<user name>, CN=Users, <base dn>, where 'base dn' is created from the FQDN of the exchange server (e.g. if FQDN is server.company.com, base dn is DC=server,DC=company,DC=com).
Related Articles
RSA Governance & Lifecycle Exchange 2010 Connector Datasheet Number of Views Microsoft Exchange rejects all digital signatures Number of Views The Evolution of CAS in Exchange Server versions Number of Views RSA Governance & Lifecycle Exchange 2013 Powershell Connector Datasheet Number of Views RSA Governance & Lifecycle Integration: Microsoft Exchange Summary Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
