KCA has problems publishing to Microsoft Exchange Server
Originally Published: 2004-07-15
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Microsoft Exchange Server 2000
Microsoft Windows XP
Microsoft Outlook 2000
Microsoft Active Directory
Issue
Enable KCA Publishing to Exchange Server/GAL
If user is located in cn=users, dc=na, dc=acme, dc=com, certificate does get published to user's GAL. If the user is located anywhere else such as cn=users, ou=pki, dc=na, dc=acme, dc=com it fails to post.
Cause
User not located in standard Microsoft Active Directory location of cn=users, dc=na, dc=acme, dc=com
Resolution
The ActiveX component (kcaoutlook.dll) responsible for publishing the Certificate to the Global Address List (GAL) does not have administrative rights that enables it to search for user locations in the Active Directory through the LDAP interface. Therefore, it assumes the publishing location is always CN=<user name>, CN=Users, <base dn>, where 'base dn' is created from the FQDN of the exchange server (e.g. if FQDN is server.company.com, base dn is DC=server,DC=company,DC=com).
Related Articles
RSA Governance & Lifecycle Exchange 2010 Connector Datasheet Number of Views Microsoft Exchange rejects all digital signatures Number of Views RSA Access Manager using Global Catalog having problems adding properties to users Number of Views RSA Governance & Lifecycle Exchange 2013 Powershell Connector Datasheet Number of Views Microsoft Exchange 2010 AFX Connector Enable-mailbox command fails with 'Value cannot be null' in RSA Identity Governance … Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
