KCA has problems publishing to Microsoft Exchange Server
Originally Published: 2004-07-15
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Microsoft Exchange Server 2000
Microsoft Windows XP
Microsoft Outlook 2000
Microsoft Active Directory
Issue
Enable KCA Publishing to Exchange Server/GAL
If user is located in cn=users, dc=na, dc=acme, dc=com, certificate does get published to user's GAL. If the user is located anywhere else such as cn=users, ou=pki, dc=na, dc=acme, dc=com it fails to post.
Cause
User not located in standard Microsoft Active Directory location of cn=users, dc=na, dc=acme, dc=com
Resolution
The ActiveX component (kcaoutlook.dll) responsible for publishing the Certificate to the Global Address List (GAL) does not have administrative rights that enables it to search for user locations in the Active Directory through the LDAP interface. Therefore, it assumes the publishing location is always CN=<user name>, CN=Users, <base dn>, where 'base dn' is created from the FQDN of the exchange server (e.g. if FQDN is server.company.com, base dn is DC=server,DC=company,DC=com).
Related Articles
RSA Governance & Lifecycle Exchange 2007 Connector Datasheet Number of Views RSA Governance & Lifecycle Exchange 2013 Connector Datasheet Number of Views Microsoft Exchange Management Console/PowerShell error with RSA Authentication Agent 8.0 for Web for IIS Number of Views RSA Access Manager using Global Catalog having problems adding properties to users Number of Views RSA Governance & Lifecycle Exchange 2007 Powershell Connector Datasheet Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
