|
Home > Archive > microsoft.public.exchange2000.admin > August 2002 > Encryption keys
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Victor Del Bene 2002-07-31, 2:25 pm |
| We recently migrated from Exchange 5.5 SP4 to Exchange 2000. Our users
run Outlook 2000 and the Server is running Exchange 2000 SP2. We
installed Exchange 2000 on a brand new server and migrated the mailboxes
using a Third party utility. We created a new Organization when we ran
Forestprep and didn't join the Existing 5.5 Org.
When we had Exchange 5.5 SP3, we had Key Management Server issuing V3 certs
installed on an NT 4.0 SP6 Server and Certificate Authority installed on
another NT 4.0 server, which we are going to upgrade to 2000.
When we migrated the users to Exchange 2000, we installed Certificate
Services and Key Management Server also issuing V3 certificated on the new
machine with Exchange 2000 and when we Security Enabled the users and tested
to see if they could read their own encrypted e-mails, they got the message,
"Your Digital ID cannot be found by the underlying security system."
I wanted to know how I would get the users to read their old encrypted
e-mails. Do I need to have the same certificate server for this or do I
need to restore the old KMSdata directory to the new Exchange Server or
both?. Any information would be extremely appreciated.
Thanks so much.
-Victor
| |
| Nino Bilic [MS] 2002-07-31, 11:25 pm |
| You need to export user's security keys on Exchange 5.5 server and then
import them on your Exchange 2000. They need that or otherwise they will
never be able to read that old encrypted e-mail.
--
Nino Bilic
Exchange Support
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do NOT reply to this e-mail address. It is used for newsgroup
purposes only.
"Victor Del Bene" <vdelbene@ivyasset.com> wrote in message
news:eQ6qHfMOCHA.1748@tkmsftngp10...
> We recently migrated from Exchange 5.5 SP4 to Exchange 2000. Our users
> run Outlook 2000 and the Server is running Exchange 2000 SP2. We
> installed Exchange 2000 on a brand new server and migrated the mailboxes
> using a Third party utility. We created a new Organization when we ran
> Forestprep and didn't join the Existing 5.5 Org.
>
> When we had Exchange 5.5 SP3, we had Key Management Server issuing V3
certs
> installed on an NT 4.0 SP6 Server and Certificate Authority installed on
> another NT 4.0 server, which we are going to upgrade to 2000.
>
> When we migrated the users to Exchange 2000, we installed Certificate
> Services and Key Management Server also issuing V3 certificated on the new
> machine with Exchange 2000 and when we Security Enabled the users and
tested
> to see if they could read their own encrypted e-mails, they got the
message,
> "Your Digital ID cannot be found by the underlying security system."
>
> I wanted to know how I would get the users to read their old encrypted
> e-mails. Do I need to have the same certificate server for this or do I
> need to restore the old KMSdata directory to the new Exchange Server or
> both?. Any information would be extremely appreciated.
>
> Thanks so much.
> -Victor
>
>
>
>
| |
| Victor Del Bene 2002-08-01, 8:25 am |
| Thanks so much for the information. But won't those encryption keys point
to the Old Exchange 5.5 server name and not the new Exchange 2000 server and
new name that uses Exchange 2000 KMS and CA? So I don't have to use the
same certificate server or restore the previous KMS data from Exchange 5.5?
If that's all it is from what you said, do I need to security-enable the
users first or just import the keys? The users were already
security-enabled from Exchange 5.5 or do I need to security-enable them with
the new KMS for Exchange 2000?
Thanks.
-Victor
"Nino Bilic [MS]" <ninob@online.microsoft.com> wrote in message
news:u6wzLoROCHA.1724@tkmsftngp10...
> You need to export user's security keys on Exchange 5.5 server and then
> import them on your Exchange 2000. They need that or otherwise they will
> never be able to read that old encrypted e-mail.
>
> --
> Nino Bilic
> Exchange Support
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> Please do NOT reply to this e-mail address. It is used for newsgroup
> purposes only.
> "Victor Del Bene" <vdelbene@ivyasset.com> wrote in message
> news:eQ6qHfMOCHA.1748@tkmsftngp10...
> > We recently migrated from Exchange 5.5 SP4 to Exchange 2000. Our users
> > run Outlook 2000 and the Server is running Exchange 2000 SP2. We
> > installed Exchange 2000 on a brand new server and migrated the mailboxes
> > using a Third party utility. We created a new Organization when we ran
> > Forestprep and didn't join the Existing 5.5 Org.
> >
> > When we had Exchange 5.5 SP3, we had Key Management Server issuing V3
> certs
> > installed on an NT 4.0 SP6 Server and Certificate Authority installed on
> > another NT 4.0 server, which we are going to upgrade to 2000.
> >
> > When we migrated the users to Exchange 2000, we installed Certificate
> > Services and Key Management Server also issuing V3 certificated on the
new
> > machine with Exchange 2000 and when we Security Enabled the users and
> tested
> > to see if they could read their own encrypted e-mails, they got the
> message,
> > "Your Digital ID cannot be found by the underlying security system."
> >
> > I wanted to know how I would get the users to read their old encrypted
> > e-mails. Do I need to have the same certificate server for this or do I
> > need to restore the old KMSdata directory to the new Exchange Server or
> > both?. Any information would be extremely appreciated.
> >
> > Thanks so much.
> > -Victor
> >
> >
> >
> >
>
>
|
|
|
|
|