PRB: Reinstalled Root CA and now cannot use KMS

PRB: Reinstalled Root CA and now cannot use KMS

Post by Vsevolod Ukrainsk » Fri, 31 Oct 2003 22:30:02


I use test environment to have some practice with Windows PKI and Exchange
2000 KMS. I installed Enterprise Root CA on my DC. Then I installed Exchange
2000 Server Enterprise Edition and successfully enrolled some of test users
into Exchnage email security.

One day back I reinstalled CA (read: I completely removed it and installed
again without backing up keys). Now I experience problems with Exchange
Advanced Security snap-in. It refuses to open properties for Key Manager.

I tried to enroll users with AD Users and Computers snap-in, but System
Attendant sent me "Reply from Security Authority", saying that "The message
from the Microsoft Exchange Key Management Server could not be processed.
Contact your administrator for a new security token, and set up advanced
security again."

I think that newly installed CA and KMS just lost each other. Now KMS
assumes that old CA is in use, checks for it and fails.

The question is: is there any way to either get those folks (CA+KMS)
acquainted again or simply reinstall Exchnage KMS?



1. Cannot send mail to or

We're running Exchange 2000 on Windows 2000 Server.  Mail
delivery was fine untill seven weeks ago.  All of a sudden
emails that were sent to any Bell-related domain were
being returned:

The foloowing reipients could not be reached:

Could not deliver the message in the time limit
specified.  Please retry or contact your admin...
< #4.4.7>

I found the Code Red II worm on the mail exchanger and
cleaned it out (I think).  Then I reapplied the W2K and
Exchange service packs and hotfixes.  The problem,
however, is still persisting.  Sending and receiving mail
from and to all other domains is fine.  We can even
receive mail from Bell-related domains but we just can
send TO a Bell domain. (e.g.

Our ISP is Look communications.  I've spoken with them and
with Sympatico regarding this and I'm waiting for a
definitive answer.

There are two possibilities in my mind: 1. It's an RBL
issue and we're list on some RBL that Bell subscribes to.  
And this black listing is causing a blockage.  2. The Code
Red II worm has mutated or another virus has exploited a
vulnerability that it created.

Am I on the right track?  Does anyone have any suggections
or guidance on this?  It would be very much appreciated.



2. Can anyone help?

3. W2K CA & E2K KMS

4. add user to a group using only the sAMAccountName only?

5. KMS with external CA

6. Undeliverable message to non-existant user

7. KMS Password for CA ?

8. mailbox <--> NT account

9. KMS service starts, but can't login to CA in Exchange Admin

10. Revoke Users in KMS - can't contact the CA

11. PRB: Cannot delete more messages at once

12. prb in creating mailbox (Cannot Save)

13. PRB : registring a COM object as a NT Service that uses CDO objects