XADM: Advanced Security Revocation Not Immediate (181450)
The information in this article applies to:
- Microsoft Exchange Server 4.0
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5
This article was previously published under Q181450 SUMMARY
When advanced security is revoked for a Microsoft Exchange user, the effect
of this on the user's ability to send sealed or signed messages is not
immediate.
It can take up to 24 hours for all clients to become aware that advanced
security was revoked for the user.
MORE INFORMATION
When advanced security is revoked for a user, that user's certificate is
added to the Certificate Revocation List (CRL). For performance reasons and
to enable offline use, the CRL is cached on the client computer and expires
every 24 hours. Therefore, it could take up to 24 hours for the clients to
become aware of the CRL change.
After clients are aware of the change to the CRL, they will not allow
signed or sealed messages to be sent to the user in question. The user in
question also will not be able to send signed or sealed messages.
If a user certificate has been compromised, it is recommended that the
Microsoft Exchange Administrator disable and then re-enable advanced
security for the user in question. This will generate a new token that
should be given to the user.
If an administrator wants to remove security from a user permanently, for
example when an employee has left the company on bad terms, it may be
better to delete the mailbox.
| Modification Type: | Minor | Last Reviewed: | 4/28/2005 |
|---|
| Keywords: | kbinfo kbusage KB181450 |
|---|
|