XADM: "Unable to Create a Security Setting" Error Message When You Try to Publish Certificates (275679)

SYMPTOMS

After users enroll in Exchange Advanced Security, they submit tokens through Microsoft Outlook. When you try to open the resulting e-mail message to obtain the certificate, the Outlook client tries to publish the certificate to the directory, and you receive the following error message:

Unable to create a Security Setting. Please request a new Security Token and try again.

NOTE: There is no associated event ID message logged after you receive this error message.

CAUSE

This problem occurs because there is no global catalog server available in the Outlook user's domain. A global catalog server must exist in the same domain as the Key Management server and in the user's domain, or the client cannot publish certificates to the directory.

RESOLUTION

To resolve this problem, make sure that at least one global catalog server exists in the KM server's local domain and in the user's local domain.

Additionally, if the user is in a different domain than the KM server, set the following registry entry on every client computer so that clients can publish to the global catalog server. To do so, follow these steps:

Click Start, and then click Run.
In the Open box, type regedit.
Locate the following registry key: HKEY_Local_Machine\Software\Microsoft\Exchange\Exchange Provider

NOTE: This registry key applies to Outlook 98 SR1 and Outlook 2000 SR1 (and earlier). If you use a more recent version of Outlook, replace HKEY_Local_Machine with HKEY_Current_User.
Right-click Exchange Provider, point to New, and then click String Value.
Type ds server, and then press ENTER.
Right-click ds server, and then click Modify.
In the Value data box, type name of the global catalog server.

XADM: "Unable to Create a Security Setting" Error Message When You Try to Publish Certificates (275679)

SYMPTOMS

CAUSE

RESOLUTION

STATUS

MORE INFORMATION