Hello, I am having trouble with Domain users trying to publish their certs to the GAL. They get the error: "Microsoft Office Outlook cannot publish your certificates. The server may be offline or your certificates may be invalid. Contact your administrator if the problem persists" The security on the cert is set up this way: SELF has READ WRITE and Enroll ( I am assuming that this is what should work for the user(s) ) Authenicated users have READ and ENROLL Domain admins have READ WRITE and ENROLL Enterprise Admins have READ WRITE AND ENROLL If I add the user as a Domain Admin they can log off and back on then get into Outlok and they can publish fine. This doesnt seem to be a cert issue but maybe a Exchange 2007 permissions issue but I dont know where to look. Can someone steer me in the correct direction? Thanks

Hi, Wich version of Outlook do you use? Did you do a migration recently? I guess outlook 2007 Can you try to "Rebuild" the gal in EMC and than download it again to your Outlook (Tools - Send/Receive - Download Addressbook). Try to go in online mode and renew the .ost file if possible before downloading the addressbook. Greetzz, Timmy

Outlook 2007, and this a fresh install of Exchange 2007. If I add the user as a domain admin that person can then publish his cert to the GAL. SO rebuilding the GAL wouldnt work right.... This seems to be a permissions issue right? I checked other domain users and they have the same error.

Please describe the AD topology, how many GC exist in the environment? Are they all writable? Is there any error event in the application log on the server or client? The user account should have the following permissions on the SELF, please run “DsAcls” to verify it: Allow NT AUTHORITY\SELF SPECIAL ACCESS for Personal Information WRITE PROPERTY READ PROPERTY Allow NT AUTHORITY\SELF SPECIAL ACCESS for Phone and Mail Options WRITE PROPERTY READ PROPERTY Allow NT AUTHORITY\SELF SPECIAL ACCESS for Web Information WRITE PROPERTY READ PROPERTY Allow NT AUTHORITY\SELF SPECIAL ACCESS READ PERMISSONS LIST CONTENTS READ PROPERTY LIST OBJECT Allow NT AUTHORITY\SELF Change Password Allow NT AUTHORITY\SELF Send As Allow NT AUTHORITY\SELF Receive AsJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com