Publishing a Certificate to the GAL Issue.
Hello, I am having trouble with Domain users trying to publish their certs to the GAL. They get the error: "Microsoft Office Outlook cannot publish your certificates. The server may be offline or your certificates may be invalid. Contact
your administrator if the problem persists"
The security on the cert is set up this way:
SELF has READ WRITE and Enroll ( I am assuming that this is what should work for the user(s) )
Authenicated users have READ and ENROLL
Domain admins have READ WRITE and ENROLL
Enterprise Admins have READ WRITE AND ENROLL
If I add the user as a Domain Admin they can log off and back on then get into Outlok and they can publish fine. This doesnt seem to be a cert issue but maybe a Exchange 2007 permissions issue but I dont know where to look. Can someone steer
me in the correct direction?
Thanks
June 14th, 2010 9:26pm
Hi,
Wich version of Outlook do you use?
Did you do a migration recently?
I guess outlook 2007
Can you try to "Rebuild" the gal in EMC and than download it again to your Outlook (Tools - Send/Receive - Download Addressbook).
Try to go in online mode and renew the .ost file if possible before downloading the addressbook.
Greetzz,
Timmy
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2010 10:51am
Outlook 2007, and this a fresh install of Exchange 2007.
If I add the user as a domain admin that person can then publish his cert to the GAL. SO rebuilding the GAL wouldnt work right.... This seems to be a permissions issue right? I checked other domain users and they have the same error.
June 15th, 2010 3:45pm
Please describe the AD topology, how many GC exist in the environment? Are they all writable?
Is there any error event in the application log on the server or client?
The user account should have the following permissions on the SELF, please run “DsAcls”
to verify it:
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Personal Information
WRITE PROPERTY
READ PROPERTY
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Phone and Mail Options
WRITE PROPERTY
READ PROPERTY
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Web Information
WRITE PROPERTY
READ PROPERTY
Allow NT AUTHORITY\SELF SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow NT AUTHORITY\SELF Change Password
Allow NT AUTHORITY\SELF Send As
Allow NT AUTHORITY\SELF Receive AsJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2010 9:58am