DOCUMENT:Q247814 06-AUG-2002 [exchange] TITLE :XADM: KMS Can't Grant V3 Certificates to Users with Long DNs PRODUCT :Microsoft Exchange PROD/VER::1.0,5.5 OPER/SYS: KEYWORDS:exc55 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Certificate Server version 1.0 - Microsoft Exchange Server, version 5.5 ------------------------------------------------------------------------------- SYMPTOMS ======== When using Key Management (KM) Server and Certificate Server to issue V3 certificates, some mailboxes may not be able to obtain a certificate. After submitting a security token from Microsoft Outlook, the following error message is returned: The message from the Microsoft Exchange Key Management Server could not be processed. Contact your administrator for a new security token, and set up advanced security again. Additionally, an event similar to the following is logged in the application log of the Exchange Server computer: Event ID: 5005 Source: MSExchangeKMS Description: Mailbox "o=Orgname, ou=Sitename, cn=Recipients, cn=Subcontainer1, cn=Subcontainer2, cn=Subcontainer3, cn=Mailbox" has failed being enabled or recovered. CAUSE ===== Certificate Server 1.0 enforces a 64-character limit on the Subject of a certificate. The Subject is a concatenation of each Relative Distinguished Name (RDN) within the Distinguished Name (DN). In the example above, the DN is "o=Orgname, ou=Sitename, cn=Recipients, cn=Subcontainer1, cn=Subcontainer2, cn=Subcontainer3, cn=Mailbox". The limit is placed on the concatenation of "Orgname, Sitename, Recipients, Subcontainer1, Subcontainer2, Subcontainer3, Mailbox", which is (7 + 8 + 10 + 13 + 13 + 13 + 7). This exceeds the 64-character limit, and therefore Certificate Server cannot generate a certificate for this mailbox. STATUS ====== Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. Additional query words: fail KMS ====================================================================== Keywords : exc55 Technology : kbExchangeSearch kbExchange550 kbZNotKeyword2 kbCertServSearch kbZNotKeyword3 kbCertServ100 Version : :1.0,5.5 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.