S/MIME OL2K3 fail to find recipient public key

[Pierre Bru]

HI,

I use OL2K3/SP2, Exch2K3/SP2 on a Win2K3 box. I started a CA on the
Win2K3 server, created and certificates for some users. these
certificates are correctly published in AD. I configured OL S/MIME

when a user want to sign a message, all works as expected, but when the
same user want to send an encrypted email to one of the other users
which have an AD-published certificate, OL tells me that it can not
encrypt the message as it find no information (public key?) for the
recipient.

where am I wrong ? how can I make OL get the public key from AD?

TIA,
Pierre.

 

[neo [mvp outlook]]

Did you just create/publish the s/mime certificates for these users and is
Outlook 2003 running cached mode? The reason that I ask is that if the
answer to this is yes, it could take up to 24 hours before you can send an
encrypted message. The reason why is that Outlook 2003 updates the offline
address book once every 24 hours, so it can take this long before the client
workstation has a copy of the recipients public key cached in the offline
address book.

/neo

PS - Another way to test is to turn off cached mode and see if you get the
same error message.

 

[Pierre]

the answers are yes and yes. so I will wait. thanks a lot

Pierre.

 

[Pierre]

neo [mvp outlook] wrote:
[...] The reason why is that Outlook 2003 updates the offline

address book once every 24 hours, so it can take this long before the client
workstation has a copy of the recipients public key cached in the offline
address book.

BTW, is there a way to have OL do it more than once a day ? I try to
rebuild the list on the server + ask OL to download modifications on
the list since the last update witout success :-/

Pierre;

 

[neo [mvp outlook]]

A rebuild off of the offline address book + force downloading the oab should
have netted you a success.

Did you go with an enterprise or standalone CA? If enterprise ca, did you
create new cert templates based on the existing ones?

neo [mvp outlook] wrote:
[...] The reason why is that Outlook 2003 updates the offline

address book once every 24 hours, so it can take this long before the
client
workstation has a copy of the recipients public key cached in the offline
address book.

BTW, is there a way to have OL do it more than once a day ? I try to
rebuild the list on the server + ask OL to download modifications on
the list since the last update witout success :-/

Pierre;

 

[Pierre]

enterprise CA. I created no new template. I created the certs with the
IIS service (http://CAhost/cersrv) asking for a user cert. I got a new
cert installed on my PC and published to the AD. I can sign w/o any pb
with this cert.

I will re-check tomorrow morning. (it's now 0:45 AM here...) maybe the
oab will be ok then.

Pierre.

 

[Pierre Bru]

enterprise CA. I created no new template. I created the certs with the
IIS service (http://CAhost/cersrv) asking for a user cert. I got a new
cert installed on my PC and published to the AD. I can sign w/o any pb
with this cert.

I will re-check tomorrow morning. (it's now 0:45 AM here...) maybe the
oab will be ok then.

it works now. I just had to wait. thanks for your help

Pierre.