Secure Password Authentication Issue?

Larry · Joined: 05 Aug 2007 Posts: 2

I have a 2000 exchange server, and I'm trying to setup
Secure Password Authentication (SSL) on my POP3. I have a
CA (Certificate Authority) and Key Manager installed in my
domain. I am able to use Secure Password Authentication
when setting up my pop3 account within my domain, but not
outside. I am able to connect to the pop3 outside my
domain without SPA. Any suggestions, possibly a port
issue?

Archived from group: microsoft>public>exchange2000>kms

Evan Dodds [MSFT] · Joined: 05 Aug 2007 Posts: 21

Larry -

Not sure how this ties into KMS (which issues user certificates, not server
certificates). Your POP3 server certificate would have come directly from
the CA without KMS being involved...

If it works from within the network and not from outside the network, what's
different? Are you connecting to FQDN from outside the network but to
netbios (short)name when inside the network? The certificate principle will
be based on one of these two, most likely, and won't accept the other.

--
Evan Dodds
Microsoft Exchange Support

****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.

Note: Please do not reply to this e-mail address. It is used for newsgroup
purposes only.

"Larry" wrote in message$2639b8d0$a101280a@phx.gbl...
> I have a 2000 exchange server, and I'm trying to setup
> Secure Password Authentication (SSL) on my POP3. I have a
> CA (Certificate Authority) and Key Manager installed in my
> domain. I am able to use Secure Password Authentication
> when setting up my pop3 account within my domain, but not
> outside. I am able to connect to the pop3 outside my
> domain without SPA. Any suggestions, possibly a port
> issue?

Larry · Joined: 05 Aug 2007 Posts: 2

I was under the impression that KMS was needed for
authentication.
Anyhow, I am using a FQDN inside and out the domain.
Although I only have it setup inside the domain to test.
>-----Original Message-----
>Larry -
>
>Not sure how this ties into KMS (which issues user
certificates, not server
>certificates). Your POP3 server certificate would have
come directly from
>the CA without KMS being involved...
>
>If it works from within the network and not from outside
the network, what's
>different? Are you connecting to FQDN from outside the
network but to
>netbios (short)name when inside the network? The
certificate principle will
>be based on one of these two, most likely, and won't
accept the other.
>
>--
>Evan Dodds
>Microsoft Exchange Support
>
>****** Disclaimer ******
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>Note: Please do not reply to this e-mail address. It is
used for newsgroup
>purposes only.
>
>"Larry" wrote in
message
>$2639b8d0$a101280a@phx.gbl...
>> I have a 2000 exchange server, and I'm trying to setup
>> Secure Password Authentication (SSL) on my POP3. I have
a
>> CA (Certificate Authority) and Key Manager installed in
my
>> domain. I am able to use Secure Password Authentication
>> when setting up my pop3 account within my domain, but
not
>> outside. I am able to connect to the pop3 outside my
>> domain without SPA. Any suggestions, possibly a port
>> issue?
>
>
>.
>

Evan Dodds [MSFT] · Joined: 05 Aug 2007 Posts: 21

Larry -

KMS is just used to manage the issuance and archival of mailbox/user
certificates for signing and encrypting email. For server certs like you
would require for HTTPS SSL, SMTP TLS, etc you need a slightly different
certificate which KMS will not issue.

For clarification -- when you say "inside the domain" and "outside the
domain", do you mean on your network vs outside of your network? Or do you
mean "domain-joined machines" vs "non-domain-joined machines"?

--
Evan Dodds
Microsoft Exchange Support

****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.

Note: Please do not reply to this e-mail address. It is used for newsgroup
purposes only.

"Larry" wrote in message$229189a0$a501280a@phx.gbl...
> I was under the impression that KMS was needed for
> authentication.
> Anyhow, I am using a FQDN inside and out the domain.
> Although I only have it setup inside the domain to test.
> >-----Original Message-----
> >Larry -
> >
> >Not sure how this ties into KMS (which issues user
> certificates, not server
> >certificates). Your POP3 server certificate would have
> come directly from
> >the CA without KMS being involved...
> >
> >If it works from within the network and not from outside
> the network, what's
> >different? Are you connecting to FQDN from outside the
> network but to
> >netbios (short)name when inside the network? The
> certificate principle will
> >be based on one of these two, most likely, and won't
> accept the other.
> >
> >--
> >Evan Dodds
> >Microsoft Exchange Support
> >
> >****** Disclaimer ******
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >Note: Please do not reply to this e-mail address. It is
> used for newsgroup
> >purposes only.
> >
> >"Larry" wrote in
> message
> >$2639b8d0$a101280a@phx.gbl...
> >> I have a 2000 exchange server, and I'm trying to setup
> >> Secure Password Authentication (SSL) on my POP3. I have
> a
> >> CA (Certificate Authority) and Key Manager installed in
> my
> >> domain. I am able to use Secure Password Authentication
> >> when setting up my pop3 account within my domain, but
> not
> >> outside. I am able to connect to the pop3 outside my
> >> domain without SPA. Any suggestions, possibly a port
> >> issue?
> >
> >
> >.
> >

anonymous · Joined: 06 Aug 2007 Posts: 1

stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk
stuart.reece@infovision.co.uk

>-----Original Message-----
>Larry -
>
>KMS is just used to manage the issuance and archival of
mailbox/user
>certificates for signing and encrypting email. For
server certs like you
>would require for HTTPS SSL, SMTP TLS, etc you need a
slightly different
>certificate which KMS will not issue.
>
>For clarification -- when you say "inside the domain"
and "outside the
>domain", do you mean on your network vs outside of your
network? Or do you
>mean "domain-joined machines" vs "non-domain-joined
machines"?
>
>--
>Evan Dodds
>Microsoft Exchange Support
>
>****** Disclaimer ******
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>Note: Please do not reply to this e-mail address. It is
used for newsgroup
>purposes only.
>
>"Larry" wrote in
message
>$229189a0$a501280a@phx.gbl...
>> I was under the impression that KMS was needed for
>> authentication.
>> Anyhow, I am using a FQDN inside and out the domain.
>> Although I only have it setup inside the domain to
test.
>> >-----Original Message-----
>> >Larry -
>> >
>> >Not sure how this ties into KMS (which issues user
>> certificates, not server
>> >certificates). Your POP3 server certificate would have
>> come directly from
>> >the CA without KMS being involved...
>> >
>> >If it works from within the network and not from
outside
>> the network, what's
>> >different? Are you connecting to FQDN from outside the
>> network but to
>> >netbios (short)name when inside the network? The
>> certificate principle will
>> >be based on one of these two, most likely, and won't
>> accept the other.
>> >
>> >--
>> >Evan Dodds
>> >Microsoft Exchange Support
>> >
>> >****** Disclaimer ******
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> >
>> >Note: Please do not reply to this e-mail address. It
is
>> used for newsgroup
>> >purposes only.
>> >
>> >"Larry" wrote in
>> message
>> >$2639b8d0$a101280a@phx.gbl...
>> >> I have a 2000 exchange server, and I'm trying to
setup
>> >> Secure Password Authentication (SSL) on my POP3. I
have
>> a
>> >> CA (Certificate Authority) and Key Manager
installed in
>> my
>> >> domain. I am able to use Secure Password
Authentication
>> >> when setting up my pop3 account within my domain,
but
>> not
>> >> outside. I am able to connect to the pop3 outside my
>> >> domain without SPA. Any suggestions, possibly a port
>> >> issue?
>> >
>> >
>> >.
>> >
>
>
>.
>

KMS password must have been reset I had a problem with KMS after upgrading to Windows 2000 sp4. I began getting event id: 5085 and event ID: 614 which points to a corrupts KMS Database. I followed the instructions on Article #818952 but now can not start the KMS service to what appears to

password invalid I have a user who has forgotten her password for her digital ID. Normally when this happens, I retrive the digital ID and re-setup the user and everything's happy. On this user, however, when I go to setup the new password, it tells me password invalid a

KMS Password expired? How do I reset this? I had some trouble with certificate services which I resolved by reinstalling certificate services. Now I can not login to KMS. I have never changed the KMS password I simply left it as "password". But now that password does not allow me access to the

Exchange 2000 Digital ID Subscription - Invalid Password In setting up a user for a digital ID supplied from the Exchange server, when entering the temporary security token from System Attendant and entering a password when prompted the user receiveds a "invalid password" error. Have tried password as the passw

KMS Password error. IHello, I need to be able to send email with a Certificate of Authority between my Exchange 2000 clients and a Groupwise clients. My plan was to install Key management service on my Exchange 2000, which I have done. I already have a Root Certificate serv