Exchange & Certificate Issue ( Digital ID name cannot be found by underlying security )

Posted on 2008-11-18
Medium Priority
Last Modified: 2012-05-05
Our network consist of roughly 400 workstations and our mail system is Exchange 2003.  We use the Microsoft certificates which are deployed using AD for Digital ID's and Encryption.

Our issue is that several people receive encrypted or digital signed emails and when they try to open the email they receive the following message:

"Your digital ID name cannot be found by the underlying security system"

I've checked the users Certificates and they have the ones from AD and I'm stumped so any help would be greatly appreciated.
Question by:FSYR
  • 2
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 22992428
Check the certificate on the message against the one in that pc's keystore. it is possible that the user has been issued two certificates (on two separate machines), and the received email is the "wrong" one for that machine.

Author Comment

ID: 22993995

Yes several of the users have been receiving different certs but about half using the same exact cert on all workstations.  I found one user that couldnt open my encrypted emails so I exported my certs and added them to her workstation and vice versa and she's still unable to open my emails.

Any suggestions?

LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 2000 total points
ID: 23003119
Hmm. you should be able to open your own emails if your cert is on the workstation (as you usually encrypt mails to yourself as well as the recipient) but really you need to verify the cert that the mail was sent to.

otherwise all I can think of is that there is an unsupported (on that workstation) cryptographic algo in that message.  you could try accessing using (for example) thunderbird and imap to see it that gives different results.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question