KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q181450: XADM: Advanced Security Revocation Not Immediate

Article: Q181450
Product(s): Microsoft Exchange
Version(s): winnt:4.0,5.0,5.5
Operating System(s): 
Keyword(s): kbusage exc4 exc5 exc55
Last Modified: 31-OCT-1999

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Exchange Server, versions 4.0, 5.0, 5.5 
-------------------------------------------------------------------------------

SUMMARY
=======

When advanced security is revoked for a Microsoft Exchange user, the effect of
this on the user's ability to send sealed or signed messages is not immediate.

It can take up to 24 hours for all clients to become aware that advanced security
was revoked for the user.

MORE INFORMATION
================

When advanced security is revoked for a user, that user's certificate is added
to the Certificate Revocation List (CRL). For performance reasons and to enable
offline use, the CRL is cached on the client computer and expires every 24
hours. Therefore, it could take up to 24 hours for the clients to become aware
of the CRL change.

After clients are aware of the change to the CRL, they will not allow signed or
sealed messages to be sent to the user in question. The user in question also
will not be able to send signed or sealed messages.

If a user certificate has been compromised, it is recommended that the Microsoft
Exchange Administrator disable and then re-enable advanced security for the user
in question. This will generate a new token that should be given to the user.

If an administrator wants to remove security from a user permanently, for example
when an employee has left the company on bad terms, it may be better to delete
the mailbox.


Additional query words:

======================================================================
Keywords          : kbusage exc4 exc5 exc55 
Technology        : kbExchangeSearch kbExchange500 kbExchange550 kbExchange400 kbZNotKeyword2
Version           : winnt:4.0,5.0,5.5
Issue type        : kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.