KM is a touchy subject since nobody likes to troubleshoot the thing. I would think decrypting all messages would be a good idea, in case the KM server got hosed irrecoverably, so they wouldn't be lost forever in such a disaster.
I did find a step-by-step at http://216.239.51.100/search?q=cache:lHf3WLiKCVAC:www.microsoft.com/israel/s ervers/downloads/exchangeUG/KMS.ppt+KM+Upgrade+Exchange&hl=en&ie=UTF-8 (link probably wrapped several times) written by Amit Zinman, who's active on the E2K lists. An interesting final slide: "Exchange 2000 Upgrade Bug Exchange KMS upgrade does not support special characters ( ) * / \ % # $ ! + - in mailbox directory names represented in AD as the mslegacyexchangedn attribute KMS fails during startup to the service upgrade, gives Event ID 5029. This happens because LDAP queries to Active Directory are not escaped properly A patch has been written by Microsoft but is not official yet, and can be obtained by calling PSS." You got any of that going on? Maybe without the error getting registered, but still, any funky mailbox directory names? (:= -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of LSeltzer Sent: Tuesday, September 03, 2002 1:25 PM To: Exchange Discussions Cc: DGuillermo; VDelbene Subject: RE: Unable to convert 5.5 KM/Certificate encrypted messages to Ex ch2k Assuming no response means no one really has an answer? Just want to confirm. Archives show lots of upgrade issues, but not specifically this that I could find. Also, MS PSS can't even help! Was really hoping someone came across this. We're now doing a 'forklift' upgrade of the Exchange 5.5 and KM servers to see if that will work. So far, nothing. The database simply will not start. Any and all suggestions would be greatly appreciated. At present, we're going to have to find all encrypted messages, send them to a newly-created folder on each individual's mailbox, unencrypt them, and password-protect the folder. We'd really prefer not to have to do this. Larry Seltzer [EMAIL PROTECTED] -----Original Message----- From: LSeltzer Sent: Friday, August 23, 2002 11:26 AM To: Exchange Discussions Cc: DGuillermo; VDelbene Subject: Unable to convert 5.5 KM/Certificate encrypted messages to Exch2k I have a feeling this topic has been talked about, but I'm having lots of trouble searching the archives on SWYNK. Everything I'm returning is unrelated. Either/or, if this has been talked about, if anyone would be so kind as to reply to [EMAIL PROTECTED] and offer a way to search the archives, or if that is not the case, here is the issue: We are running Exchange 5.5 SP4 with KM server and Certificate Authority running on the same Windows 2000 server. We have thousands of encrypted messages that must upgrade with the server. Microsoft's PSS (2nd level) has the problem and seems stomped. We are attempting to do an 'in-place' upgrade from 5.5 to 2K, but when we perform the upgrade and copy the KMS database directory over, we're unable to start the KM Server Service. We're getting this: "Could not start the Microsoft Exchange Key Management Service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal Service error. If the problem persists, contact your system administrator." No events are generated by the error. Any suggestions? (applicable ones, that is...) Regards, Larry Seltzer [EMAIL PROTECTED] This e-mail is intended only for the addressee named above. This e-mail may contain confidential or privileged information. If you are not the named addressee, you are not authorized to retain, read, copy or disseminate this message or any part of it. In addition, you are hereby notified that any use, dissemination, distribution or reproduction of this communication is strictly prohibited. The sender of this message does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmission. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] This e-mail is intended only for the addressee named above. This e-mail may contain confidential or privileged information. If you are not the named addressee, you are not authorized to retain, read, copy or disseminate this message or any part of it. In addition, you are hereby notified that any use, dissemination, distribution or reproduction of this communication is strictly prohibited. The sender of this message does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmission. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
