Article ID: 202366
This article was previously published under Q202366
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
Outlook 98 does not read certificates created by Microsoft Certificate Server. Outlook 98 is sensitive to the contents of the KeyUsages field. Specifically, if either KeyEncipherment or DigitalSignature is used, then both must be set.
The default policy module shipped with the Windows NT Option Pack only sets KeyEnchipherment and not DigitalSignature. Therefore, Outlook 98 does not read certificates created by Certificate Server running the default policy module.
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/152734/EN-US/ )How to Obtain the Latest Windows NT 4.0 Service Pack
You can also work around this issue by modifying the default policy module to set both KeyEncipherment and DigitalSignature or neither when you are issuing mail certificates.
Microsoft has confirmed this to be a problem in Internet Information Server version 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.
The source code for the default policy module is available as part of the Windows Base Services component of the Platform SDK from MSDN.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/190157/EN-US/ )Support for Windows NT 4.0 Option Pack on Terminal Server