Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010


View products that this article applies to.

Symptoms

When you use an S/MIME certificate that contains the value of 2.5.29.37.0 for the Any Purpose object identifier (also known as OID) in the Enhanced Key Usage (EKU) attribute, the certificate is considered invalid and is not included in the Offline Address Book (OAB). Therefore, the OAB is not generated as expected.

↑ Back to the top


Resolution

To resolve this issue, install the following update:
2961522 Update Rollup 7 for Exchange Server 2010 Service Pack 3

↑ Back to the top


Workaround

To work around this issue, use a certificate that contains the value of 1.3.6.1.5.5.7.3.4 for the Secure Email object identifier in the EKU attribute.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More Information

For more information about EKU, go to the following Microsoft website:

↑ Back to the top


Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info
Article ID : 2975988
Revision : 1
Created on : 1/7/2017
Published on : 8/26/2014
Exists online : False
Views : 330