Event ID - 5005

Event Id5005
SourceMSExchangeKMS
DescriptionMailbox "o=Orgname, ou=Sitename, cn=Recipients, cn=Subcontainer1, cn=Subcontainer2, cn=Subcontainer3, cn=Mailbox" has failed being enabled or recovered.
Event InformationWhen using Key Management (KM) Server and Certificate Server to issue V3 certificates, some mailboxes may not be able to obtain a certificate. After submitting a security token from Microsoft Outlook, the following error message is returned: 

The message from the Microsoft Exchange Key Management Server could not be processed. Contact your administrator for a new security token, and set up advanced security again. 
Additionally,the above event will be logged in the application log of the Exchange Server computer. 
CAUSE :
Certificate Server 1.0 enforces a 64-character limit on the Subject of a certificate. The Subject is a concatenation of each Relative Distinguished Name (RDN) within the Distinguished Name (DN). In the example above, the DN is "o=Orgname, ou=Sitename, cn=Recipients, cn=Subcontainer1, cn=Subcontainer2, cn=Subcontainer3, cn=Mailbox". The limit is placed on the concatenation of "Orgname, Sitename, Recipients, Subcontainer1, Subcontainer2, Subcontainer3, Mailbox", which is (7 + 8 + 10 + 13 + 13 + 13 + 7). This exceeds the 64-character limit, and therefore Certificate Server cannot generate a certificate for this mailbox. </p>
Reference Links Key Management Server Cannot Grant V3 Certificates to Users with Long Distinguished Names

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh