I personally find Key Management Server the most interesting part of Microsoft Exchange especially at this time where all people talk about is security and encryption. I will be writing about the whats and hows of KM, as issues hit me, and of course, only if Tinde gives some spare minutes for OutlookExchange.

The Key Management Server (KM) which is referred to as Exchange advanced security is an additional component that needs to be installed and configured prior to use. By default Exchange messages travel between client and server using 40 bit encryption within RPC, however the messages are stored in standard clear text and administrators who give themselves access to one another's mailbox can read all of their messages. Advanced security will store the messages encrypted in the information store. Exchange uses Public and Private keys to ensure data is sent securely. These keys are designed in such a way that a message encrypted with one key can only be unlocked with the other key in the pair.

Installing Key Management Server.

The Key Management Server is installed on one exchange server in the organization, through the custom setup. Click Add/Remove button and highlight Exchange Server Component, Choose Change Option, Select Key management server. Click browse and select the service account, then key in the Service account password, select ok to continue with the installation. Then the system asks you how to deliver the key management password, this password is different from Service account password, You can choose either to display the password, and you write down or write the password on the floppy.( this requires two formatted diskettes, one for backup). This password is extremely important and must be available when starting the Key Management service, which has to be running before you can configure the object and get clients use it.

Having completed that, the Key Management Server (Advanced Security) is installed and the next step will be to check the Admin program on this machine. To put the key to work. In the exchange admin program, configuration container, a new object appears called CA, this is the certification authority object.

Before configuring the object (KM), we need to start the Microsoft Key Management Server Service on the Machine. In control panel, Services Icon, select Microsoft Key management Server ( it has a manual startup). After selecting the object, punch in the KM password which you wrote down some where, in the Startup Parameters Field at the bottom of the services dialogue box, then click start. or insert the one of the two floppies you provided above, and click start. Note that the KM password is case sensitive. The Key management service should be able to start now.

Note that Exchange 5.0 had a separate install program that was run from the CD. In Exchange 5.5 the setup is integrated.

Administering the KM

To be continued...................