Archive

Archive for the ‘ILM 2007’ Category

MS CLM 2007: PKCS#11 smart card self-service control error: Invalid Signature.

June 30th, 2009 No comments

I got this error (PKCS#11 smart card self-service control error: Invalid Signature.) while enrolling a certificate onto my Smartcard using Microsft CLM 2007 FP1.
Looks like Microsoft Certificate Lifecycle Manager FP1 is not yet compatible with Windows 7 RC1. No issue however with Vista SP2.
Only enrolling seems to be an issue, all other functionality just seems to work… if I find I solution to this then i will post it here… If you’ve got an solution? please leave a comment!

clm2007-error

Windows XP Mode on Windows 7 could be used as workaround as well (The smart card is accessible from XP Mode!). But the following requirements must be met for this to work;

  • Virtual XP Machine needs to be a domain member
  • Have the CLM Client tools installed
  • Have the SmartCard middleware installed.

clm-xp-mode

Categories: ILM 2007, Microsoft, Troubleshooting Tags: , , , ,

ILM 2007 FP1 & MS Identity Management Jungle

June 14th, 2009 No comments

Rebranding products is hip!  So a small post to explain the real products behind ILM 2007 FP1, what they do and some links to more in depth info.

ILM 2007 Feature Pack 1 is actually a suite of two products, an updated version of Microsoft Identity Integration Server (MIIS) and Certificate Lifecycle Manager (CLM), previously idNexus which Microsoft obtained after acquiring Alacris.

MIIS is probably most famous as a tool to assist in Cross-Forest Exchange topologies (two separate exchange instances in their own forest glued together). MIIS is then used to synchronize the Exchange Global Address List (GAL), which enables a consistent addressbooks, mail routing and sharing a SMTP namespace between Exchange organizations.

CLM is the Microsoft product to manage the lifecycle of (x509) Certificates and Smartcards.

MIIS 2003, ILM 2007 and ILM 2007 FP1 will cost you money.
But Identity Integration Server for Microsoft Active Directory (SP2) (IIFP) is FREE and can be downloaded here.

This is a lightweight version of MIIS 2003 which can only be used with Active Directory but can be used to setup GAL synchronisation.
There is catch with Exchange 2007; the ILM 2007 version will run the powershell cmdlet update-recipient automatically for you.  IIFP won’t do this, so you’ll have to setup this yourselves ,which is not a big deal.

A new version of ILM is underway and for now called “ILM 2″.

More details.

Technet July 2009 – Managing Active Directory users with ILM 2007

“ILM 2″ Product Page

Introducing Certificate Lifecyclemanager

ILM 2007 FP1 Product Page

How to deploy Exchange 2007 in a cros-forest topology


Categories: Active Directory, Exchange, ILM 2007, Microsoft, MIIS Tags: , , , , , ,