Publish to GAL Failure. Could not write to the GAL. Error 80070005
Description:
This article explains a Windows Application Security configuration that restricts user privileges causing this error.
Product:
NetSign CAC, Microsoft Exchange Server 2000
Issue / Problem:
Customers using NetSign CAC 4.2 recently reported errors when NetSign CAC policies are set to publish certs to the Global Address List (GAL). When the user would insert their CAC card into the reader for the first time (after about 30 seconds) they would see a dialog asking if they would like to publish their certificate to the GAL. After selecting "YES" the user would receive an error message: "Publish to GAL Failure. Could not write to the GAL. Error 80070005"
Solution:
NOTE: This issue is not caused by NetSign software, but rather a Windows Application Security configuration set by the system administrator restricting user privileges. Specifically, this error is caused by a system policy that limits a user who does not have appropriate "Write" permissions to a setting in Active Directory Users and Computers, (ADUC) as outlined below.
To correct this error, a person with DOMAIN ADMIN RIGHTS must logon to domain's Active Directory Users and Computers (ADUC).
Next, turn on the "Advanced Features" option by clicking View from the ADUC menu bar and clicking "Advanced Features" (if there is a check mark by "Advanced Features" then the feature is already ON as needed to correct this problem).
Next the Domain Administrator would select the User folder that displays Active Directory user accounts. Each user account provides a dialog box, which shows the Security tab, the Published Certificates (certificates in the GAL) and other tabs. Please select the appropriate user and select the Security tab.
Next, scroll down the top section labeled "Groups or user names" and click to highlight "SELF". Look in the bottom section indicating Permissions for Self and scroll to the selection box labeled "WRITE PERSONAL INFORMATION". The user must have a check next to "[X] Allow" for this privilege in order for this user to write to the GAL.
There may also be groups in which the user belongs, that have the restriction from writing to the GAL. Verify all other groups the user is a member of as those may also restrict the users ability to publish to GAL.
Keywords: Publish To GAL GAL Error 80070005 Exchange
Description:
This article explains a Windows Application Security configuration that restricts user privileges causing this error.
Product:
NetSign CAC, Microsoft Exchange Server 2000
Issue / Problem:
Customers using NetSign CAC 4.2 recently reported errors when NetSign CAC policies are set to publish certs to the Global Address List (GAL). When the user would insert their CAC card into the reader for the first time (after about 30 seconds) they would see a dialog asking if they would like to publish their certificate to the GAL. After selecting "YES" the user would receive an error message: "Publish to GAL Failure. Could not write to the GAL. Error 80070005"
Solution:
NOTE: This issue is not caused by NetSign software, but rather a Windows Application Security configuration set by the system administrator restricting user privileges. Specifically, this error is caused by a system policy that limits a user who does not have appropriate "Write" permissions to a setting in Active Directory Users and Computers, (ADUC) as outlined below.
To correct this error, a person with DOMAIN ADMIN RIGHTS must logon to domain's Active Directory Users and Computers (ADUC).
Next, turn on the "Advanced Features" option by clicking View from the ADUC menu bar and clicking "Advanced Features" (if there is a check mark by "Advanced Features" then the feature is already ON as needed to correct this problem).
Next the Domain Administrator would select the User folder that displays Active Directory user accounts. Each user account provides a dialog box, which shows the Security tab, the Published Certificates (certificates in the GAL) and other tabs. Please select the appropriate user and select the Security tab.
Next, scroll down the top section labeled "Groups or user names" and click to highlight "SELF". Look in the bottom section indicating Permissions for Self and scroll to the selection box labeled "WRITE PERSONAL INFORMATION". The user must have a check next to "[X] Allow" for this privilege in order for this user to write to the GAL.
There may also be groups in which the user belongs, that have the restriction from writing to the GAL. Verify all other groups the user is a member of as those may also restrict the users ability to publish to GAL.
Keywords: Publish To GAL GAL Error 80070005 Exchange