Previous Topic: Registering Exchange ClustersNext Topic: Using the CA SRM Exchange Registration Wizard

Managing Microsoft ExchangeRegistering Microsoft Exchange ServersSecurity and Registry Settings

Security and Registry Settings

With the updates included in MSXML 4.0 SP2, the ServerXMLHTTP object now checks the Internet Explorer security policy setting for submitting non-encrypted form data. If you set the Submit nonencrypted form data option to Disable or Prompt, an Access Denied error message occurs when you attempt to post form data using the ServerXMLHTTP object. To resolve this issue:

  1. Click the Start menu, select Run, type mmc, and then press Enter.
  2. Select Add/Remove Snap-in from the File menu.
  3. Click Add in the Add/Remove Snap-in dialog.
  4. Add the Group Policy snap-in to the Console Root.
  5. Select Local Computer Policy, User Configuration, Windows Settings, Internet Explorer Maintenance, and then Security.
  6. Click Security Zones and Content Ratings.
  7. In Security Zones and Privacy select the Import option button and click Modify Settings.
  8. To resolve the issue for submitting non-encrypted form data, select the Local Intranet web content zone.
  9. Set the Submit nonencrypted form data option to Enable.

If you are unable to modify the settings like this, the msxml4-adapt.reg file can alter your registry settings. It is located in the \Program Files\CA\CA SRM\UT directory on the Application Server machine. This file sets the following values in the registry to allow you to post non-encrypted data:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only (Dword value) = 1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1601 (Dword value) = 0

You may need to create the CurrentVersion and Internet Settings folders for this to work.

Note: This file works for Windows 2000, Windows XP, and Windows 2003 only.