Certificates are deployed by Active Directory and are set to expire every 12 months. The certificates are automatically created for each computer that a user logs into.
Our issues is this, our users log onto several different computers at 5 different locations in Florida. When the user is sent an email from another user within our company it's a crapshoot if they'll be able to open an encrypted email because it seems the sender is using one of the many certs of the receiver. The receiver only has one cert on the computer their logged into, thus, the user can not open the email because the sender is using one of the certs created for another computer.
User A logs into computer 1 and a cert is created in AD and downloaded to that computer.
User A then logs into computer 2 and again a new cert is created in AD and downloaded to that computer
User B emails User A while User A is logged into computer 1 and User A can't open encrypted email because User B's computer used Users A cert from computer 2
Hope this makes sense.
Any suggestions or help would be greatly appreciated. Please note that we must continue to use the Microsoft Certificate system and not any 3rd party application or hardware so please don't tell use to buy something.