Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Solved
User can't open encrypted email in Outlook when she is the CC: recipient
Posted on 2013-01-10
The user is running Outlook 2010. Our server is SBS 2008 with Exchange 2007.
The user has a new cert from Sandra earlier today. The user can open encrypted email from "Sandra" that is addressed to her, but cannot open encrypted email from the same "Sandra" if she is copied on an email to "Nick".
She can open encrypted email from "Nick".
What do I do to enable her to open the email from Sandra that she is copied on?
Here is the mail she can open:
Here is email from "Nick"
Here is email from Sandra she cannot open:
The user has a new cert from Sandra earlier today. The user can open encrypted email from "Sandra" that is addressed to her, but cannot open encrypted email from the same "Sandra" if she is copied on an email to "Nick".
She can open encrypted email from "Nick".
What do I do to enable her to open the email from Sandra that she is copied on?
Here is the mail she can open:
Here is email from "Nick"
Here is email from Sandra she cannot open:
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
6
9 Comments
Active today
check this
http://support.microsoft.com/kb/2621062
http://support.microsoft.com/kb/2621062
amitkulshrestha:
Thanks for the reply.
http://support.microsoft.com/kb/2621062 applies to Exchange2010, but I am running Exchange 2007. But since it seemed harmless, I added the Contact as the article suggests, but it had no effect. SHe still cannot open one of the emails.
Thanks for the reply.
http://support.microsoft.com/kb/2621062 applies to Exchange2010, but I am running Exchange 2007. But since it seemed harmless, I added the Contact as the article suggests, but it had no effect. SHe still cannot open one of the emails.
Can someone recommend a consultant with expert knowledge of this area that I can pay to answer this question?
Active 1 day ago
The cc doesn't have the encryption key for the cc'd user, therefor instead of using CC one must use multiple TO: addresses this way multiple messages are created with multiple encryption keys.
@ve3ofa
Thank you for your reply!
I tested the idea that cc doesn't have the encryption key by sending an encrypted email with the user listed as a cc. She could read it. Of course she had previously gotten signed email from me and we had exchanged encrypted email as well. How is this test different from what fails above?
It is also the case that in the problem reported above, she had previously gotten signed and encrypted email from the sender and from the other recipients.
Is it expected procedure to require that when our clients and vendors try to CC us on an encrypted email that we must reply to them out of band and require them to resend the email with all recipients on the "To:' list and without anyone on the CC line?
Further testing suggests that there seems to be a difference between different "versions" of the email addresses in use. If I type in the user's name on the cc line I may get a match from the Outlook address book which, although the same SMTP address, seems not have a certificate associated with it. How do I remove such ambigous contacts?
Thank you for your reply!
I tested the idea that cc doesn't have the encryption key by sending an encrypted email with the user listed as a cc. She could read it. Of course she had previously gotten signed email from me and we had exchanged encrypted email as well. How is this test different from what fails above?
It is also the case that in the problem reported above, she had previously gotten signed and encrypted email from the sender and from the other recipients. Is it expected procedure to require that when our clients and vendors try to CC us on an encrypted email that we must reply to them out of band and require them to resend the email with all recipients on the "To:' list and without anyone on the CC line?
Further testing suggests that there seems to be a difference between different "versions" of the email addresses in use. If I type in the user's name on the cc line I may get a match from the Outlook address book which, although the same SMTP address, seems not have a certificate associated with it. How do I remove such ambigous contacts?
More thoughts: If she was not in the original email chain, but was later added, she won’t be able to open it. Only the original To:, CC:, or BCC: recipients can open the email.
That was not the case here, but it is a good factoid for others reading this.
I found the following and I will get around to trying the re-import of keys next weekend. ¿
http://support.microsoft.com/kb/258527
That was not the case here, but it is a good factoid for others reading this.
I found the following and I will get around to trying the re-import of keys next weekend. ¿
http://support.microsoft.com/kb/258527
As described in http://support.microsoft.com/kb/258527 , when I deleted and recreated the Outlook contact for the persons involved in the email thread all the problems went away.
I created the new contacts from the most recently signed email from the contact by right clicking on the sender's name and selecting "Add to Outlook contacts".
I created the new contacts from the most recently signed email from the contact by right clicking on the sender's name and selecting "Add to Outlook contacts".
Featured Post
Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
- Software-Other
- Exchange
- Email Servers
- Email Software
- Exchange 2007
- *Exchange Server 2010
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment.
The video tutorial explains the basics of the Exchange server Database Availability grou…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month11 days, 15 hours left to enroll
730 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.