Solved

User can't open encrypted email in Outlook when she is the CC: recipient

Posted on 2013-01-10
9
5,833 Views
Last Modified: 2013-03-07
The user is running Outlook 2010. Our server is SBS 2008 with Exchange 2007.
The user has a new cert from Sandra earlier today. The user can open encrypted email from "Sandra" that is addressed to her, but cannot open encrypted email from the same "Sandra" if she is copied on an email to "Nick".
She can open encrypted email from "Nick".
What do I do to enable her to open the email from Sandra that she is copied on?

Here is the mail she can open:
Email 1 from Sandra

Here is email from "Nick"
Email from Nick
Here is email from Sandra she cannot open:
Email from Sandra that won't open
0
Comment
Question by:Robert Kleinschmidt
  • 6
9 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 38766755
0
 

Author Comment

by:Robert Kleinschmidt
ID: 38767912
amitkulshrestha:
Thanks for the reply.
http://support.microsoft.com/kb/2621062  applies to Exchange2010, but I am running Exchange 2007. But since it seemed harmless, I added the Contact as the article suggests, but it had no effect. SHe still cannot open one of the emails.
0
 

Author Comment

by:Robert Kleinschmidt
ID: 38785795
Can someone recommend a consultant with expert knowledge of this area that I can pay to answer this question?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 38795223
The cc doesn't have the encryption key for the cc'd user, therefor instead of using CC one must use multiple TO: addresses this way multiple messages are created with multiple encryption keys.
0
 

Author Comment

by:Robert Kleinschmidt
ID: 38797443
@ve3ofa

Thank you for your reply!

I tested the idea that cc doesn't have the encryption key by sending an encrypted email with the user listed as a cc. She could read it. Of course she had previously gotten signed email from me and we had exchanged encrypted email as well. How is this test different from what fails above?
Encrypted file readable as CC recipient It is also the case that in the problem reported above, she had previously gotten signed and encrypted email from the sender and from the other recipients.

Is it expected procedure to require that when our clients and vendors try to CC us on an encrypted email that we must reply to them out of band and require them to resend the email with all recipients on the "To:' list and without anyone on the CC line?

Further testing suggests that there seems to be a difference between different "versions" of the email addresses in use. If I type in the user's name on the cc line I may get a match from the Outlook address book which, although the same SMTP address, seems not have a certificate associated with it. How do I remove such ambigous contacts?
0
 

Author Comment

by:Robert Kleinschmidt
ID: 38904442
More thoughts: If she was not in the original email chain, but was later added, she won’t be able to open it. Only the original To:, CC:, or BCC: recipients can open the email.

That was not the case here, but it is a good factoid for others reading this.

I found the following and I will get around to trying the re-import of keys next weekend. ¿
http://support.microsoft.com/kb/258527
0
 

Accepted Solution

by:
Robert Kleinschmidt earned 0 total points
ID: 38945921
As described in http://support.microsoft.com/kb/258527 , when I deleted and recreated the Outlook contact for the persons involved in the email thread all the problems went away.

I created the new contacts from the most recently signed email from the contact by right clicking on the sender's name and selecting "Add to Outlook contacts".
0
 

Author Closing Comment

by:Robert Kleinschmidt
ID: 38961172
It worked and I have a pointer to the reference.
I do not have any explanation for the "why" or how to avoid, which I would expect in a "good" or "Excellent" answer.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question