none
Exchange 2007 S/MIME - Problem Opening Attachments

    Question

  • I have Exchange Server 2007 SP1 running on Windows Server 2008 (x64) SP2. We have a PKI infrastructure in place and require that users digitally sign messages that contain links and/or attachments. We also request that they encrypt any messages containing sensitive data.

    I basically have two types of Windows clients:

    1. Windows XP with IE 7 and Office 2003.

    2. Windows 7 with IE 8 and Office 2010.

    I've noted different behavior from the two client types when attempting to open attachments in digitally signed or encrypted messages (formatted in S/MIME). On the Windows XP/IE 7/Office 2003 clients, it works without any problems whatsoever. On the Windows 7/IE 8/Office 2010 clients, it fails to work. Whether I select a signed message and try to open the attachment from the reading pane, or open the message first then try to open the attachment; I get an IE window that displays the 'Internet Explorer cannot display the webpage' error. In every case, the first part of the URL in the window seems to be the same, containing a GUID: https://4103-cffc-0aab-42b9-937d-a18e35a8c1b9/?REDIRECT=x-owacid://....

    I've been able to isolate the problem to the 'Microsoft Outlook Web Access S/MIME (2007)' add-on. If I open IE 8 without any add-ons, it works fine. If I uninstall the S/MIME add-on, it works fine. I've also verified that I can access attachments if I right-click them and save them first. I was also able to reproduce the problem in a lab environment with a vanilla install of Exchange 2007 SP1 on Windows Server 2008 SP2 and a Windows 7/IE8/Office 2010 client. So, I've been able to rule out the security settings and custom configurations that normally cause this type of problem in my environment.

    I think the problem is with how OWA is trying to redirect the IE 8 browser. Has anyone been able to identify problems with the S/MIME client and IE 8? Or figure out why this doesn't work? I've checked my IE 8 settings and verified OWA opens in the 'Local intranet' zone and Protected Mode is Off. I also tried PDF attachments, trying to determine if the issue was limited to Office attachments. All to no avail, it doesn't seem to matter what the file type is. At this point, I'm tempted to try Firefox just to see if it's isolated to IE 8.

    Others have seen the same problem, though this post is old and specifically mentions IE 7: http://social.technet.microsoft.com/Forums/en/exchangesvrclients/thread/e9f5cf31-14b2-4862-86f5-30897ef05f1b

    In the lab, I upgraded Exchange 2007 to SP3 with Rollup 1, thinking  this might have been addressed in a service pack or update. I then uninstalled the S/MIME add-on, rebooted the Windows 7 client, and installed the new S/MIME client from OWA. I verified the S/MIME build numbers before and after. Even with SP 3, Rollup 1, and the newest S/MIME add-on; it still doesn't work. We use digital signatures and encryption extensively, so simply removing the S/MIME client from the equation isn't an option. I'm concerned this may delay our Windows 7/Office 2010 rollout.

     

     

    Tuesday, November 09, 2010 7:07 PM

Answers

  • Symptom: Cannot open attachments in read or compose window via OWA when S/MIME add-on is enabled on Internet Explorer 8 (IE 8)

    Error on the webpage: “Internet Explorer cannot display the webpage

    Root cause: IE 8 improves stability by hosting each new window's doc in a new process, which breaks S/MIME so it can't locate the correct information in the new window; result in attachment can't be accessed

    Current methods:

    ·         View the attachment in same window so it’s in the same process

    ·         Save the attachment on disk which you have already known it

    Resources:

    Putting iexplore.exe on a diet

    Opening a New Tab may launch a New Process with Internet Explorer 8.0


    James Luo
    TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
    If you have any feedback on our support, please contact tngfb@microsoft.com
    • Marked as answer by Alan.Gim Wednesday, November 17, 2010 2:06 AM
    Friday, November 12, 2010 7:38 AM

All replies

  • Symptom: Cannot open attachments in read or compose window via OWA when S/MIME add-on is enabled on Internet Explorer 8 (IE 8)

    Error on the webpage: “Internet Explorer cannot display the webpage

    Root cause: IE 8 improves stability by hosting each new window's doc in a new process, which breaks S/MIME so it can't locate the correct information in the new window; result in attachment can't be accessed

    Current methods:

    ·         View the attachment in same window so it’s in the same process

    ·         Save the attachment on disk which you have already known it

    Resources:

    Putting iexplore.exe on a diet

    Opening a New Tab may launch a New Process with Internet Explorer 8.0


    James Luo
    TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
    If you have any feedback on our support, please contact tngfb@microsoft.com
    • Marked as answer by Alan.Gim Wednesday, November 17, 2010 2:06 AM
    Friday, November 12, 2010 7:38 AM
  • Hello,

     

    I am having a similar problem, but with me, a red cross appears when I try to reply my e-mails in OWA. UPdating the S/MIME addon was supposed to help, and indeed, I am able to type again, but when pressing the send-button, IE8 crashes. Perhaps uninstalling the S/MIME addon will help, could you tell me where to do that? I can only find a location to update it.....

     

    Thank you!

    Monday, January 10, 2011 1:53 PM