none
User unable to Encypt message using OWA 2013

    Question

  • I'm working on migrating my users from Exchange 2010 to Exchange 2013.  Right now I only have my Admin mailbox that I used during the install and then my actual user mailbox on EX13.  I followed the below URL which worked.

    https://technet.microsoft.com/en-IN/library/dn626158%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

    Problem I'm having is that when I open an encrypted email it asks to install S/MIME.  I download the file but I always get an error messages saying the file is invalid or corrupt.  I'm allowed to install it anyway and I do successfully.  Now within OWA under Options I have S/MIME settings saying I have the most recent version 4.0500.15.0.1178.4 of S/MIME control installed.  

    When I create a new email and try to send it encrypted I can't.  If I go into S/MIME settings and select "Encrypt contents and attachments of all messages I send" and hit OK, the emails are not encrypted.  If I open a new email and go to "Show Message Options" the Encrypt this message (S/MIME) & Digitally sign this message (S/MIME) are grayed out so I can't select them.  I have no problem reading encrypted emails when someone sends to me.  I do have a valid domain User certificate that has email encryption enabled.  This did work fine on my previous version of exchange.

    The odd thing is my Admin account mailbox which was used during the setup process is able to send encrypted emails to users. The options are available for that account.

    Before I start moving everyone over to the new exchange I need to iron out this encryption so any suggestions.  Was there something that I missed in my S/MIME configuration?


    ----E----

    Friday, May 27, 2016 2:58 PM

Answers

All replies

  • Hi ehans,

    When you followed the link to configure the S/MIME for OWA, did you get any errors?

    If no errors, you can also run the "Get-SmimeConfig" to checkthe S/MIME configuration, and compare with previous exchange server, check if there is any difference.

    Moreover, you will have to close and reopen Outlook Web App before you can use the S/MIME control after installing it.

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Monday, May 30, 2016 9:52 AM
    Moderator
  • No errors, everything went smooth.  

    I initially thought everything went good as my Admin account mailbox has no issues sending/receving encrypted emails from OWA, but after I migrated my user mailbox thats when I noticed the issue.  I haven't tried any other users yet.  

    I migrated from Exchange 2010 so I do not have the Get-SmimeConfig options available to me in Ex2010.  Is there another way I could compare the settings?

    The S/MIME configuration is only for OWA correct?  This will not affect any users that actually use Outlook right?


    ----E----

    Tuesday, May 31, 2016 1:18 PM
  • So I was fooling around with this a lot more today and still can't get it to work but I'm wondering if it has to do anything with the OWAEncryptionAlgorithms.  Currently I have my OWAEncryptionAlgorithms and OWASigningAlgorithms to 6610 & 8804.  I know that 6610 supports AES256 not sure what 8804 does for signing.  I have no idea what encryption algorithms my internal CA uses for "User" certificates but I don't think it is AES256 and I have no idea how I would find out.  

    Has anyone had to change these settings to support a different version of Encryption and Signing?

    I've been going over the below interesting article seeing if I could get this work.  Would I be able to allow all encryption algorithms and signing algorithms to see if the encryption would work?

    https://www.granikos.eu/en/justcantgetenough/PostId/178/the-mysterious-exchange-smimeconfig-algorithms


    ----E----

    Tuesday, May 31, 2016 9:26 PM
  • I figured it out.

    ----E----

    • Marked as answer by ehans67 Monday, June 6, 2016 6:10 PM
    Monday, June 6, 2016 6:10 PM
  • I figured it out.

    ----E----


    Can you say how?
    Tuesday, June 14, 2016 2:01 PM
  • I had everything setup correctly with my Exchange environment.  It was a real simple fix for me where if I went to Options-->Settings and under the Message Format section I had "Always show From" option checked which disables S/MIME.  Once I unchecked that everything worked.

    What kind of problem are you having?


    ----E----

    Tuesday, June 14, 2016 2:19 PM
  • I had everything setup correctly with my Exchange environment.  It was a real simple fix for me where if I went to Options-->Settings and under the Message Format section I had "Always show From" option checked which disables S/MIME.  Once I unchecked that everything worked.

    What kind of problem are you having?


    ----E----

    I have also Encrypt this message (S/MIME) & Digitally sign this message (S/MIME) greyed out. And I had also "Always show From" option checked, but your solution didn't work for me.

    I have a certificate from Comodo installed in Personal certificates store and choosed this certificate as "Default certificate for digital signing" in S/MIME settings. I have also done "Set-SmimeConfig -OWAAllowUserChoiceOfSigningCertificate $True" with no luck...

    Tuesday, June 14, 2016 6:28 PM
  • Do you have the correct SMIMECertificateIssuingCA from Comodo setup in Get-SMIMEConfig?  Stupid question but you installed the owasimime.msi file right? Is this the only account with the problem?

    ----E----

    Tuesday, June 14, 2016 6:47 PM
  • Thanks for the pointing. I've imported SST and now I have the options! )

    <strike>... and another problem when I try to send signed message:</strike>

    <strike>Remote Server returned '550 5.7.1 TRANSPORT.RULES.RejectMessage; the message was rejected by organization policy'</strike> My fault with rules..., erledigt.


    • Edited by PhoenixUA Tuesday, June 14, 2016 10:06 PM
    Tuesday, June 14, 2016 9:38 PM