locked
outlook s/mime issues with two exchange accounts cant encrypt to the secondary email's GAL. RRS feed

  • Question

  • Both exchange environments are controlled by different organizations and seems to be an issue that arose after moving to 16 from 2010.

    Basically the same problem as the below 2 links

    https://answers.microsoft.com/en-us/msoffice/forum/all/outlook-2016-issue-with-smime-and-two-exchange/c0e072a4-53c8-4af2-8146-75b255a2d107

    https://answers.microsoft.com/en-us/msoffice/forum/all/outlook-2013-multiple-accounts-and-smime-problems/68a34f1c-b10e-492c-b20f-53252c89bafa

    Thursday, November 29, 2018 1:38 AM

All replies

  • Hi S_Rainer,

    >> Both exchange environments are controlled by different organizations and seems to be an issue that arose after moving to 16 from 2010.

    By this, do you mean the issue occurs since upgrading to Outlook 2016?

    I read through the two threads you shared above but still need more information for further research and analysis:

    1. Do you mean you received the following error when trying to send encrypted messages to the second account GAL?

    "Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities"

    2. Have you installed KB3127912 as mentioned in the first link? 

    To help narrow down the problem, please try creating a new profile, add the secondary account only and see if the error remains.

    Any update, feel free to post back.

    Regards, 

    Yuki Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to shareexplore and talk to experts about Microsoft Teams.

    Thursday, November 29, 2018 9:06 AM
  • Hello thank you for responding

    Yes these issues starting occurring after upgrading our outlook client to 2016.

    Question 1:

    If I search for an address associated to the secondary email i get the "Your email could not be sent because Outlook could not find encryption certificates for the recipients listed below" error message. If i create a new profile and switch accounts i get the same issue with the secondary account GAL.

    The odd issue is that if I search an address from 2nd GAL and add it as a contact, if i open the address book and search my secondary accounts contacts and then it will work. However that will only work if i use the contact i downloaded if i use the GAL or just type in the email and check name it wont work.

    Question 2:

    I do have KB3127912 installed but i will uninstall/reinstall just to make sure.

    Thank you for the any help you can provide.


    • Edited by S_Rainer Friday, November 30, 2018 1:59 AM Changin error message text
    Thursday, November 29, 2018 11:23 PM
  • Hi S_Rainer,

    Thanks for getting back to us with more details.

    I did much research on this, but cannot find any documentation stating if this is a known issue in Outlook 2016 that we cannot send encrypted messages to the GAL of a secondary email address. 

    Have you checked if it can work properly when the the default adding digital signature to outgoing mails is turned off?

    Regards,

    Yuki Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, November 30, 2018 9:35 AM
  • Yuki,

    I don't normally have that setting on but when on i was able to send a signed email to my coworker.

    We both have domain B as our secondary and when he tried to reply to my signed email (I do have "send these certs with signed emails" selected) it gave the error about not being able to find my certificate.

    Thank you,

    Rainer

    Monday, December 3, 2018 2:12 AM
  • Yuki,

    I don't normally have that setting on but when on i was able to send a signed email to my coworker.

    We both have domain B as our secondary and when he tried to reply to my signed email (I do have "send these certs with signed emails" selected) it gave the error about not being able to find my certificate.

    Thank you,

    Rainer

    Hi Rainer,

    Do you mean when the option is on, you can send out the signed message while the recipients cannot reply to your encrypted message? Is there any difference between the build number of Outlook on your and your coworker's Outlook?

    Regards,

    Yuki Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, December 4, 2018 10:06 AM
  • Yuki,

    Our build numbers are the same.

    I did some testing and heres what i have.

    You can encrypt but only if you download the contact and then search and send to that contact but not by searching the gal or typing the address.

    I can sign emails with the option to send certs and i still cannnot encrypt.

    if i download the contact and encrypt the email to their secondary email they cannot respond until they save my contact.

    The problem switches address depending on which is primary so having 2 profiles seems to work but is not ideal. it seems that outlook will not download the public certs for any contact from the secondary email GAL it just ignores it.

    Rainer
    Friday, December 7, 2018 12:39 AM