locked
Outlook 2010 - GAL - encryption issues RRS feed

  • Question

  • Hi,

    We are using MS Certificate Services PKI to deliver certificates for S/MIME with Outlook 2010/Exchange 2007

    • AD User certificate auto-enrollment is working on XP and seven
    • User can see both sign and cipher own certificates using certmgr.msc
    • User can publish certificate to GAL
    • User can sign mails

    But we have the following error message when trying to send encrypted mails to user (who's public cipher key is in GAL) :
    "Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities".

    When adding the user to local address book, we are able to send encrypted mails but it is not acceptable for 10K+ internal users.

    We upgraded Office 2010 Pro with SP2 but with no success.


    Thursday, October 17, 2013 9:15 AM

Answers

  • Do you mean OAB when referring to "local address book"?

    Renew the OAB, does the same issue persist?

    http://www.howto-outlook.com/howto/oabupdate.htm

    Try to send emails in Online Mode, it may be a workaround.

    Sunday, October 20, 2013 11:30 AM
  • While referring to "local address book", i meant PAB.

    Renewing the entire OAB (on the exchange server and reloading on the client) has already been done with no success.

    But disabling cached mode GPO and disabling cached OAB has resolved the problem.

    Thanks  a lot for that clue

    Now i have to figure out why it is impossible to use OAB for S/MIME usage since we can't afford our 10K+ users to connect to the exchange server without caching.

    Monday, October 21, 2013 3:50 PM

All replies

  • Do you mean OAB when referring to "local address book"?

    Renew the OAB, does the same issue persist?

    http://www.howto-outlook.com/howto/oabupdate.htm

    Try to send emails in Online Mode, it may be a workaround.

    Sunday, October 20, 2013 11:30 AM
  • While referring to "local address book", i meant PAB.

    Renewing the entire OAB (on the exchange server and reloading on the client) has already been done with no success.

    But disabling cached mode GPO and disabling cached OAB has resolved the problem.

    Thanks  a lot for that clue

    Now i have to figure out why it is impossible to use OAB for S/MIME usage since we can't afford our 10K+ users to connect to the exchange server without caching.

    Monday, October 21, 2013 3:50 PM
  • Just ran into this as well. This workaround worked for me. 

    Workaround for scenario 1 Add the partner to the Contacts list. To do this, follow these steps:
    1. On the Tools menu, click Address Book.
    2. In the Address Book dialog box, select Global Address List in the Address Book list.
    3. Type the partner name in the Search field, and then select the correct entry from the results.
    4. On the File menu, click Add to Contacts

    From KB 980029

    Thursday, March 27, 2014 5:16 PM