FIX: "Unable to sign outbound message" error after you upgrade to BizTalk Server 2006 R2 SP1 or to BizTalk Server 2010

Article translations Article translations
Article ID: 2570450 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You have a send pipeline that uses the MIME/SMIME encoder pipeline component in Microsoft BizTalk Server 2006 R2 or in Microsoft BizTalk Server 2009. You set the signature type of the MIME/SMIME encoder pipeline component to ClearSign.
  • You create a BizTalk orchestration that runs the send pipeline to sign outgoing messages.

    For example, you use an expression to call the send pipeline of a message assignment shape in the orchestration. For more information, see to the "More Information" section.
  • You install Microsoft BizTalk Server 2006 R2 Service Pack 1 (SP1). Or, you upgrade to Microsoft BizTalk Server 2010.
  • You run the BizTalk orchestration.
In this scenario, the outgoing messages are not signed. Additionally, an error message that resembles the following is logged in the Application log:

There was a failure executing the send pipeline: "<pipeline name>" Source: "MIME/SMIME encoder" Send Port: "<send port name>" URI name" Reason: Unable to sign outbound message because the encoder could not find the signing certificate in the "Current User\Personal" certificate store.

CAUSE

This issue occurs because BizTalk Server tries to locate a certificate in an incorrect location.

Note BizTalk Server 2006 R2 SP1 and BizTalk Server 2010 introduce a new feature that lets you use multiple certificates for signing.

RESOLUTION

Cumulative update package information

For more information about how to obtain the cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
2573000 Cumulative update package 2 for BizTalk Server 2010

Note If you encounter this issue in BizTalk Server 2006 R2 SP1, you can follow the steps in the "Workaround" section to work around this issue.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

WORKAROUND

To work around this issue, following these steps:

  1. Use the following namespace to deploy a property schema:

    http://schemas.microsoft.com/BizTalk/2003/system-properties.BTS.OutboundSignatureCertificate
  2. Set the BTS.OutboundSignatureCertificate property that uses the certificate thumbprint value in orchestration code before you run the send pipeline.

MORE INFORMATION

For more information about how to configure the MIME/SMIME encoder pipeline component, visit the following MSDN website:
How to configure the MIME/SMIME encoder pipeline component

For more information about how to use expressions to run pipelines, visit the following MSDN website:
How to use expressions to run pipelines
For more information about BizTalk Server hotfixes, click the following article number to view the article in the Microsoft Knowledge Base:

2003907 Information about BizTalk Server hotfixes

For information about service packs and cumulative update packages for BizTalk Server, click the following article number to view the article in the Microsoft Knowledge Base: 

2555976 Service Pack and Cumulative Update list for BizTalk Server

Properties

Article ID: 2570450 - Last Review: August 31, 2011 - Revision: 1.0
APPLIES TO
  • Microsoft BizTalk Server 2006 R2 Branch Edition
  • Microsoft BizTalk Server 2006 R2 Developer Edition
  • Microsoft BizTalk Server 2006 R2 Enterprise Edition
  • Microsoft BizTalk Server 2006 R2 Service Pack 1
  • Microsoft BizTalk Server 2006 R2 Standard Edition
  • Microsoft BizTalk Server Branch 2010
  • Microsoft BizTalk Server Developer 2010
  • Microsoft BizTalk Server Enterprise 2010
  • Microsoft BizTalk Server Standard 2010
Keywords: 
kbqfe kbexpertiseadvanced kbsurveynew kbbtspipeline kbfix KB2570450

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com