Article ID: 974334 - View products that this article applies to.
Consider the following scenario. You install a valid S/MIME certificate on a client computer. You do not configure the certificate for Microsoft Office Outlook 2007 and Outlook 2010. If you reply to or forward a signed or an encrypted e-mail message, the message is sent without encryption in Outlook 2007 and Outlook 2010. However, in this scenario, you do not receive a warning message that states that the message is sent without encryption.
When the following registry value explained below is set, Outlook automatically tries to sign or encrypt a reply or a forwarded message that was originally signed or encrypted by using S/MIME. If you have a secure e-mail certificate that is already configured in Outlook, it will be used. If you have a secure e-mail certificate installed in Windows and it matches the e-mail address of the account that you are using in Outlook, Outlook will automatically configure the certificate for its use. See Microsoft Knowledge Base article 941275 for more information about how Outlook automatically configures an e-mail certificate.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To have Outlook 2010 automatically encrypt a message that you are forwarding and that was originally encrypted, configure the NoCheckOnSessionSecurity registry entry. To do this, follow these steps:
Outlook 2007To have Outlook 2007 automatically encrypt a message that you are forwarding and that was originally encrypted, use the following steps.
Apply the hotfix that is described in Microsoft Knowledge Base article 973404. Then, set the value of the NoCheckOnSessionSecurity registry entry to enable the hotfix package. To do this, follow these steps:
Microsoft Outlook 2010
Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address '<e-mail address>'. Either get a new digital ID to use with this account, or use the Accounts button to send the message using an account that you have certificates for.
Microsoft Outlook 2007
Microsoft Office Outlook could not sign or encrypt this message because you have no certificates which can be used to send from the e-mail address e-mail address.
You can do either of the following:
Get a new digital ID to use with this account. On the Tools menu, click Options, click the Security tab, and then click Get a Digital ID.
Use the Accounts button to send the message using an account that you have certificates for.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.