When you reply to or forward a signed or an encrypted e-mail message, the message is sent without encryption in Outlook 2007 and Outlook 2010

Article translations Article translations
Article ID: 974334 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario. You install a valid S/MIME certificate on a client computer. You do not configure the certificate for Microsoft Office Outlook 2007 and Outlook 2010. If you reply to or forward a signed or an encrypted e-mail message, the message is sent without encryption in Outlook 2007 and Outlook 2010. However, in this scenario, you do not receive a warning message that states that the message is sent without encryption.

RESOLUTION

When the following registry value explained below is set, Outlook automatically tries to sign or encrypt a reply or a forwarded message that was originally signed or encrypted by using S/MIME. If you have a secure e-mail certificate that is already configured in Outlook, it will be used. If you have a secure e-mail certificate installed in Windows and it matches the e-mail address of the account that you are using in Outlook, Outlook will automatically configure the certificate for its use. See Microsoft Knowledge Base article 941275 for more information about how Outlook automatically configures an e-mail certificate.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

Outlook 2010


To have Outlook 2010 automatically encrypt a message that you are forwarding and that was originally encrypted, configure the NoCheckOnSessionSecurity registry entry. To do this, follow these steps:
  1. Start Registry Editor.
    • In Windows Vista or Windows 7, click Start
      Collapse this imageExpand this image
      the Start button
      , type regedit in the Start Search box, and then press ENTER.

      Collapse this imageExpand this image
      User Account Control
      If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    • In Windows XP, click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type NoCheckOnSessionSecurity, and then press ENTER.
  5. Right-click NoCheckOnSessionSecurity, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.

Outlook 2007

To have Outlook 2007 automatically encrypt a message that you are forwarding and that was originally encrypted, use the following steps.

Apply the hotfix that is described in Microsoft Knowledge Base article 973404. Then, set the value of the NoCheckOnSessionSecurity registry entry to enable the hotfix package. To do this, follow these steps:
  1. Apply the following hotfix:

    973404 Description of the Outlook 2007 hotfix package (Outlook-x-none.msp): August 25, 2009
  2. Configure the
    NoCheckOnSessionSecurity
    registry entry. To do this, follow these steps:
    1. Start Registry Editor.
      • In Windows Vista or Windows 7, click Start
        Collapse this imageExpand this image
        the Start button
        , type regedit in the Start Search box, and then press ENTER.

        Collapse this imageExpand this image
        User Account Control
        If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
      • In Windows XP, click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:
      HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type NoCheckOnSessionSecurity, and then press ENTER.
    5. Right-click NoCheckOnSessionSecurity, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. Exit Registry Editor.
Note If there is no secure mail certificate installed on the workstation, Outlook cannnot send a signed or encrypted S/MIME message. In this scenario, if the registry value below is configured, the following error message will be displayed.

Microsoft Outlook 2010

Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address '<e-mail address>'. Either get a new digital ID to use with this account, or use the Accounts button to send the message using an account that you have certificates for.

Microsoft Outlook 2007

Microsoft Office Outlook could not sign or encrypt this message because you have no certificates which can be used to send from the e-mail address e-mail address.

You can do either of the following:

Get a new digital ID to use with this account. On the Tools menu, click Options, click the Security tab, and then click Get a Digital ID.

Use the Accounts button to send the message using an account that you have certificates for.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 974334 - Last Review: May 13, 2010 - Revision: 3.0
APPLIES TO
  • Microsoft Office Outlook 2007
  • Microsoft Outlook 2010
Keywords: 
kbsurveynew kbqfe kbexpertiseinter KB974334

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com