You receive an error message when you try to send an encrypted e-mail message to another user who is in the same Exchange organization in Outlook
When you try to send an encrypted e-mail message to another user who is in the same Microsoft Exchange organization in Microsoft Outlook 2002 or in Microsoft Office Outlook 2007, you receive the following error message:
Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities
This issue may occur if one of the following conditions is true:
- The recipients previously published their digital ID to the global address list by using the Publish to GAL feature in Outlook 2002. When the old digital ID expired and the new digital ID was issued, the old digital ID remained in the value of the userSMIMECertificate attribute of the user object in the Active Directory directory service. If the userSMIMECertificate attribute value is present, it is always used.
Note Certificates that are issued by a Microsoft Windows certification authority in an Active Directory organization are automatically published to the user object in Active Directory by using the userCertificate attribute. When an Outlook user uses the Publish to GAL feature, a self-signed value is written to the userSMIMECertificate value of the user object.
- A certificate server is being used that is not integrated with Active Directory or with the Microsoft Exchange Server 5.5 Directory Service. Therefore, no information regarding the recipient's public key is present in the global address list.
To resolve this issue, the recipient must follow these steps:
- On the Tools menu, click Options.
- Click the Security tab.
- In the Default Setting list, make sure that the correct security profile for the digital ID that you want to use is selected. To verify your certificate settings, click Settings. You can click Choose, and then click View Certificate to view your certificate details.
- Under Digital IDs (Certificates), click Publish to GAL, and then click OK. This will republish the correct certificate to the global address list to make sure that users are addressing you with the correct digital certificate.
- Click OK when you are prompted that your certificates were published successfully.
- Click OK to exit the Options dialog box.
If you receive the error message that is mentioned in the "Symptoms" section, you can try to verify the status or the validity of the recipient's certificate in the global address list. To do this, follow these steps:
- If you have an e-mail message from the recipient in your Inbox, follow these steps
Note This step does not apply to Outlook 2007.
- Open the e-mail message from the recipient.
- Right-click their user name in the From field, and then click Add to Contacts.
The Contact form appears.
- If you do not have an e-mail message from the recipient in your Inbox, follow these steps.
Note To perform this step, you must have a personal address book that is configured for your mail profile.
- On the Tools menu, click Address Book.
- Click the recipient to whom you tried to send the e-mail message.
- On the File menu, click Add to Personal Address Book.
The Contact form appears.
- Click the Certificates tab.
- If a certificate exists, click the certificate, and then click Properties.
Verify the validity of any certificates that are present. The certificate may appear as revoked or expired.
820029 "Microsoft Outlook had problems encrypting this message" error message when you try to send an encrypted e-mail message in Outlook 2002
326311 You cannot send encrypted e-mail messages to a contact while you are working offline
Article ID: 884738 - Last Review: 03/30/2007 21:09:52 - Revision: 2.1
Microsoft Office Outlook 2007, Microsoft Outlook 2002 Standard Edition
- kbtshoot kbprb KB884738