Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 3, 2014 7:48 PM
Hi guys,
I have an issue with one employee only (unfortunately she's a head of HR..) in an big Exchange 2007 organisation:
When another (random) employee send encrypted email to the HR manager with desktop Outlook, she can't open the message and get this error message:
"Can't open this item. Your Digital ID name can not be found by the underlying security system."
HR manager can open encrypted mail from any sender, when sender sent from OWA (not from Outlook).
But it's depend on sender too: another sender can send good encrypted mail to the HR manager from Outlook.
I checked HR manager certification on AD, she has only one certification and it's perfect.
I tried delete the SSL cache on clients IE, it's not solved the problem.
Have you any idee?
Can I check public key of recipients that outlook use for encryption or debug the encryption process?
Regard,
Gabor
All replies (3)
Monday, October 6, 2014 5:12 AM ✅Answered
Hi,
Sending and viewing encrypted email messages requires both sender and recipient to share their digital ID (digital ID: Contains a private key that stays on the sender's computer and a certificate (with a public key). The certificate is sent with digitally signed messages. Recipients save the certificate and use the public key to encrypt messages to the sender.), or public key certificate. This means that you and the recipient each must send the other a digitally signed message, which enables you to add the other person's certificate to your Contacts. You can’t encrypt email messages without a digital ID. A recipient without the corresponding private key will see this message when he try to open the encrypted item.
Please try to clear the auto-complete list and publish the certificate again to check the result.
In addition, please check this kb, and follow the suggestions in it:
http://support.microsoft.com/kb/258527
Although this Kb is for Outlook 2000, some information can also apply to later version of Outlook.
Regards,
Steve Fan
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click here
Saturday, October 4, 2014 3:46 AM
When opening an encrypted email, Outlook will first check the Autocomplete cache before looking at the certificate in the GAL/AD. So try deleting the Autocomplete cache entry for the sender and see if it makes any difference. I would say, first check by sending a digitally signed email first then an encrypted email.
============
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Friday, October 7, 2016 12:20 AM
Naresh, thanks for posting a helpful and insightful answer.