Upgraded version of Outlook cannot open previously viewable encrypted messages.

Status
Not open for further replies.
C

computerkungfu



Hi team, this is my first post and I have to admit to being a little desperate after trying dozens of so-called 'fixes' found in different corners of the web. My issue seems to be common enough, though the resolve isn't. I am a reasonable tech but not up with Exchange and related systems. I look after the IT of a company who are running older OSs and clients but are being forced to upgrade due to a number of reasons. They use a booking system where email messages are sent to them in what I am assuming is encrypted form - the icon on the message is a small blue padlock. They currently use Outlook 2000 and the messages open fine on those machines still running that version. However, simply upgrading to Outlook 2003 (I know, but this is the version they want to use) breaks things and the error when trying to view these messages now is the dreaded "Cannot open this message. Your Digital ID Name Cannot Be Found by the Underlying Security System". The thing is, on one of their machines, the upgrade went OK and the messages open fine. Their Exchange server host sent them a certificate/key file, which I can import OK, but I'm not convinced this key has anything to do with anything because Outlook still doesn't work and when I go into the Trust centre in the options dialogue there are no keys available for this function. The certificate/key shows up in the Internet Options dialogue under certificates but as I said, I'm not sure it is the right thing I need.
As you can tell, it is the blind leading the blind. I am out of my depth and aren't even sure of the correct language to use to convey the problem. I cannot fathom why one machine upgraded to Outlook 2003 and everything works while now 3 other machines have been upgraded using the same disk and procedure but they cannot open these messages. I even took the pst file to other machines and tried three different versions of Outlook - none would open the messages, with the error given above. I have read and tried several of the suggestions given in other posts but nothing has worked and I suspect this is because I am way off track rather than the fixes not being correct. Any further guidance or help would be greatly appreciated and I thank you for your time and expertise. Dave Thompson
 
G

Gen Lin



Hi,

This problem may happen if one of the following factor is true:

1. There is no private key installed to decrypt the message.

2. Or, the installed private key does not correspond to the public key.

You first need to understand how S/MIME encrypted message works:

1. The senders must own a certificate(which means they have a valid public/private key pair). Also the sender must have the certificates of all the recipients.

2. Sender Client (Outlook or other program) creates a random key and encrypts the message with this key.

3. Create a copy of the random key, encrypt it with the recipient"s public key (derived from their certificate) and attach the result to the message. This is performed for each recipient of this message.

4. The message and its key attachments are sent together to the recipients.

5. Upon receiving the message, the recipient locates their corresponding key attachment, uses their private key to decrypt the symmetric key and then uses that symmetric key to decrypt the message.

From your discription“when I go into the Trust centre in the options dialogue there are no keys available for this function”, I infer that the problem shuold be caused by the recipients that do not own a certificate on thire computer.

Please follow these steps to troubleshoot:

1. Send an encrypted message from exchange to the outlook 2003 client? What"s result?

2. On the outlook 2003 client, check if it owns a valid certificate:

a. Click start button->Run, type mmc then press Enter to open Management Console.
b. Click File-Add/Remove Snap-in. Click Add->Certificates. Click Add.
c. In “This snap-in will always manage certificates for”, select “user account”.

d. Return to the console. Expand to Certificate Current User->Personal. Is there a certificate? If no, please import the recipient"s certificate into the computer.

Note: You can also check the Trusted People folder. The sender's certificates are stored in here.



 
C

computerkungfu



Thank you very much for taking the time to explain this; it certainly helps me a lot to know what I am actually doing. I will try what you suggest and post back here what (if anything) I discover.

Thanks again.

Dave Thompson.
 
C

computerkungfu



Hello again.

I have carried out as you suggested and when the management console is opened, under Personal, the key I imported is there (this key is a Thawte key bought and paid for - remember this all worked under Outlook 2000 but now does not work in 2003). You say to look under the Trusted People section - there is no key listed there.

When sending an encrypted message from their booking system,, it is listed in Outlook as an encrypted message - that is, it has the little padlock icon and the preview doesn't render, instead a message saying the message must be opened to preview it. Double clicking on the message to open it results in the "Cannot Open message, digital ID not found in the underlying blah blah blah". This system used to work perfectly until they upgraded to Outlook 2003 because they needed some Exchange functionality that 2000 did not give them. It seems odd the very same key would work with one version and not the other, and not just on one machine but now on two that have had the Outlook 2003 upgrade installed.

Perhaps the key/certificate missing in Trusted People is a clue? If it should be there, I can manually put it there (or install it there) but will this register within Outlook? It doesn't seem to when I have done that in the past - I still get the "there are no certificates" message when I try to set up message security/encryption.

Thanks for your time. Dave Thompson.
 
Status
Not open for further replies.
Top