Outlook configured on Windows 8 required elevation in order to access private key

I re-post the question as the advice from  Arthur Xie originated from this thread: http://social.technet.microsoft.com/Forums/en-US/W8ITProPreRel/thread/c53a736d-ebde-4f80-95ef-c9b79c30dc01 I hope I am not polluting the forum, but I really would like to find an answer.

Installed and configured Microsoft Outlook 2010 on Windows 8 Preview. Import PFX into the CAPI store with high or medium level security into the Personal store. Use Outlook to send the secure massage to yourself. If Outlook runs without UAC elevation the compose window will hang during send of e-mail with sign and encrypt option. It will hang as well while trying to read encrypted message. Outlook will hang during start up if the first message in Inbox is encrypted. If user runs Outlook as administrator the password prompt dialog comes up and Outlook works in all the cases above.

Outlook should not have administrator privileges to access personal certificate store.

Over there is the additional info I provided to "Support Engineer" and didn't get any answer: http://answers.microsoft.com/en-us/office/forum/office_2010-outlook/outlook-configured-on-windows-8-required-elevation/c0090c0c-ab8d-4dea-9306-7d86ec2f9116

Could someone address the issue?

Thanks


August 21st, 2012 6:50pm

This is happening to me on the final release of Windows 8 from MSDN.  It seems the problem occurs with me when I add a digital signature to outgoing messages.  Outlook just hangs and will NOT send the message out.  I have to kill Outlook then remove the digital signature option on outgoing mail for the email to go out.  Before I upgraded to Windows 8, everything works find.

 

Tim

Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2012 12:52am

Hi,

Since you are facing this issue on Windows 8 and this is new product and not released to market , i would suggest you to open support case with Microsoft to deal with this issue.

You can contact customer central on 1-800-936-4900 or you can create online case by visiting website http://support.microsoft.com/oas

Thanks

August 29th, 2012 10:57pm

We have set up new hardware to install Windows 8 RTM  as suggested by  "kingdomware" (Thanks a lot for tip). Unfortunately the issue described in the thread is still present on this Windows version as well. I didn't post anything just because I wanted to collect more information of versions of Outlook, to identify exactly if this is Windows 8 problem or Outlook. For now it looks like Windows 8. (All other systems work properly) Yes we are collecting information and will open a ticket with Microsoft under our MSDN subscription. Thanks all for input.  
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2012 11:07pm

I too am having the same issue sending messages.  After finding this thread in a search I disabled my default setting for signed messages and I can now send messages again.  My installation was a in-place upgrade from Windows 7 to 8 RTM upgrade where Office 2010 was already installed.  I had previously tried disabling add-ons and running an Office repair to no avail.  I hope that a quick resolution comes from MS on this since I have told my clients that if they had any doubts about the origin of email from me that they should look for the digital signature.  I also tried removing the digital cert from Outlook and my profile and putting the setting back to no avail.

-felipe

September 7th, 2012 1:08am

Felipe I have wrote the latest status on the issue over here: http://answers.microsoft.com/en-us/office/forum/office_2010-outlook/outlook-configured-on-windows-8-required-elevation/c0090c0c-ab8d-4dea-9306-7d86ec2f9116?auth=1

Bottom line the ticket which was opened against Windows 8 was transferred to Outlook team now and so far we didn't hear anything from them as they have all information they needed.

All the best.

Free Windows Admin Tool Kit Click here and download it now
September 7th, 2012 5:32pm

The following is the quote from Microsoft Windows 8 team regarding the support request submitted:

"Weve committed a fix for this issue to ship as part of a roll-up in the second week of December on Windows Update. We still need dev and test to complete their triage and then well take it to ship room for approval. My guess is that this will be approved."
I thought ppl may interested to know. Beast regards.
October 17th, 2012 10:50pm

I have same problem and waiting for that update... really neccesary. Thanks for the posting

regards

Free Windows Admin Tool Kit Click here and download it now
November 8th, 2012 2:40pm

Unfortunately the information has been changed. The following is the quote from follow up e-mail from Windows 8 development team regarding our case ...

"We are working towards a fix but the fix has a higher level of risk and so we

expect this to take some time to complete. We had originally thought we would be able to have a fix for December but thats now unlikely. Were re-evaluating when we think we can have this done. Were hoping for January but cant yet commit. I will continue to provide you such updates as and when they become available. That said..purely from an administrative standpoint may I please archive the case for now."

This means the fix is serious enough to get more attention and will be rolled out later, hopefully in January. But they fixed the issue and wanted to archive the case.

Best regards.

November 8th, 2012 5:45pm

Oh wow I have the same problem

Free Windows Admin Tool Kit Click here and download it now
November 12th, 2012 1:41pm

+1 for that. It's very annoying that MS do nothing about it. Some ETAs will be good. I used to send signed mails and now I'm forced to abandon it. Outlook is used mainly for professional purposes, but now it's useless and unsafe.
December 18th, 2012 1:49pm

Hi everyone

Following steps will fix this.

1. Delete SMIME certificate from the Outlook.

or

2. Delete from User personal store.

IMPORTANT STEP

3. Import SMIME certificates from Internet Explorer. Go to IE options | Content | Certificates| Import.

Step 3 will fix this issue. 

Ravi

Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2013 1:22am

Hello Ravi,

I believe you didn't fully understand the issue or just didn't read the description carefully. What your solution does is just simple re-import of the pfx with low security settings. But this wasn't the issue at the beginning. The issues with Outlook happen when pfx imported into the CAPI store with medium or high security setting.

From myself I would like to add ahead information that our company's got the private fix to verify and it's failed. We have send back to Microsoft our observation and so far didn't hear any response. This unfortunately may means that the fix will be rolled out later than January, as I mention before. 

Best regards.

January 3rd, 2013 10:39pm

As of my reply from January 3:

From myself I would like to add ahead information that our company's got the private fix to verify and it's failed. We have send back to Microsoft our observation and so far didn't hear any response. This unfortunately may means that the fix will be rolled out later than January, as I mention before. 

We are not the first time submitting the tickets to Microsoft and it always takes about half a year to get the fix or private fix. Well we just need to be patient and wait a bit more.

Best regards.

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2013 11:17pm

I solved the issue without any help from Microsoft or bugfix.

The thing is, when you import your certificate from Outlook, it didn't import all the certificate stuff. So I tried to import the certificate again from the certmgr.msc.

First I have deleted my certificate from the store. Then I have imported the certificate from the .pfx file. At last I relaunched my Outlook 2013 (not as an Admin) and I succeeded to read crypted e-mails and to signed or encrypt my e-mails.

One of my co-worker had the same issue with Oultook 2010 and the method worked also for him. We're both running Windows 8.

Hope that help

January 17th, 2013 2:31pm

FYI: The fix from Windows 8 team was tested in our environment and it worked. The current reply from Microsoft support as follow:

"The target date for the fix has been moved out to sometime in March at this time."

They should inform us again when this fix will be included into Windows update roll out and I'll post the date when we'll have one.

Best regards.

Free Windows Admin Tool Kit Click here and download it now
January 30th, 2013 5:36pm

wow... 8 months from first occurence of this bug in public... please somenone post a note, when the bugfix will be available. We have the same issue.
February 1st, 2013 1:13pm

FYI: The fix from Windows 8 team was tested in our environment and it worked. The current reply from Microsoft support as follow:

"The target date for the fix has been moved out to sometime in March at this time."

They should inform us again when this fix will be included into Windows update roll out and I'll post the date when we'll have one.

Best regards.


A good thing that for "sometime in March" are just a few days left... I hope this gets fixed, soon!
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2013 1:56pm

Heres the update I just received:

 

"Were targeting 2<sup>nd</sup> week of April for a hot fix release.

As far as getting it on Windows Update, ETA for that would probably be May or June at the latest."

As long as we will be informed on the hot fix location I'll post it.

Best regards.

March 18th, 2013 4:26pm

Thanks Duchiant!

Using certmgr.msc and importing into personal store worked for me!

By my choice Im using low Security.


Free Windows Admin Tool Kit Click here and download it now
March 21st, 2013 4:00pm

No offence to Knuckles or The SandS but the topic is totally different on discussion you are started. Please do not post any longer irrelevant information or I will report as offtopic discussion in my thread. Open your own discussion and move on with it if you do not interesting in resolution of the original issue any longer. To clean up the thread I advise you to delete your posts not related to original issue. As the originator of this thread I do not want to see any more e-mails not related to the issue.

All the best.

March 27th, 2013 4:29pm

DUCHIANT FOR PREZ!

You sir are a GENIUS!!! It worked like a charm!!!!

load the cert into certmgr.msc

Free Windows Admin Tool Kit Click here and download it now
April 14th, 2013 1:16am

I glad to inform the hotfix for the original issue described is finally available and can be downloaded from here: 

http://support.microsoft.com/kb/2813237

It is uncertain at this point whether MS will push this out via Windows Update at all.

We are arguing with them that they should.

I believe this is the final answer for the thread. Thanks everyone for support and all the waiting time.

May 21st, 2013 4:50pm

The hotfix for the original issue described is finally available and can be downloaded from here: 

http://support.microsoft.com/kb/2813237

Thank you!

Free Windows Admin Tool Kit Click here and download it now
May 21st, 2013 4:55pm

We have developed our own CSP and it has been working fine for years with Windows XP, Vista and Win 7 and OutLook 2K7, 2K10, etc for email signing and decryption. On Win 8 platform though, when OutLook 2K13 starts up and the topmost mail is encrypted, the Decrypt call (which puts out a custom GUI to collect PIN for private key access) freezes OutLook, and finally crashes it after PIN collection.

I have applied the recommended MS hotfix 2813237 but the hang/crash problem persists.

In our case, the Key Store is not Windows Store, and our CSP shows a custom GUI to collect PIN for private key access on OutLook.

Thanks for any inputs.


July 16th, 2013 11:56pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics