Hi, We are attempting to enable a few users in our organization to send SMIME-encrypted Email. We are all part of a single AD domain. Each user has received a single certificate that is valid for both signing an encrypting. The problem that I am running into is that, although these certificates have been published in the users' AD profiles, when I attempt to send one of them an encrypted message, I receive a pop-up saying "Microsoft Office Outlook had problems encrypting this message because the recipient had missing or invalid certificates, or conflicting or unsupported encryption capabilities". As a test, I had one of the users go into the <Security> tab in Outlook options and manually select their SMIME certificate for both signing and encrypting, and then click the [Publish to GAL..] button. This worked fine, and afterwards, when I looked at the user's AD profile in an LDAP browser, I saw that they had a new property named "userSMIMECertificate" populated. However, the problem still exists. I am unable to send this user (or any of the other ones) an encrypted message. The certs were deployed about 24 hours ago at this point. Can anyone advise? Could it be that we're just experiencing a lag in synchronization between AD and the Exchange GAL? Any other ideas? Thanks in advance!

Hi, Please refer to the following KB articles: 870564 You receive the "Microsoft Office Outlook had problems encrypting this message" error message when you address an e-mail message to a LDAP recipient in Outlook 2003 http://support.microsoft.com/default.aspx?scid=kb;EN-US;870564 980029 "Microsoft Office Outlook had problems encrypting this message" error message when you send an encrypted e-mail message in Office Outlook 2007 http://support.microsoft.com/default.aspx?scid=kb;EN-US;980029 Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Thanks for the suggestion, but there isn't a foreign LDAP involved here; only AD and Exchange. Thanks, Mike

Hi, Based on my understanding, when encrypting, Outlook first look at userSMIMEcertificate (Publish to GAL) and if there is no valid certificate, continues with userCertificate (Published by CA). The behavior of OWA is to look in userCertificate and then in userSMIMEcertificate. As a result, I suggest that you check: Is the certificate published into userCertificate attribute? Do you encounter the issue with OWA? In addition, I think the following forums could be the better support pool to troubleshoot the issue: http://social.technet.microsoft.com/Forums/en-US/outlook/threads http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/threads This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Joson, Thanks for your help. We determined that the issue was occurring because we have our clients configured to run Outlook in cached mode, and the Offline Address Book was not being synchronized often enough. Once we corrected this, the issues went away. Thanks again!

Great. Thanks for your update and sharing. Have a nice day.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.