Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

When you reply to or forward a signed or an encrypted e-mail message, the message is sent without encryption in Outlook 2007 and Outlook 2010


View products that this article applies to.

Symptoms

Consider the following scenario. You install a valid S/MIME certificate on a client computer. You do not configure the certificate for Microsoft Office Outlook 2007 and Outlook 2010. If you reply to or forward a signed or an encrypted e-mail message, the message is sent without encryption in Outlook 2007 and Outlook 2010. However, in this scenario, you do not receive a warning message that states that the message is sent without encryption.

↑ Back to the top


Resolution

When the following registry value explained below is set, Outlook automatically tries to sign or encrypt a reply or a forwarded message that was originally signed or encrypted by using S/MIME. If you have a secure e-mail certificate that is already configured in Outlook, it will be used. If you have a secure e-mail certificate installed in Windows and it matches the e-mail address of the account that you are using in Outlook, Outlook will automatically configure the certificate for its use. See Microsoft Knowledge Base article 941275 for more information about how Outlook automatically configures an e-mail certificate.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

Outlook 2010


To have Outlook 2010 automatically encrypt a message that you are forwarding and that was originally encrypted, configure the NoCheckOnSessionSecurity registry entry. To do this, follow these steps:
  1. Start Registry Editor.
    • In Windows Vista or Windows 7, click Start
      , type regedit in the Start Search box, and then press ENTER.

      If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    • In Windows XP, click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type NoCheckOnSessionSecurity, and then press ENTER.
  5. Right-click NoCheckOnSessionSecurity, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.

Outlook 2007

To have Outlook 2007 automatically encrypt a message that you are forwarding and that was originally encrypted, use the following steps.

Apply the hotfix that is described in Microsoft Knowledge Base article 973404. Then, set the value of the NoCheckOnSessionSecurity registry entry to enable the hotfix package. To do this, follow these steps:
  1. Apply the following hotfix:

    973404 Description of the Outlook 2007 hotfix package (Outlook-x-none.msp): August 25, 2009
  2. Configure the
    NoCheckOnSessionSecurity
    registry entry. To do this, follow these steps:
    1. Start Registry Editor.
      • In Windows Vista or Windows 7, click Start
        , type regedit in the Start Search box, and then press ENTER.

        If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
      • In Windows XP, click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:
      HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type NoCheckOnSessionSecurity, and then press ENTER.
    5. Right-click NoCheckOnSessionSecurity, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. Exit Registry Editor.
Note If there is no secure mail certificate installed on the workstation, Outlook cannnot send a signed or encrypted S/MIME message. In this scenario, if the registry value below is configured, the following error message will be displayed.

Microsoft Outlook 2010

Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address '<e-mail address>'. Either get a new digital ID to use with this account, or use the Accounts button to send the message using an account that you have certificates for.

Microsoft Outlook 2007

Microsoft Office Outlook could not sign or encrypt this message because you have no certificates which can be used to send from the e-mail address e-mail address.

You can do either of the following:

Get a new digital ID to use with this account. On the Tools menu, click Options, click the Security tab, and then click Get a Digital ID.

Use the Accounts button to send the message using an account that you have certificates for.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: kbsurveynew, kbqfe, kbexpertiseinter, KB974334, kbsurveynew, kbqfe, kbexpertiseinter, KB974334

↑ Back to the top

Article Info
Article ID : 974334
Revision : 3
Created on : 5/13/2010
Published on : 5/13/2010
Exists online : False
Views : 637