Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Emails not encryptet or decrypted

Created: 11 Nov 2013 • Updated: 04 Feb 2014 | 17 comments
This issue has been solved. See solution.

I have installed and tried to configure the product to encrypt and decrypt my mails.

I have exchanged public key with somone outside my organization. I can manually encrypt and decrypt contents to and from him.

The problem is that no sendt or recived mails are automaticaly encryptet or decrypted on my side.

I have never seen the notifier-windos when I send or recive encrypted mail.

I am running the software on a windows 7 client against a Exchange 2010 mailserver. I have tried to install this product on 2 diffrent computers but no diffrence in behavior. I have also turned off all firewalls,AV and securitysettings on the client. I have uninstalled all add-ins on client to.

I have now enabled debugging: http://www.symantec.com/business/support/index?page=content&id=TECH149847 , and when I try to send an email with encryption-button on I get this in the log:

DE 14:44:15 MAPI Proxy: This message is not encoded and passed through without further processing.
DE 14:44:33 Received testconnection request
VE 14:44:33 Outlook Plugin: User encrypted a message with subject test p\u00229? encryption nr 100
DE 14:44:33 MAPI Store: [0x0002] Processing outgoing message from me me@company.no with subject: test p\u00229? encryption nr 100
IE 14:44:33 Processing outgoing message from me
me@company.no  with subject: test p\u00229? encryption nr 100
DE 14:44:33 MAPI Proxy: ..\shared\OCconnection.cpp : Line 239 : Echo::oc::OCconnection::SetServerInfoFromCache
DE 14:44:33     PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)
DE 14:44:33             Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)
DE 14:44:33 MAPI Proxy: SendImmediatelyIfConnected get outlook object returns hr 0x0.
DE 14:44:33 MAPI Proxy: Send immediately when connected checked 1
DE 14:44:33 MAPI Proxy: Outlook ExchangeConnectionMode 800 bConnected 1
DE 14:44:33 MAPI Proxy: Doing send and receive with send group <Programmapper>
DE 14:44:33 MAPI Proxy: Doing send and receive with send group <Programmapper> returns hr 0x0.
DE 14:44:35 Received testconnection request
DE 14:44:35 Received testconnection request
DE 14:44:35 MAPI Proxy: Getting parent folder.
DE 14:44:35 Received testconnection request
DE 14:44:35 Received testconnection request
IE 14:44:35 Processing message me  me@company.no with subject: test p\u00229? encryption nr 100
DE 14:44:35 MAPI Proxy: This message is not encoded and passed through without further processing.
 

Can someone please help

Sondre

Operating Systems:

Comments 17 CommentsJump to latest comment

Japke's picture

Looking at the following line in your log:

DE 14:44:33 PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)

I would suspect that mail processing is disabled, or that your license does not include messaging (but I think you would see a different message in the logs). Could you check if messaging is enabled correctly, opening the client and in the top menu you select "Messaging" there should be an option to enable/disable messaging.
Also try if removing the current messaging services and have them automatically recreated solves the issue. See also the following article.

Troubleshooting: PGP Messaging Services for Windows
http://www.symantec.com/docs/TECH149410

I am no longer a Symantec employee.

Sondreha's picture

Sorry for late answer.

I have checked, and Messaging is enabled. I have tried to remove it, but it is noe automatically created again. It has newer been that on any of my testinstallations.

Sondre.

dcats's picture

Hi Sondreha,

You need that service running to be able to intercept and encrypt/decrypt email messages.
Righ-click the service name and ensure it is enabled.

After, send a test message adding [PGP] in the subject. If this message is encrypted or blocked, then it is working.
In this scenario, you should change the policies you have associated to that messaging service and adjust it according to your needs. Something usual is to force encryption to a certain recipient domain and/or when the message is set as Confidential.

HTH,
dcats

Sondreha's picture
I have testet sending mail with both PGP in subject and by cliking the links I get the same in the log. I do not get message encryptet or blocked.
 
Here is part of the log:
 
10:19:55 Email  Debug MAPI Store: [0x0003] Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: [PGP] kode


10:19:56 Email  Info Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: [PGP] kode


10:19:56 Email  Debug MAPI Proxy: ..\shared\OCconnection.cpp : Line 239 : Echo::oc::OCconnection::SetServerInfoFromCache


10:19:56 Email  Debug PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled) 


10:19:56 Email  Debug Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)


10:19:56 Email  Debug MAPI Proxy: SendImmediatelyIfConnected get outlook object returns hr 0x0.


10:19:56 Email  Debug MAPI Proxy: Send immediately when connected checked 1


10:19:56 Email  Debug MAPI Proxy: Outlook ExchangeConnectionMode 800 bConnected 1


10:19:56 Email  Debug MAPI Proxy: Doing send and receive with send group <Programmapper>


10:19:56 Email  Debug MAPI Proxy: Doing send and receive with send group <Programmapper> returns hr 0x0.


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Debug MAPI Proxy: Getting parent folder.


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Debug MAPI Proxy: Getting parent folder.


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Debug Received testconnection request


10:19:57 Email  Info Processing message from Hågensen Sondre <me@company> with subject: [PGP] kode


10:19:57 Email  Debug MAPI Proxy: This message is not encoded and passed through without further processing.

Is there any settings in Outlook that I should look at?

Sondre.

dcats's picture

Hi Sondre,

Please confirm that you followed this checks:

1. Close Outlook and exit PGP Services (right-click on the icon in the icontray (padlock) and select Exit PGP Services)- and ensure the processes are terminated

2. Start first PGP Desktop/SED client, only after start Outlook

3. Ensure you have a license for messaging. Right-click on the icon in the icontray > select About PGP Desktop (or Symantec Encryption Desktop) > click on the License button, move the mouse over the PGP Messaging box - this should show that the feature is included in the license. The license should be valid (or set to Never) - see the License Expiration.

4. Open the client PGP Desktop or SED > click on PGP Messaging, right-click the service name and ensure it is enabled.

5. What is the version of PGP Desktop/SED you are using? You need to check the system requirements of see if is compatible with the Outlook/Exchange versions you are using. Which is the version of Outlook?

See also: Troubleshooting: PGP Messaging Services for Windows - TECH149410

HTH,
dcats

Sondreha's picture

1. I have done this a lot of times already
2. I have done this a lot of times to
3. Yes I have a valid license
4. Yes it is enabled
5. I have version 10.3.1(Build 13100) PGP SDK 4.2.1

Sondre.

dcats's picture

Hi Sondre,

Is this a standalone client or managed by a Symantec Encryption Management Server?
If standalone, how are the Security Policies configured [PGP Messaging > click on the service name usually "user@domain.tld"]?
Note that they are evaluated top down.

What are the server settings in the SED client messaging service?

Are you using standard ports for connecting to the Exchange server? How is the Outlook configured?
As per TECH149410, "5. If SSL/TLS is enabled in your email client, you must disable it there if you want PGP Desktop to proxy your messaging."

Rgs,
dcats
 

Sondreha's picture

This is a standaloen client. No server.

Here is my settings attached

Sondre.

pgp-policy-settings.JPG pgp-serversettings.JPG pgp-outlook-sslsetting.JPG
dcats's picture

Hi Sondre,

- If you are using POP, SMTP you need to have selected Internet Mail, the MAPI/Exchange will work only if you are using the MAPI protocol).
Can you try modifying the Server Type to Internet Mail and see if it works?

- Are you using Outlook 2010 or 2013?

From Symantec Encryption Desktop 10.3.1 for Windows Release Notes - DOC6697

--- snip ---

Compatible Email Client Software
Symantec Encryption Desktop for Windows will, in many cases, work with Internet-standards-based email clients other than those listed here. Symantec Corporation, however, does not support the use of other clients.

Symantec Encryption Desktop for Windows has been tested with the following email clients:
Microsoft Outlook 2013 (32- and 64-bit)/Exchange Server 2010 (on-premise only)
Microsoft Outlook 2013 (32- and 64-bit)/Office 365 Cloud Server
Microsoft Outlook 2010 (32- and 64-bit)/Exchange Server 2010 (on-premise only)
Microsoft Outlook 2010 (32- and 64-bit)/Office 365 Cloud Server
Microsoft Outlook 2007 SP2 (Outlook 12)/Exchange Server 2007 SP2
Microsoft Outlook 2007 SP2 (Outlook 12)/Office 365 Cloud Server
Microsoft Outlook 2003 SP3/Exchange Server 2003 SP3
(...)

--- snip ---

- Please check the data of PGPSTAMP under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP

- I see your name contains a special character (the second letter), can you create a test key with standard letters for testing purposes? Just to discard some incompatibility issue with special characters in the user ID.

Rgs,
dcats

Sondreha's picture

I have now changed to Internetnet Mail and tryed to send a mail with encryption on by the button.

I get this in the log:

12:55:00 Email Debug Received testconnection request

12:55:00 Email Verbose Outlook Plugin: User encrypted a message with subject TEST button

12:55:12 Email Debug MAPI Store: [0x0007] Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: TEST button

12:55:12 Email Info Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: TEST button

12:55:12 Email Debug MAPI Proxy: ..\shared\OCconnection.cpp : Line 239 : Echo::oc::OCconnection::SetServerInfoFromCache

12:55:12 Email Debug PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)

12:55:12 Email Debug Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)

12:55:12 Email Debug MAPI Proxy: SendImmediatelyIfConnected get outlook object returns hr 0x0.

12:55:12 Email Debug MAPI Proxy: Send immediately when connected checked 1

12:55:12 Email Debug MAPI Proxy: Outlook ExchangeConnectionMode 700 bConnected 1

12:55:12 Email Debug MAPI Proxy: Doing send and receive with send group <Programmapper>

12:55:12 Email Debug MAPI Proxy: Doing send and receive with send group <Programmapper> returns hr 0x0.

12:55:12 Email Debug MAPI Transport: [0x0008] Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: TEST button

12:55:12 Email Info Processing outgoing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: TEST button

12:55:12 Email Debug MAPI Proxy: ..\shared\OCconnection.cpp : Line 239 : Echo::oc::OCconnection::SetServerInfoFromCache

12:55:12 Email Debug PGPOvidClientSetServerInfo returned with error code -13895(kPGPError_OCC_MailProcessingDisabled)

12:55:12 Email Debug Received OCC error ecServiceDisabled PGPError: (PGPError #-13895)

12:55:14 Email Debug MAPI Proxy: CMSLogon::OpenEntry calls OCMAPI_OpenEntry failed with 0x8004010f.

12:55:21 Email Debug Received testconnection request

12:55:21 Email Debug Received testconnection request

12:55:21 Email Debug MAPI Proxy: Getting parent folder.

12:55:21 Email Debug Received testconnection request

12:55:21 Email Debug Received testconnection request

12:55:21 Email Info Processing message from Hågensen Sondre <sondre.haagensen@npt.no> with subject: TEST button

12:55:21 Email Debug MAPI Proxy: This message is not encoded and passed through without further processing.

I have attached a image showing my registrysettings:

I am using MS Outlook 2010 32bit. (14.0.7109.5000) SP2 MSO (14.0.7106.5003)

Sondre.

pgp-PGPSTAMP.JPG
dcats's picture

Hi Sondre,

My apologies, I noticed now from the log you posted, that you are probably using MAPI. You need to confirm this in the Account Settings of outlook.
If so, please set it back the Server Type to MAPI/Exchange.

Reviewing the screenshots, I've seen that the PGP Messaging might be misconfigured, the email address domain is npt.no, but the server name ends with an A, nptA.no. Is this correct?

Even if it is correct, please configure the service with:
Incoming Server: * (just the star, nothing else - this is a wildcard)
Outgoing Server: *

Restart the PGP services and Outlook.
Please let me know if this helps.

Thanks,
dcats

dcats's picture

Hi Sondre,

Taking into consideration the server name it seems you may have a server with Client Access server (CAS) role, which is one of the possible roles for Microsoft Exchange Server.
To the best of my knowledge CAS does not store any mailboxes and the issue may be deriving from the redirection to the server containing the mailbox.

I'm not sure if this would be looking like a configuration of Exchange Server 2010 on-premise.
Let's see if the wildcard can deal with this, otherwise you may need to insert the exchange server FQDN, instead.

Rgs,
dcats

Japke's picture

Just as a FYI on the Exchange / Outlook part.
Outlook only talks to the Client Access Server role if this is Exchange 2010 / 13 (on-premise or hosted that does not matter), the CAS talks to the Mailbox Server role for the mailbox details and acts in between the mailbox server and the client. It will not talk MAPI directly at the mailbox server ever.
You can install both roles on 1 server, or split them out on different servers - but that does not really make any difference for Outlooks connections.
And encryption desktop should support both on-premise as hosted Exchanges if I remember the release notes correctly.

I am no longer a Symantec employee.

dcats's picture

Thanks Japke! Good to know.

Sondreha's picture

Hello,

I have now solved this case with very good help from Magne https://www-secure.symantec.com/connect/user/magnel-0

He told me that it could be a problem if the keychain was on a synced area, as my keychain was.

I moved them to a local disk and I also unchecked the setting for "copy keys to default area"

I uninstalled the software, and deleted folders on my PC.

Reinstalled and pointed to keys on local disk and then suddenly the wizard that sets up the "Messaging Service" started and everything configured like it should.

So this case can now be marked as closed successfull.

SOLUTION
dcats's picture

Thank you for the update Sondre!