Cannot sign or encrypt this message certificate error when sending from Outlook solved!

Ever see this when trying to send messages form your outlook?

encryptedemailerror

The error reads: “Microsoft Office Outlook cannot sign or encrypt the message because you have no certificate which can be used to send from the email address…”  Some people have even reported seeing the “Welcome to E-Mail Security” screen, which keeps asking them to “Get Digital ID.”

First thing, if you haven’t made any changes to your Outlook Settings, you should report this to your IT department or tech consultant. It likely means that your email server’s SSL certificate has expired! But if you might have done some tinkering, you’re in luck, because this is a very simple fix. 

It’s just a checkbox that you may have checked because you wanted your email to be safe. Unfortunately, you can’t just check the box (as easy as it looks) – it requires set up on the server to actually encrypt your mail, and for that to work, it needs a valid SSL security certificate. It could be that you do normally encrypt your messages, but your certificate has expired! In the mean time, here’s your workaround:

The setting is called “Encrypt Contents and attachments for outgoing messages” and I have instructions below on how you find it.

 

In Outlook 2007 and 2010:

  1. Click Tools.
  2. Click Trust Center.
  3. Click E-mail Security on the left.
  4. Uncheck the top box that says “Encrypt Contents and attachments for outgoing messages.”
  5. Click OK.

You’re all set!  Now try sending another email, and the error should leave you alone.

How to create strong but easy to remember passwords

Thursdays are the day of the week when I post some personal thought, but this week I’m thinking about passwords, so this will be a bonus “From the Help Desk” tip!

Password policies get out of hand, sometimes. I understand the need to be secure, but I will never understand why we IT nerds make it so difficult for the rest of you. We require your password to be at least 8 characters long. It must meet 3 of the 4 following requirements: 1 (or more) upper case letter, 1 (or more) lower case letter, 1 (or more) special character, and 1 (or more) number. Oh, and it can’t be similar to any of your 25 previously used passwords. It can’t have more than 2 sequential letters or numbers (sorry, ghillieSuit123, you didn’t make the cut!), and if it includes an identifiable portion of your first or last name, it will be rejected. We also lock you out after multiple log-in attempts (to prevent others from “cracking” or “brute forcing” your password by going throug the dictionary one word at a time).

Did you follow all of that? Me neither, and I’m one of those people responsible for making it all up. And that’s my problem with passwords. We make them so insanely complex that everyone needs to write down their passwords. Defeating the entire purpose of the password. Now, it’s true, people think mostly that a slip of paper in a desk drawer isn’t a huge security risk in this day and age. Computer crimes, password theft, etc… it all happens in the ether when groups hack large databases and steal hundreds of thousands of passwords at a time (as was the case very recently at my regional power company). But if you think that nobody would ever try to break in and steal your computer, you’re sadly mistaken. And some may go far enough to look for the passwords to go along with them. These things do still happen.

Or, more likely, it could still just be as simple as a co-worker taking the information and impersonating you on the network and getting you fired. Anything can happen. We want your password to be secure, but I’m on your side: I hate that we make you change them so frequently. If we could trust you to just not give your password out, then you would have one password, and not have to write it down. It’s frustrating. But unfortunately, it doesn’t look like the “password policy” is going to change any time soon.

So here’s what you can do about it. There are some simple services that will help you adhere to password policies in effect where you work. One will help you determine if your password is strong (or generate a strong password for you to use). That site is at HowStrongIsMyPassword.com. A more fun website to see if you’re really safe is HowSecureIsMyPassword.net. This website really entertains me. You can put in your real password and see how long it’s expected that a modern computer would take to crack your password. My “work” password, according to the website, would take 102 million years to “crack” if a hacker were to try some sequential combination of characters (example: a? ab? abc? a-z? ba? bb? bc? and so on, until all possible combinations of letters and numbers, symbols, and numbers are exhausted). While it’s an impressive number, it’s all for naught if somebody can just look on my desk and find my password on a post-it on my monitor.

So just do your part to make your password fun. Most systems, like the computer in your typical office, will gladly accept characters such as spaces and even “!” exlamation marks. I encourage you to write a sentence with your password. Try it! It’s easier to remember, and harder to guess – even if someone knows you. For example, according to HowSecureIsMyPassword.net, it would take 62 sextillion years to crack your password if you made it something as simple to remember as “This is my password!” Another simple password to remember could be “I listened to 45’s growing up!” – not an easy thing to guess, and to crack, it could take 24 duodecillion years! So go on, try it!

I would like to thank DarkMethod45 for sharing “How Secure…” link with me, and inspiring part of this article.

Resetting your TCP/IP Stack

People have all kinds of nerdy reasons that they may need to reset their TCP/IP Stack. For me, I was unable o connect to Games for Windows Live. But if you ever find yourself offline and stranded with not internet connection except the browser on your smartphone, it may be a good idea to try resetting your TCP/IP stack!

All of the nerds and geeks on the internet will just tell you that, matter-of-factly, without ever telling you how. Here are some very good basics that you can try to troubleshoot yourself, when you don’t have internet access, network connectivity isn’t working, or when some things work and somethings don’t. Why do these features get so messed up? The world may never know. But it’s good to know there’s a few things you can do to try and fix it, apart from rebooting your modem and router! 😉

The following assumes you have at least local Administraor rights on your computer (most people do, to the distress of millions of IT folk).

First: Reset WINSOCK:
XP: Click Start, then Run, and type in CMD and press enter.
Vista/7: Click Start, then type CMD (in the Search Programs an Files bar at the bottom) and press enter.

This will bring up a familiar black Command Prompt Window. In there, type the following, and press enter:

netsh winsock reset

After rebooting the computer, see if that helped. No? Alright, that was just the WINSOCK portion of things, now let’s try resetting the whole TCP/IP stack.

Open a command prompt, same as above. Then type the following as a single line:

netsh int ip reset c:\resetstack.txt

And, of course, reboot the computer. Did that help? If not, then at least you can say you’ve tried – but I was lucky and this resolved a very strange issue for me where literally everything else I was trying was working, except communicating with the Games for Windows Live service, which is why I have to give credit for the inspiration of this post to a user who calls himself “eastmanblues” on the Xbox Live forums.

Adding another user's mailbox in Outlook, using BPOS & Office 365

This week’s post is another slightly more advanced one, so I apologize, but if you share this with your IT department, they’ll have no excuses! So you want full access to another user’s mailbox. It can be done, and has been done, with Exchange servers around the world. However if you need to do this in Microsoft’s Busness Productivity Online Suite (BPOS), then how in the world do you do it?

It used to be you could go to your Exchange server, find the user who is going to share their info with another user, and give them Send-As or Full-Access permissions. But where is that option in BPOS? It’s nowhere, that’s the problem. But that doesn’t mean you can’t do it.

First off, any user who is an Administrator in BPOS already has access to anybody’s mailbox under their domain. Meaning you can open up your Outlook client, go to your account settings, click Change, click More Settings, go to the Advanced Tab, then click ADD, and type a user’s name. It’s that easy.

But I haven’t answered your question, yet. WHAT ABOUT BPOS? Here’s the scoop. I figured this one out a few days ago and have only tested it in Business Productivity Online Suite. However, a support rep from Microsoft has “confirmed” that these commands should work in Office 365. Your mileage may vary.

Let’s say I have two users, Vera (vera@whutsit.com) and Dave (dave@whutsit.com). Vera needs full permissions to Dave’s email. She will be using the simple steps above to add Dave’s mailbox to her Outlook, however Vera is not a domain administrator, so a special permission will need to be created in the system. This is surprisingly easy to do.

An Administrator must run command in the Migration Command Shell (which was set up, at some point, during your migration to BPOS).

EXAMPLES

Enter the following cmdlets as ONE SINGLE COMMAND (any line breaks are due to web-design):
To GIVE Vera access to Dave’s mail:
Add-MSOnlineMailPermission -Identity vera@whutsit.com -TrustedUser dave@whutsit.com -GrantFullAccess $True

At some point down the road you may need to REVOKE that access:
Remove-MSOnlineMailPermission -Identity vera@whutsit.com -TrustedUser dave@whutsit.com -RemoveFullAccess $True

Note how the commands differe: the “Remove” not only at the beginning, but the end ofthe command, rather than “Add” and “Grant” respectively. I’m by no means an expert with this, but I certainly hope this helps someone out there!