I'm in the process of migrated my users from Exchange 2010 SP3 to Exchange 2013 SP1 and have come across a problem with the S/MIME configuration. I have followed the technet articles regarding S/MIME configuration and have an in house CA, setup the virtual certificates repository and have valid user certificates. I followed the below articles:
https://technet.microsoft.com/en-us/library/dn554259%28v=exchg.160%29.aspx
https://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx
https://technet.microsoft.com/en-us/library/dn626155(v=exchg.150).aspx
I currently have 2 users mailboxes on this exchange server. Both have valid "User" certificates but for some reason only 1 is able send encrypted email, but both are able read encrypted email. I'm not sure if it is a permissions issue or not but my Admin mailbox which was created during installation is the one that is able to both send/receive encrypted emails and my user mailbox can only read encrypted emails.
Both accounts S/MIME settings shows that I have the latest S/MIME version installed 4.0500.15.0.1178.4
I began looking into Set-SMIMEConfig -OWAEncryptionAlgorithms from the below URL hoping this would help. Initially the OWAEncryptionAlgorithm is only set to "6610" but I was unsure what encryption algorithm my User certificate uses so I added all the possible encryption algorithms with no luck.
https://www.granikos.eu/en/justcantgetenough/PostId/178/the-mysterious-exchange-smimeconfig-algorithms
At this point my main "User" account is unable to encrypt or sign emails. The options to Encrypt or Digitally Sign the emails under Message options are grayed out so I can't even select the options. If I go to Gear Icon-->S/MIME Settings and check all 3 options and save it my messages still do not go out encrypted.
I'm really stumped on this one right now. Any ideas? Everything worked fine on my Exchange 2010 setup.
Below is my Get-SMIMEConfig, anyone see anything wrong with this?
[PS] C:\Windows\system32>get-smimeconfigRunspaceId : fadaa926-249c-4e89-b6b9-65e6e14119c4
OWACheckCRLOnSend : False
OWADLExpansionTimeout : 60000
OWAUseSecondaryProxiesWhenFindingCertificates : True
OWACRLConnectionTimeout : 60000
OWACRLRetrievalTimeout : 10000
OWADisableCRLCheck : False
OWAAlwaysSign : False
OWAAlwaysEncrypt : False
OWAClearSign : True
OWAIncludeCertificateChainWithoutRootCertificate : False
OWAIncludeCertificateChainAndRootCertificate : False
OWAEncryptTemporaryBuffers : True
OWASignedEmailCertificateInclusion : True
OWABCCEncryptedEmailForking : 0
OWAIncludeSMIMECapabilitiesInMessage : True
OWACopyRecipientHeaders : False
OWAOnlyUseSmartCard : False
OWATripleWrapSignedEncryptedMail : False
OWAUseKeyIdentifier : False
OWAEncryptionAlgorithms : 6602:40;6602:56;6602:64;6602:128;6601;6603;660E;660F;6610
OWASigningAlgorithms : 8804
OWAForceSMIMEClientUpgrade : True
OWASenderCertificateAttributesToDisplay :
OWAAllowUserChoiceOfSigningCertificate : True
SMIMECertificateIssuingCA : {0, 0, 0, 0, 67, 69, 82, 84, 4, 0, 0, 0, 1, 0, 0, 0...}
SMIMECertificatesExpiryDate : 11/23/2018 1:24:50 PM
SMIMEExpiredCertificateThumbprint : THUMBPRINT DATA
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Smime Configuration
DistinguishedName : CN=Smime Configuration,CN=Global Settings,CN=DOMAIN,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=int
Identity : Smime Configuration
Guid : ff4344dd-148e-4b24-95e0-ee97424245ae
ObjectCategory : DOMAIN.int/Configuration/Schema/ms-Exch-Container
ObjectClass : {top, container, msExchContainer}
WhenChanged : 6/1/2016 11:29:50 AM
WhenCreated : 5/25/2016 10:27:18 AM
WhenChangedUTC : 6/1/2016 3:29:50 PM
WhenCreatedUTC : 5/25/2016 2:27:18 PM
OrganizationId :
Id : Smime Configuration
OriginatingServer : DC.DOMAIN.int
IsValid : True
ObjectState : Unchanged
----E----