No, I just found the issue yesterday after installing the new version.

Thank you. I'll let you know if I find a solution for this.

Kurt, Jaime,

In Outlook go to File/Options, pick Add-Ins, click on the Add-in Options button

Click on the Encryption Options button... for your address what does it say at the right. (probably just "Decrypt")

Did you configure things info in this doc (page 2-5):  http://www.cisco.com/en/US/docs/security/iea/plugin7.3/Cisco_Email_Plug-in_7.3_AdminGuide.pdf

I'm in the same boat, but when I do this, my install doesn't get configured. 

Ken

Ken,

Yes, I am seeing that my account is showing Decrypt.

I don't understand why I need to follow the instructions on page 2-5 since it was working fine with the previous version.  If the upgrade causes us to reconfigure the token for everyone that is a pain!  Especially since I have not had to do anything when running previous upgrades.

My understanding is that they completely rewrote it, which is probably why an upgrade doesn't work well...

I did get one way of deploying figured out, the stuff on page 3-20 has some errors. 

Here's what I did that works:

     Do a clean install on a machine that doesn't have any plugin installed.

     Copy the C:\Users\All Users\Cisco\Cisco IronPort Email Security Plug-In\Common directory and its contents to a network accsible share, say \\fs1\share\pluginconfig, so you now have \\fs1\share\pluginconfig\Common, etc...

     Copy your BCE_Config_Signed.xml file to the Common folder

     Rename that to config_1.xml

     Edit the CommonEncryptionConfig.xml to have the following XML:

      Now you can push the install with a command line that references the folder (the example on page 3-20 is wrong, no 's' ):

            CiscoIronPortEmailSecurity-7-3-0-102.exe /exenoui /qn UseCustomConfig="\\fs\share\pluginconfig"

       (if you're doing it on the same machine you did the clean install with, you should uninstall it first...)

Message was edited by: Ken Stieers

Ken, thanks so much for clarifying the instructions!  Helped out a lot!

Robert,

What if I am the CRES admin?  Do I just send myself an encrypted message?

Correct.  Login to your res.cisco.com/admin account, click the 'Accounts' tab, your account #...

Select the BCE_Config tab. 

Then, download the template, upload to sign.

At the bottom - you'll see the section:

You can add that signed XML, and the CSV just needs your (and whoever else) email address - click Distribute Config --- and this will send the encrypted mail to you direct from your CRES admin account.

Robert,

I'm on a call with Cody... Ticket 626374801, and we have done it several times, and my install does NOT get configured.  If I use the BCE Config page in CRES to send the email to my Yahoo account, it shows up as a securedoc.., but when I send it to myself, I just get the BCE_Config_Signed.xml (so decryption is working), but it doen't configure my install.

Ken

When you are opening the secure email --- are you opening the envelope or are you opening the "securedoc.html" from the email preview?

You should be double clicking on the envelope inbox --- and not the envelope preview area.

If that isn't working...

You can take the signed XML (BCE_Config_Signed.xml) and place it in your:

C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-In

Make sure that Outlook is closed.

Edit the name of the signed XML (BCE_Config_Signed.xml), and make it config_1.xml

We found the issue.

CRES was configured to send mail to us using TLS (Manage Accounts/Select your account/Features).

When you hit distribute, CRES will use TLS to send it, at which point the plug-in doesn't know what to do with it.

Robert or Ken, did this work for you? My "Encrypt Message" button is still greyed out.