06-19-2013 06:20 AM
I installed the new Email Security Plug-in 7.3 but now the Encrypt Message button does not work. It is grayed out and unavailable when I attempt to create a new message.
I first tried installed 7.3 over the previous version but every time I opened Outlook I received an error message about XML not loading. I uninstalled the plugin, rebooted and installed it clean and that took care of the XML message. But I then found the encrypt button issue and have not been able to solve that issue. This is not isolated to my machine as I have tried installing it on another machine that never had the plug-in installed before.
06-19-2013 08:52 AM
Did you ever find a fix for this?
Environment:
Windows Server 2008 R2
Outlook Professional 2010 64 bit
Cisco Plug-in version 7.3.0.102
06-19-2013 08:54 AM
No, I just found the issue yesterday after installing the new version.
06-19-2013 08:55 AM
Thank you. I'll let you know if I find a solution for this.
06-19-2013 09:01 AM
Kurt, Jaime,
In Outlook go to File/Options, pick Add-Ins, click on the Add-in Options button
Click on the Encryption Options button... for your address what does it say at the right. (probably just "Decrypt")
Did you configure things info in this doc (page 2-5): http://www.cisco.com/en/US/docs/security/iea/plugin7.3/Cisco_Email_Plug-in_7.3_AdminGuide.pdf
I'm in the same boat, but when I do this, my install doesn't get configured.
Ken
06-19-2013 10:46 AM
Ken,
Yes, I am seeing that my account is showing Decrypt.
I don't understand why I need to follow the instructions on page 2-5 since it was working fine with the previous version. If the upgrade causes us to reconfigure the token for everyone that is a pain! Especially since I have not had to do anything when running previous upgrades.
06-19-2013 12:30 PM
My understanding is that they completely rewrote it, which is probably why an upgrade doesn't work well...
I did get one way of deploying figured out, the stuff on page 3-20 has some errors.
Here's what I did that works:
Do a clean install on a machine that doesn't have any plugin installed.
Copy the C:\Users\All Users\Cisco\Cisco IronPort Email Security Plug-In\Common directory and its contents to a network accsible share, say \\fs1\share\pluginconfig, so you now have \\fs1\share\pluginconfig\Common, etc...
Copy your BCE_Config_Signed.xml file to the Common folder
Rename that to config_1.xml
Edit the CommonEncryptionConfig.xml to have the following XML:
Now you can push the install with a command line that references the folder (the example on page 3-20 is wrong, no 's' ):
CiscoIronPortEmailSecurity-7-3-0-102.exe /exenoui /qn UseCustomConfig="\\fs\share\pluginconfig"
(if you're doing it on the same machine you did the clean install with, you should uninstall it first...)
Message was edited by: Ken Stieers
02-01-2016 09:07 AM
Ken, thanks so much for clarifying the instructions! Helped out a lot!
06-19-2013 12:19 PM
You will need to have a valid signed BCE config XML - this can be generated and provided from an administrator on your domain who has CRES admin rights. This is a new requirement with the 7.3 plug-in rollout in order to use the encryption feature for either desktop or flag encryption.
The CRES admin will need to send you (or any other end-user) an ecrypted email. Once you recieve and decrypt the email message direct from Outlook with the plug-in installed - the plug-in will run and load the XML settings and allow encryption as configured (desktop vs. flag).
Regards,
Robert
Content Security Technical Services - RTP, NC
Cisco Customer Interaction: 1-800-553-2447 / Outside US
06-19-2013 12:21 PM
Robert,
What if I am the CRES admin? Do I just send myself an encrypted message?
06-19-2013 12:33 PM
Correct. Login to your res.cisco.com/admin account, click the 'Accounts' tab, your account #...
Select the BCE_Config tab.
Then, download the template, upload to sign.
At the bottom - you'll see the section:
You can add that signed XML, and the CSV just needs your (and whoever else) email address - click Distribute Config --- and this will send the encrypted mail to you direct from your CRES admin account.
06-19-2013 12:37 PM
Robert,
I'm on a call with Cody... Ticket 626374801, and we have done it several times, and my install does NOT get configured. If I use the BCE Config page in CRES to send the email to my Yahoo account, it shows up as a securedoc.., but when I send it to myself, I just get the BCE_Config_Signed.xml (so decryption is working), but it doen't configure my install.
Ken
06-19-2013 01:02 PM
When you are opening the secure email --- are you opening the envelope or are you opening the "securedoc.html" from the email preview?
You should be double clicking on the envelope inbox --- and not the envelope preview area.
If that isn't working...
You can take the signed XML (BCE_Config_Signed.xml) and place it in your:
C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-In
Make sure that Outlook is closed.
Edit the name of the signed XML (BCE_Config_Signed.xml), and make it config_1.xml
06-19-2013 02:20 PM
We found the issue.
CRES was configured to send mail to us using TLS (Manage Accounts/Select your account/Features).
When you hit distribute, CRES will use TLS to send it, at which point the plug-in doesn't know what to do with it.
06-19-2013 03:19 PM
Robert or Ken, did this work for you? My "Encrypt Message" button is still greyed out.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: