« HDMI Cables at a reasonable price | Main | OWA and 'loading...' message »
June 3, 2006
IE7 and OWA and S/MIME - ick!
Ugly, Microsoft is really trying to backtrack/retrofit its security controls and it seems once again, S/MIME for OWA takes a hit. So bad in fact this time, that you basically need to remove the current S/MIME control in order to just be able to use OWA effectively in IE7 at all (you can't compose or reply even basic messages if its there).
So, at this writing, it seems that if you need to use IE7 right now for anything and you can live without Signing/Encrypting, on the CLIENT SIDE, you will need to do the following:
Go to a command prompt (CMD) and type the following (Enter after every line of course):
C:
cd "%systemroot%\downloaded program files"
regsvr32 /u exsmime.dll
regsvr32 /u mimectl.dll
This will unregister the S/MIME controls (you won't be able to uninstall them using Add/Remove). As well, on the server end, be sure to apply the latest Windows 2003 IE7 related fixes and Exchange fixes. Once there is a new improved S/MIME control, you'll simply reinstall it and badabing, back in bidness... one hopes.
Finally, the following hotfix seems to elude to fixing the problem but I had no success - http://support.microsoft.com/?kbid=911829).
Comments
The update is live at:
http://www.microsoft.com/downloads/details.aspx?FamilyId=41275DEC-4C01-4C41-AA64-C9DBE5EA3F7E&displaylang=en
The associated KB, 924334 is also live at:
http://support.microsoft.com/?kbid=924334
Important Note (this is also mentioned in the KB)
After this Hotfix is applied to the server, end users who have an S/MIME control installed on the client machines need to re-install the control from the Options dialog in OWA.
Posted by: Eric Lawrence at October 20, 2006 5:07 PM
Excellent, thanks for that update Eric. Long time coming, I see it's dated for today, thanks for the quick update! 10/20/2006
Posted by: Sean Wallbridge at October 20, 2006 5:27 PM
I just applied this hotfix in a test environment.
Things to note:
It will require the restart of the following services-
MS Exchange Information Store
World Wide Web Publishing service
Exchange Routing
HTTP SSL
IIS Admin
It will create a new Numbered controls and cab set in your ExchWeb directory (6.5.7651.43). This is important to note for Front-End/Back-end environments as the "Fix" will not be in until you update both the FE and BE. The same services will need to be restarted on the FE server. Also, DO NOT download the S/MIME component until the back-end is updated. When I tried tested with only my FE updated, the Smime cab I received did not fix the problem.
When I updated the BE server, it was not able to cleanly restart all necessary services. It could not shut down the Defaultapppool (application pool). It identified it as w3wp.exe. This is not a service, so you will need to go into IIS and stop this app pool if you receive a similar message.
It is OK to just choose re-install for the new S/MIME component, however during the process It does not want any IE windows open (including OWA), so it is not as seemless as the previous SMIME install. Note however the closing of IE is only necessary if using re-install. A full (new) install will work while IE is up.
Posted by: Sean Hook at October 24, 2006 9:19 AM
Also - as far as the SMIME not being able to be uninstalled - If you re-install it you can then successfully uninstall it through add/remove programs.
Posted by: Sean Hook at October 24, 2006 9:31 AM
Terrific detail Sean, thanks. Yep, noted on the FE/BE install. If memory serves, you are always to update the BE first otherwise OWA gets disjointed and images don't appear correctly. Too lazy at this write to go find the KB but a simple rule to keep in mind :)
Posted by: Sean Wallbridge at October 24, 2006 10:06 AM
Thank you! I had been puzzling how to remove the S/MIME through the control panel, your command line instructions worked perfectly. I can now send email once again.
Posted by: fb at November 28, 2006 4:33 AM
If I dont have S/MIME installed, how can I make OWA work with IE7 ?
Posted by: Chris at December 8, 2006 4:12 PM
Thanks!!!!! This worked and I can send emails once again.. phew! Microsoft SUCKS
Posted by: Jay at November 15, 2007 8:41 AM
