PGP Message Blocked when sending email in Outlook (Symantec Encryption Desktop)
Article ID: 225360
Updated On:
Products
Issue/Introduction
When attempting to send an email in Outlook, the following message appears:
PGP: Message is blocked - connection to tray failed.
Resolution
Table of Contents
- Troubleshooting Prerequisite:
- Troubleshooting Step 1: Are the PGP Binaries allowed to run and could they be blocked?
- Troubleshooting Step 2: BlockMailIfInitFailed
- Troubleshooting Step 3: Check to see if the PGP Plug-ins are related to this issue.
- Troubleshooting Step 4: Try disabling Secure Boot in the BIOS and reboot the system to see if this has any effect on this issue.
- Troubleshooting Step 5: Check to see what may have changed in the environment.
- Troubleshooting Step 6: Enable the full debug logging "F3F" and then reproduce this error and provide to Symantec Encryption Support.
- Troubleshooting Step 7: Check the AppInit_DLLs registry to see if PGP MAPI plug-in is listed properly or if there are any other drivers listed:
Troubleshooting Prerequisite:
Go through the process of disabling the "blockmailifinitfailed" parameter to see if doing so allows email to be sent.
If you disable this option, email will be sent, but if the PGP services are not initialized properly, the messages could go out unencrypted.
Once this option has been disabled (no reboot necessary), close out of Outlook, and exit all the PGP services. Then re-launch the PGP services and wait a few minutes.
Then send an email and put in "[PGP]" (with square brackets, but excluding the quotes) in the subject, which is typically used to force encryption.
If there are no logs for email activity then this would indicate the services for PGP services are not launching at all and the popup is actually correct.
At this point, proceed with the rest of this article to narrow down what could be causing this issue.
Troubleshooting Step 1: Are the PGP Binaries allowed to run and could they be blocked?
This error indicates there may be something blocking the PGP application in some way.
Although the PGP services may appear to be running, check to see if any third-party security applications may be preventing these binaries of the Symantec Encryption Desktop client from loading properly.
See the following article for a comprehensive list on these binaries:
Troubleshooting Step 2: BlockMailIfInitFailed
As a test, attempt to disable the "blockMailIfInitFailed" parameter and close and re-launch Outlook to see if this will send the message. For information on how to do this, see the following article:
172697 - Email messages are sent unencrypted when Encryption Desktop PGP Tray is not running
Troubleshooting Step 3: Check to see if the PGP Plug-ins are related to this issue.
Check in the PGP Options and see if the "Enable PGP encrypt and sign buttons in Outlook" to see if it's checked.
To get into PGP Options, either click the gray padlock icon by the time, and then click "Options...", or open Encryption Desktop, Click Tools, and then Options:
Toggle this setting, and then close Outlook and restart Outlook (If the plug-ins are checked, uncheck and restart Outlook).
Resend the message to see if the same message pops up.
Check the Add Ins in Outlook to see if they are loaded.
Troubleshooting Step 4: Try disabling Secure Boot in the BIOS and reboot the system to see if this has any effect on this issue.
Secure Boot may affect how certain drivers load and if you disable it, it could help us see if it is blocking our driver from loading.
If it is, please reach out to Symantec Encryption Support to report the behavior as Secure Boot should not block the PGP binaries.
Troubleshooting Step 5: Check to see what may have changed in the environment.
Windows updates, software updates and other changes may have been applied and could affect how the PGP software loads.
Did new security rules get put into place when this happened? Does this error show up for all users, or only one?
Troubleshooting Step 6: Enable the full debug logging "F3F" and then reproduce this error and provide to Symantec Encryption Support.
180838 - Enabling verbose level logging in Encryption Desktop for Windows
Troubleshooting Step 7: Check the AppInit_DLLs registry to see if PGP MAPI plug-in is listed properly or if there are any other drivers listed:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
If "PGPMapih.dll" is the only one listed, this is normal. If there are other items in here, see if moving PGP to the front of the other drivers may help (reboot is needed after switching the order).
If none of the above are working, it is useful to see if any of the PGP objects are loading on the machines. If none of the objects are loaded as expected, it may be that something is blocking the PGP software.
Download the "WINOBJ" tool at https://docs.microsoft.com/en-us/sysinternals/downloads/winobj
Once downloaded, look for the "Winobj64.exe" file and run as the user who is having the issues.
Running as Administrator is good to use too to compare results running as admin, you could see something load when it's not loading as the user running PGP.
To open the utility, launch the .exe mentioned above. Next, click on the Find top menu, and click "Search".
Here is a working example where PGP would be working:
What we are looking for are these objects:
If we do not see these, this could mean we are getting blocked. Review Troubleshooting Step 1 to ensure none of these items are being blocked, and re-launch the utility.
The hope is to figure out what could be blocking the PGP binaries as the symptom indicates it cannot load properly.
If you are still running into issues and can't figure it out, reach out to Symantec Encryption Support for further guidance.
Additional Information
Feedback
