PGP Message Blocked when sending email in Outlook (Symantec Encryption Desktop)
search cancel

PGP Message Blocked when sending email in Outlook (Symantec Encryption Desktop)

book

Article ID: 225360

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption

Issue/Introduction

When attempting to send an email in Outlook, the following message appears:

PGP: Message is blocked - connection to tray failed.

Resolution


Troubleshooting Prerequisite:

Go through the process of disabling the "blockmailifinitfailed" parameter to see if doing so allows email to be sent. 
If you disable this option, email will be sent, but if the PGP services are not initialized properly, the messages could go out unencrypted. 
Once this option has been disabled (no reboot necessary), close out of Outlook, and exit all the PGP services.  Then re-launch the PGP services and wait a few minutes. 
Then send an email and put in "[PGP]"  (with square brackets, but excluding the quotes) in the subject, which is typically used to force encryption. 
If there are no logs for email activity then this would indicate the services for PGP services are not launching at all and the popup is actually correct.

At this point, proceed with the rest of this article to narrow down what could be causing this issue. 

 

 

Troubleshooting Step 1: Are the PGP Binaries allowed to run and could they be blocked?

This error indicates there may be something blocking the PGP application in some way. 
Although the PGP services may appear to be running, check to see if any third-party security applications may be preventing these binaries of the Symantec Encryption Desktop client from loading properly. 
See the following article for a comprehensive list on these binaries:

200696 - Symantec Encryption Services - Add Symantec Encryption programs to safe list or exclusions in security software

 

 

Troubleshooting Step 2:  BlockMailIfInitFailed

As a test, attempt to disable the "blockMailIfInitFailed" parameter and close and re-launch Outlook to see if this will send the message.  For information on how to do this, see the following article:

172697 - Email messages are sent unencrypted when Encryption Desktop PGP Tray is not running





Troubleshooting Step 3: Check to see if the PGP Plug-ins are related to this issue.

Check in the PGP Options and see if the "Enable PGP encrypt and sign buttons in Outlook" to see if it's checked.

To get into PGP Options, either click the gray padlock icon by the time, and then click "Options...", or open Encryption Desktop, Click Tools, and then Options:

 

 

Toggle this setting, and then close Outlook and restart Outlook (If the plug-ins are checked, uncheck and restart Outlook).

Resend the message to see if the same message pops up.

Check the Add Ins in Outlook to see if they are loaded.

 

 

Troubleshooting Step 4: Try disabling Secure Boot in the BIOS and reboot the system to see if this has any effect on this issue.

Secure Boot may affect how certain drivers load and if you disable it, it could help us see if it is blocking our driver from loading.
If it is, please reach out to Symantec Encryption Support to report the behavior as Secure Boot should not block the PGP binaries. 

 

 

Troubleshooting Step 5: Check to see what may have changed in the environment.

Windows updates, software updates and other changes may have been applied and could affect how the PGP software loads. 
Did new security rules get put into place when this happened?  Does this error show up for all users, or only one?



Troubleshooting Step 6:  Enable the full debug logging "F3F" and then reproduce this error and provide to Symantec Encryption Support.  

180838 - Enabling verbose level logging in Encryption Desktop for Windows



Troubleshooting Step 7: Check the AppInit_DLLs registry to see if PGP MAPI plug-in is listed properly or if there are any other drivers listed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

If "PGPMapih.dll" is the only one listed, this is normal.  If there are other items in here, see if moving PGP to the front of the other drivers may help (reboot is needed after switching the order).

 

 

If none of the above are working, it is useful to see if any of the PGP objects are loading on the machines.  If none of the objects are loaded as expected, it may be that something is blocking the PGP software.  

Download the "WINOBJ" tool at https://docs.microsoft.com/en-us/sysinternals/downloads/winobj

 

Once downloaded, look for the "Winobj64.exe" file and run as the user who is having the issues. 

Running as Administrator is good to use too to compare results running as admin, you could see something load when it's not loading as the user running PGP.

 

To open the utility, launch the .exe mentioned above.  Next, click on the Find top menu, and click "Search".

Here is a working example where PGP would be working:

 

What we are looking for are these objects:

If we do not see these, this could mean we are getting blocked.  Review Troubleshooting Step 1 to ensure none of these items are being blocked, and re-launch the utility.  

The hope is to figure out what could be blocking the PGP binaries as the symptom indicates it cannot load properly.

 

 

 

 

If you are still running into issues and can't figure it out, reach out to Symantec Encryption Support for further guidance. 

 

 

Additional Information

190223 - The PGP plugin failed to initialize with Symantec Encryption Desktop and Outlook

172697 - Email messages are sent unencrypted when Encryption Desktop PGP Tray is not running

248101 - PGP Offline Policy: Messages Blocked in Outlook if the PGP Client cannot reach the PGP Server

EPG-25487