DEV Community

Jessica Burrows
Jessica Burrows

Posted on

S/MIME Control Isn't Available

What does the error message "S/MIME Control Isn't Available" mean?

S/MIME is a security protocol for email that uses public-key cryptography to verify the integrity of mail, make certain kinds of abuse more difficult, and even enable end-to-end encryption (E2EE). The S/MIME control is a Windows application that enables Outlook on the web to work with S/MIME on Internet Explorer. Once installed, the S/MIME control can be used with Outlook on the web on Internet Explorer.

When Outlook on the web is unable to access the S/MIME control, you will receive an error saying, “The content can’t be displayed because the S/MIME control isn’t available.” In this article, we’ll briefly expand on the meaning of this error. Then, we’ll discuss common issues that lead to this error and illustrate how the problem can be fixed.

First, here’s a quick overview of some basic concepts that will be helpful when trying to understand the rest of this article.

MIME Format for non-ASCII characters and media attachments
S/MIME Protocol for more secure email via public-key cryptography
S/MIME Control Application that enables S/MIME with Outlook on the web
End-to-end encryption A method to ensure that data is only accessible to the sender and receiver, so intermediaries such as ISPs, web servers, etc. can’t read it.
Outlook on the web A Microsoft web app to manage personal information. It includes webmail, where the error “S/MIME control isn’t available” shows up.

With those definitions in mind, let’s quickly look at the underlying meaning of this error by understanding the underlying concepts and technologies at play.

What Does the Error Mean?

As mentioned above, to provide end-to-end encryption via S/MIME for Outlook on the web, you must install the S/MIME Control application on your machine. The error says that the web-based email client for Outlook on the web cannot access the S/MIME control application on your computer, which handles your local S/MIME keys to encrypt and sign mail.

There are several possibilities here: The webmail client cannot connect properly to the browser, the browser can’t access the S/MIME control app, or the S/MIME control can’t access the keys on your machine.

How to Fix the Error

Below, we discuss the issues that cause this error and illustrate what you can do to fix it. We’ll begin with the most common source of the error. We’ll also point to first-party Microsoft resources that elaborate on a solution, where possible.

Using a Browser Other Than Internet Explorer

Technically, Outlook on the web purports to be compatible with Firefox, Edge, and Chrome, in addition to IE. In practice, however, the service is prone to bugs when not used with Internet Explorer. Fortunately, most browsers include an IE compatibility mode that will clear these issues up.

Chrome, for example, offers this option in the enterprise version of its browser, which can be acquired here: https://chromeenterprise.google/browser/download/

Figure 1. Chrome’s compatibility mode
Figure 1. Chrome’s compatibility mode (source)

Once you’ve downloaded the enterprise version of Chrome, you should consult Google’s official support page for setting up Legacy Browser mode: Set up Legacy Browser Support for Microsoft Edge in IE mode. These instructions also work for Edge.

Firefox doesn’t offer a compatibility mode but is the least likely to suffer from these bugs due to its strict W3C compliance.

And finally, IE 11 itself may even require compatibility mode to behave like an older version of IE. According to Microsoft’s official docs:

  1. Open Internet Explorer, select the Tools button, and select Compatibility View settings.
  2. Under Add this website, enter the URL of the site you want to add to the list, and then select Add.

Note: If you add a site to the Compatibility View list and the page looks worse, the problem might not be compatibility, and you should remove the site from the list.

Once you turn on Compatibility View, Internet Explorer will automatically show that site in Compatibility View each time you visit. You can turn it off by removing the site from your compatibility list. Not all website display problems are caused by browser incompatibility. Interrupted Internet connections, heavy traffic, or problems with the website can also affect how a page is displayed.

S/MIME Control Not Installed Properly

Properly installing the S/MIME control consists of two steps. The actual app has to be installed, of course, but first, you need to acquire a certificate, also called a key or digital ID.

The instructions have a lot of caveats depending on what browser you are using, so it’s best to closely follow Microsoft’s guide to fixing this, which can be found in the article Encrypt messages by using S/MIME in Outlook on the web in the first section: “Install the S/MIME control.”

IE Won’t Connect S/MIME Control to Outlook

IE won’t just let any website access the S/MIME Control you’ve installed. For IE to know that Outlook on the web should be permitted to access S/MIME, you need to add it to the browser’s list of “trusted” sites.

Adding a site to this list is easy. Just go to Tools -> Internet Options -> Security -> Trusted Sites. At this point, you should be presented with a window that looks like this:

Adding a trusted site in Internet Explorer
Figure 2. Adding a trusted site in Internet Explorer (source)

Click on the Sites button and add the URL for Outlook on the web.

If you’re using IE 11 specifically, you’ll also need to run the browser in compatibility mode. Instructions for doing that can be found on Microsoft’s official support docs, in this article: S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment.

S/MIME Requires the Browser to Run with Admin Privileges

The S/MIME certificate may have certain privilege restrictions in place that require you to run your browser as admin to interact with the S/MIME Control successfully.

The solution is simply to run the browser with admin privileges and try again. If you don’t have admin privileges on your machine or within your domain, you will have to contact an administrator for help.

S/MIME Not Configured to Work with the Current Domain

If this is the case, you will receive an error saying that the current domain is a problem. On Chrome and Edge, the error will look something like this:

Unconfigured domain error for Chrome and Edge
Figure 3. Unconfigured domain error for Chrome and Edge (original image)

Click the link to be taken to a settings page where you can add your domain. From the Microsoft docs:

Select the link to go to the settings page, and allow your work or school domain to use S/MIME. The domain is usually the part after the @ sign in your email address. Check with your IT administrator if that doesn't work.

On Internet Explorer, the message will likely say, “Do you want to allow the domain to use the S/MIME control to encrypt and decrypt messages in your inbox? Only allow domains that you trust. If you select Yes, you won't be prompted again for this domain. If you select No, the domain won't have access to S/MIME.” Just select the Yes option to make the domain trusted.

Conclusion

If you are experiencing this error, one of the strategies above should provide what you need. Although the error itself doesn’t provide a great hint for how the problem should be fixed, we’re lucky that both Microsoft and browser providers like Google have excellent documentation that shows us exactly what we can do to solve this. We also recommend reading up on email security best practices to learn more about keeping your emails safe.

Most users combining Outlook on the web with S/MIME are working for large institutions that require these specific tools, which means that there will usually be an officially supported and documented way to get things done.

Internet Explorer is losing marketshare. However, given the institutional inertia that tends to befall larger organizations, it’s inevitable that we’ll have to continue to find fixes and workarounds for aging tools like Outlook on the web that insist on IE for S/MIME.

Fortunately, such technical debt needn’t be a death knell for organizations burdened with the inheritance of such tools, and we hope that the solutions above have lightened your load a little bit.

Top comments (0)