GPGol: Will work for one user and not another on the same machine. Windows 10 Outlook 2016 GPGOL 2.4.8 (gpg4win-3.1.14)
Open, LowPublic



I have two users on this one system.
One can encrypt and/or sign emails and the other cannot.
When I click on the secure button, nothing happens.
When I select the drop down and click on Sign or Encrypt, they do not stay highlighted.

Any suggestions?


GPGOL 2.4.8 (gpg4win-3.1.14)
jeffb255 created this task.Nov 26 2020, 1:30 AM
werner added a subscriber: werner.Nov 26 2020, 9:13 PM

Recall that each user has their own keys and configuration. This seems to be a general question on how to use GpgOL. Please use the help resources listed at instead of this bug tracker.

I am quite aware of that each user has there own keys and configurations.
I added a third user to the computer, configured them the same as the first user, and was not able to sign or encrypt any emails.
When I clicked on the lock nothing happened.

Also, when an encrypted email comes in, with a proper key, it does not see that the message is an encrypted one. No lock symbol, just attached files.

I have uninstalled gpg4win, after backing up the private key, removed the users appdata/roaming/gnupg and appdata/roaming/kleopatra directories, rebooted the computer.
I then reinstall gpg4win-3.1.14, imported the private key, imported the public keys, opened outlook, configured gpgol, exited Outlook, restarted Outlook, and get the same results.
It works for user1 and not any other user.

In general there always might be problems with incompatibilities of other addins installed on a system.

I would need debug output with log level "+outlook API calls" for this to further analyze it. But if even when clicking on the secure button nothing happens then I don't really know that usually means that our addin is not able to write to the underlying MAPI Store. So this could be caused by an addon preventing us from that or by some damage to the underlying store. Maybe setting up the users account in outlook again might help.

Wouldn't the incompatibility cause all the users to have the same problem, rather than one not and all others to have the problem?
Attached is the file that you requested.

I have setup debugging for everything else, just in case.

No, which addons are active is a user property. So maybe you can try disabling all others but GpgOL, and then basically bisect which one it is that is conflicting.

In the log I see just unexpected errors using the most basic Outlook API calls.

18:43:34/14620/ERROR/mapihelp.cpp:mapi_change_message_class: HrGetOneProp() failed: hr=0x80004002

This is basically "General Error" and already happens when the addon tries to check what kind of message it is. Later:

18:43:57/14620/DBG_OOM/oomhelp.cpp:get_pa_variant: Looking up property:{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL UID/0x0000001F;
18:43:57/14620/DBG_OOM/oomhelp.cpp:get_oom_object: looking for 00000221fa908f20->`PropertyAccessor'
18:43:57/14620/oomhelp.cpp:get_oom_object: failure: 'PropertyAccessor' p=0000000000000000 vt=0 hr=0x80020009 argErr=0x0 dispid=0xfafd
18:43:57/14620/DBG_OOM/oomhelp.cpp:dump_excepinfo: Exception: 
              wCode: 0x1000
              wReserved: 0x0
              source: Microsoft Outlook
              desc: The message you specified cannot be found.
              help: null
              helpCtx: 0x0
              deferredFill: 0000000000000000
              scode: 0x8004010f
18:43:57/14620/ERROR/oomhelp.cpp:get_pa_variant: Failed to look up property accessor.
18:43:57/14620/oomhelp.cpp:get_unique_id: No uuid found in oom for '00000221fa908f20'
18:43:57/14620/oomhelp.cpp:get_oom_iunknown: Property 'MapiObject' not found: 0x8004010f
18:43:57/14620/ERROR/oomhelp.cpp:get_oom_message: Failed to obtain MAPI Message.
18:43:57/14620/ERROR/oomhelp.cpp:get_oom_base_message: Failed to obtain mapi_message.

This is probably when you click on "Secure" there we also just get a generic error from the Outlook Object model.

So somehow either this users account is set up differently in Outlook or the user has different addons which collide. But these are plain Outlook API calls which fail for us and without which we cannot do all the stuff we need to do in Outlook to do either decryption or encryption. We fail way before we do actual decryption or encryption work.

aheinecke triaged this task as Low priority.Dec 1 2020, 2:16 PM

Changing this to priority low until I see a second report from a different user with a similar log.
This looks more like a broken Outlook setup on this users account then a problem where we can actually help.

Maybe as an improvement I would improve the error handling but for that to work properly with a suggestion to the user what to do we would have to know how to fix this.

E.g. my Outlook sometimes tells me that it is working on some old .pst file and does not even tell me which of the Outlook files I have to remove to get outlook working without this warning anymore. In that case I always delete all .pst files. Something like that is probably the case here. Outlooks state is somehow broken internally.

I created a different user on the same machine.
I logged with the addons enabled and disabled.