Home > Exchange Server > The Case of the Disappearing ‘Publish To GAL’ Button

The Case of the Disappearing ‘Publish To GAL’ Button

While planning a rebranding effort for a client as part of a massive divestiture, we looked at how the end-user S/MIME certs would get handled once their workstations were migrated to a new forest/domain. Outlook has a nice feature built-in to publish existing certificates to the GAL. This makes it easy for users to send encrypted messages to coworkers without having to first send a digitally signed message back and forth. This is quite important to this particular client due to trade secrets and regulatory compliance.

To see the button, open Outlook, go to the Backstage, then Options>Trust Center>Trust Center Settings>E-mail Security. You can see the Publish to GAL button:

The button is visible regardless of whether the user actually has a certificate installed.

However, some users were not seeing the button, as seen below:

It turns out that in Outlook 2010, if a user has multiple MAPI accounts configured in the same Outlook profile, the button erroneously disappears. Multiple MAPI accounts is a key feature in Outlook 2010, and is real handy for people who want access to different accounts, say for administrative use, or for work and private email accounts. Outlook even supports having dedicated S/MIME certificates for each account.

I reported the issue to Microsoft, and a bug report has been created. Hopefully, this will be resolved with a hotfix soon. This isn’t the only issue I’ve found with multiple email accounts in Outlook 2010. The archiving feature takes messages from ALL of the accounts, and puts them in the SAME archive .pst file. Not good.

  1. Garry
    September 27th, 2011 at 19:30 | #1

    I’ve run into an issue with multiple exchange accounts; you can’t edit distribution group membership.

  2. Kasper Bøggild
    January 20th, 2012 at 13:52 | #2

    Did you recieve at bug reference that we can refer to when we contact Microsoft?

    • Pat Richard
      January 21st, 2012 at 08:07 | #3

      Not according to my notes. I reported it internally.

  3. Brian from Texas
    January 25th, 2012 at 15:14 | #4

    Same problem here. Thanks for pointing out the issue. We are slowing rolliing out PKI to the users and I’ve noticed an uptick in missing “publish to GAL” buttons. I’ve read it can be due to corrupt certificates but it was proven to not be the case here. And from your comment, it appears it would never be the case, because the button is still present for users without certificates.

    I guess the work around for now is to remove the other mail accounts, publish to GAL, then add the secondary mail accounts back to their profile.

  4. Seb
    April 5th, 2012 at 09:29 | #5

    We are getting this in our org. too, when people add functional mailboxes to their profile. Is there a work-around – to publish the certificate?

    • lenny002
      April 17th, 2012 at 08:23 | #6

      Hi, we are also facing same problem. As a work-around you can create new profile just with that one account for which you want to publish certificate, start outlook with that newly created profile, publish to gal, remove this profile and start with former profile again. Hope MS will release hotfix soon…

      • Pat Richard
        April 17th, 2012 at 08:26 | #7

        Thanks for the suggestion!

  5. April 11th, 2013 at 21:03 | #8

    My oh my, thank you for this post; I’ll keep the remaining half of my hair…

    Note to anyone else looking at this old thread, MS is obviously too busy to care, Outlook 2013 64 bit and 32 bit (v15.0.4481.1508) versions STILL have this and other issues with multiple MAPI accounts in a single profile.

  6. Nick
    April 24th, 2013 at 10:01 | #9

    Thank you, this still isnt fixed and your work around is the solution

  7. AndyC
    January 16th, 2014 at 12:32 | #10

    Jan 2014 – and this is still an issue.

  8. Charlene
    April 1st, 2014 at 13:29 | #11

    Outlook 2010 – File, Account Settings, Account Settings, E-mail tab – Remove any extra mailfiles except the users. Publish to GAL button will now come up.

    • Pat Richard
      April 1st, 2014 at 22:46 | #12

      But that’s not a workable solution. Each account will have a separate email file, as well as another file for any archives. You can’t just arbitrarily remove those file.

  9. Josh Powers
    May 15th, 2014 at 08:51 | #13

    Any update on this? Is this fixed in 2013? Is there a hotfix for 2010?

  10. Karl
    October 12th, 2015 at 07:19 | #14

    I think I got a manual workaround, these steps worked for me:

    1. Navigate to the properties of the users Active-Directory-Object
    2. Tab *Published certificates*: Import the certificate (You might need to export it in the correct file format prior to that)
    3. Tab *Attribute Editor*: Copy the value from “userCertificate” to “userSMIMEcertificate”
    4. Run these two commands in the exchange management shell:
    – Update-GlobalAddressList -Identity “”
    – Update-OfflineAddressBook -Identity “”
    (You can get the identities via Get-GlobalAddressList / Get-OfflineAddressBook)

    After telling my Outlook to update it’s offline adress book, I was able to send the user an S/MIME-encrypted mail.
    (I hope I got the translations right, I’m using a German OS)

  11. R Johnson
    December 11th, 2015 at 19:47 | #15

    @Karl
    Should this process cause the encryption and singing certificates to be visible from the Exchange 2013 OWA s/mime control? Doesn’t seem to work for me.

  12. 1equals2
    June 9th, 2017 at 11:28 | #16

    we’re in 2017 now, and it’s still an issue.

  13. Steve S
    April 27th, 2018 at 17:11 | #17

    In 2018 still same issue…

  14. January 30th, 2019 at 10:18 | #18

    In 2019 and Outlook 2016 still the same 🙁

  15. Alex C
    September 12th, 2019 at 10:12 | #19

    It is September 2019, using Outlook 365, still having issue with “publish to GAL” button not showing, even with single mail account…

  1. No trackbacks yet.