In Message Tracking, messages will appear where the subject begins with “Message delivered via relay”. The reason for this is that the sending SMTP server requests a “Delivery Notification” in the SMTP envelope. However, these notifications are not supported by the receiving SMTP server. These notifications are requested via the NOTIFY parameter of the RCPT TO command, e.g.

RCPT TO:<> NOTIFY=Delay,Failure

Depending on the request this must be altered accordingly on the sending side or the receiving side. This behaviour cannot be changed by NoSpamProxy.

In some cases, the NoSpamProxy setup fails due to problems regarding PowerShell RemoteWIN. To resolve this issue the registry needs to be modified.

To do this, open PowerShell and enter

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f​.

If Outlook is configured in such a way that emails remain in the outbox after clicking on Send immediately when connected, a problem can occur if you look at the email again before the fact. In this case, the email is returned to draft mode and must be returned to send mode by clicking Send again before it can be sent.

This is not a specific behaviour with the Outlook Add-in, but a general Outlook behaviour.


After installing Windows updates on the Windows servers, a growing number of users are reporting that parts of the Outlook Add-in for NoSpamProxy are no longer displayed. However, the add-in seems to be installed correctly and functioning a expected.

With the latest Windows updates, Microsoft has tightened the security settings for access to group policies. As a result, users can no longer retrieve them. Microsoft describes the solution in its Knowledge Base:



Although the configuration for SwissSign is correct under “Cryptographic key providers” and all gateway roles have access to via TCP 443 (https), the following error message appears in the event log when retrieving certificates:

ID: 026f7e58-9be2-4434-b562-11016c181bfd
Created: 12.06.2015 12:15:56
Mail address:
Request type: CertificateRequest
Request status: Failed
Failure status: TrustCenterError
Error text: Unexpected error: Message:
An error occurred while sending the request.
Error type:

Error code: 2148734208
Program location:
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Netatwork.NoSpamProxy.Cryptography.SwissSignCertificateProvider.<EnrollAsync>d__e.MoveNext()

The request was aborted: Could not create SSL/TLS secure channel.

The request was aborted: Could not create SSL/TLS secure channel.
Error type:

Error code: 2148734217
Program location:
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)

Subject, CN=Secure Mail: Gateway Certificate


Both in the certificate store of the computer account of one or all gateway roles and in the certificate store of the NoSpamProxy Encryption Gateway there is the pseudo-AutoRAO service certificate for authentication at the service provider SwissSign.


  1. Under “Cryptographic key providers” open the configuration for the provider SwissSign. Here you will find the deposited pseudo AutoRAO certificate.
  2. Click on the certificate to display its details. These details are helpful for identifying the correct certificate in the certificate store of the computer account.
  3. Open “mmc.exe” as administrator on the gateway role.
  4. Click File and Add/Remove Snap-in.
  5. Select Certificates and click Add.
  6. A new window appears in which you select the “Computer account”.
  7. Click”Next”.
  8. Select the “Local computer”.
  9. Click  “Finish”.
  10. Return to the snap-in selection and confirm with “OK”.
  11. Navigate to “My certificates” and find the pseudo AutoRAO service certificate.
  12. Select the certificate and delete it.
  13. Restart the affected Windows system of the gateway role.

If necessary, repeat these steps for all other gateway roles.


The event viewer repeatedly shows the following message:

Gateway Role 1088:
Could not secure an inbound connection with the host
Die angegebenen Daten konnten nicht entschlüsselt werden
Error type:
Error number:2147500037
Program location:

As a result, an SChannel error will appear in the Windows applications event viewer. It may look like this:
SChannel 36887:
Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51.

Please note that ID and code may differ.


Windows 2008 R2 and later does not support older, weak cipher suites, which are considered cracked. Therefore, a TLS connection is not established if the delivering server can only process these. As a result, the above-mentioned warnings and errors are logged. The delivering server must then perform a fallback to plain text. For this it is necessary that the delivering server establishes a new connection, since the old connection, where no TLS connection could be established, must be closed.


In some cases the reply link created by NoSpamProxy Large Files cannot be inserted into emails.


Please check whether the following security setting is effective via GPO:

GPO Einstellung für Antwortlink

If so, please set the activated security setting to “Disabled”.

Important: Since NoSpamProxy requires Framework 4.6.2, the workaround described below no longer works because Exchange 2010 is not compatible with Framework 4.6.2 (

If NoSpamProxy version 7.7 or later and Exchange 2010 are installed on the same server, the Exchange Management Console no longer works properly. The reason for this is the .NET Framework 4.0. The Exchange Management Console requires the Framework version 2.0 as the default handler, while the NoSpamProxy Management Console only works with version 4.0. To use the correct .NET Framework version by default, the NoSPamProxy setup 7.7 creates an environment variable called “COMPLUS_ApplicationMigrationRuntimeActivationConfigPath”.

This variable refers to a path where a config file with the appropriate settings is stored. When any MMC is called, the corresponding variable, and thus the configuration file, is used. This causes the known problems when opening the Exchange MMC. To be able to use the Exchange MMC again, there is only the following workaround:

The environment variable is permanently deleted and the NoSpamProxy MMC must be called via a batch file in which the corresponding environment variable is defined beforehand. The advantage is that in this case the environment variable is only used for programs that are called from the context of the batch file.

To work around the problem, do the following:

First, open Windows Explorer.

Right-click Computer and select Properties.

In this window, click Advanced System Settings. The following window opens:

Click “Environment Variables” here.

Managment Konsole Umgebungsvariablen setzen

In the “Environment Variables” window, select “COMPLUS_ApplicationMigrationRuntimeActivationConfigPath” in the “System Variables” section and then click “Edit”. Copy the path in the “Value” field to the clipboard. Then delete the complete entry. Click on OK, Apply and again on OK.

Now open Notepad. Paste the currently copied path from the clipboard into Notepad. In addition, add the following lines:

set COMPLUS_ApplicationMigrationRuntimeActivationConfigPath=
mmc.exe "C:\Program Files\Net at Work Mail Gateway\NoSpamProxy Management Console\Net at Work Mail Gateway Configuration Console.msc"

Copy the path from the clipboard behind the first line. The Notepad file should then be structured as follows:

set COMPLUS_ApplicationMigrationRuntimeActivationConfigPath=C:\ProgramData\ComPlus Activation Configurations\
mmc.exe "C:\Program Files\Net at Work Mail Gateway\NoSpamProxy Management Console\Net at Work Mail Gateway Configuration Console.msc"

Please note that the file names of the console may differ depending on the version used. Make sure to find the .msc file in the target directory.

Also, please note that the display of the batch file in this article may be distorted by automatic line breaks.

Finally, adjust the path to the Net at Work Mail Gateway Configuration Console.msc if necessary and save the Notepad content as NoSpamProxy-MMC.bat. If you call the BATCH file, the NoSpamProxy MMC should open successfully. Starting with Windows 2008 with UAC enabled, however, you must always run the batch file as administrator. The Exchange MMC should now also open without errors.