PGP NetShare: "One or more user keys is unknown, is revoked, is expired, or is disabled."

Article:TECH149963  |  Created: 2010-09-13  |  Updated: 2012-09-20  |  Article URL http://www.symantec.com/docs/TECH149963
Article Type
Technical Solution


Issue




When attempting to re-encrypt a PGP NetShare folder that was encrypted to an Active Directory group, the error "One or more user keys is unknown, is revoked, is expired, or is disabled" is displayed. This occurs even though all of the keys in the access list display as current and valid.

 


Solution




This can occur when the Active Directory group name is using a pre-Windows 2000 group name and a Windows 2003 group name that do not match. The group is only searchable by the Windows 2003 Active Directory naming schema, but displays in PGP NetShare using the pre-Windows 2000 naming schema.

Therefore, when attempting to re-encrypt the folder, PGP NetShare is not able to lookup the group because of the difference in group names.

To resolve this issue, rename the Group name (pre-Windows 2000) to match the Windows 2003 Group name so that PGP NetShare can successfully find the group. Then re-encrypt the PGP NetShare folder.

 



Legacy ID



2248


Article URL http://www.symantec.com/docs/TECH149963


Terms of use for this information are found in Legal Notices