Symantec Encryption Management Server 3.3.0 MP1: Resolved Issues

Messaging

• Resolved the issue where the Symantec Encryption Management Server used inconsistent domain names in messages to external users. For more information, contact Support and request assistance with the Symantec Knowledgebase article TECH201490 (http://www.symantec.com/docs/TECH201490). [2837777]

Clustering

• Resolved an issue where an unreachable DNS caused clusters to fail and be unable to recover. [2887115]
• Resolved an issue where changing a user's primary email address caused the user to disappear from the cluster. [3017067]

Administrative Interface

• Resolved an issue where Symantec Encryption Management Server used an incorrect domain name for user names with colons. [2851687]
• Symantec Encryption Management Server now correctly reports client IP addresses when using X- Forwarded-For headers with a Cisco ACE appliance. [2885549]
• You can now sort users on the Groups page by Name, Username, User Type and Email Address. [2858703]
• On the Clustering page, mousing over the icon that shows Web Email Protection enabled now displays correct text. [3012260]

PGP Keys

• Resolved an issue where Symantec Encryption Management Server did not provide a useful error message in the logs when user keys cannot imported because there is no email address specified. [2780110]
• X.509 key lookups now function successfully for email addresses with fewer than 25 characters. [2986307]
• When Symantec Encryption Management Server cannot find a key on an X.509 keyserver, the failure no longer causes that keyserver to be marked as down. [2986357]

Symantec Encryption Web Email Protection

• Resolved an issue so that the Symantec Web Email Protection accounts are deleted based on the Inactivity Expiration value specified in Symantec Encryption Management Server. [2837496]
• Resolved an issue so that users can log in to Symantec Web Email Protection after the Symantec Encryption Management Server is upgraded. [2860242]
• Messages sent via Certified Delivery now contain the Message ID and Date Header. [2886746]
• Manually sent Daily Status Emails display correctly in Web Email Protection. [2963029]

Upgrading

• Upgrading no longer causes the creation of duplicate Consumer Policy values. [2623554]
• Automatic backups no longer occur while software updates are in progress. [2811479]

Symantec Drive Encryption

• Resolved an issue where viewing WDRTs caused crashing due to migration errors. If WDRTs are not viewable after migration, examine the log files for error messages, and contact Symantec Support to resolve the migration errors. [2866688]

Symantec Encryption Desktop

• Resolved an issue that caused searches for external users' keys to fail within Symantec Encryption Desktop. [2745817]
• Symantec Encryption Desktop can now be configured to automatically abort the connection instead of alerting the end user when there is a problem with the Symantec Encryption Management Server certificate. To enable this new behavior, contact Symantec Support. [2971509]

Symantec Encryption Management Server 3.3.0: Resolved Issues

This article details a list of resolved issues in Symantec Encryption Management Server 3.3.0. 

General

• Resolved the CVE vulnerability (CVE-2012-0053) where a flaw was found in the default error response for status code 400, which could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument was specified. [2698036]
• Updated CentOS to fix security vulnerabilities found in the previous version. [2917800]
• Resolved the issue so that the user is logged in to the administrative interface and the Overview page is displayed as expected. [2822619]
• Resolved the issue so that a Java exception no longer occurs for administrative users who do not have a mail address set up but who are configured to receive daily status emails. [2824569]
• Dashboard Policy Group Membership summary no longer uses template data when group display limit reached. [2822615]

Deployment

• Resolved an issue so that an administrator with Basic Administrator privileges was able to create external users. [2894619]
• Updated Basic Administrator roles so that these accounts can now delete, update, and modify users and groups. [2824601]
• Searching for internal users by their secondary email addresses can be enabled. To enable the feature, contact Symantec Support. [2704363]
• Updated the Symantec Encryption Management Server Installation Guide to provide a better explanation about configuring multiple mail servers in a clustered environment. [2645159]
• Resolved an issue so that administrators can successfully log into the Symantec Encryption Management Server console when the number of users exceeds 120,000. [2684254]
• Turning on LDAP customization for Active Directory and debug logging no longer shows any error message. [2771162]
• Resolved the issue so that changing the Symantec Encryption Management Server host name using the administrative interface never updated the host name on the client email policy. [2824567]
• Checking or unchecking the Consumer Policy checkbox now updates the client preferences file (prefs.xml) as expected. [2824620]
• Resolved the issue that caused duplicate entries on the Directory Synchronization page. [2896697]

PGP Keys

• Problems with key data no longer cause exceptions after upgrade and data restoration. [2824534]
• Symantec Encryption Management Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates. [2818776]
• Resolved an issue so that both the .p12 files are exported successfully without file corruption when a common certificate is exported in a zipped folder. [2475664]
• Resolved an issue with the encoding of email addresses present in SKM certificates to improve third-party compatibility. [2732760]
• Resolved an issue so that Symantec Encryption Management Server displays all Active Directory groups available in an LDAP directory when generating AD Group Keys. [2823571]

PGP Messaging

• Resolved a discrepancy in the product documentation that stated that S/MIME messages are not encrypted to the ADK. S/MIME messages are encrypted to the ADK if the ADK has a valid S/MIME encryption certificate. [2470657]
• Resolved the issue so that Symantec Encryption Management Server successfully communicates with an IBM Lotus Domino server using a secured SMTP session using TLS. [2767570]
• Resolved an issue in the product documentation so that the Symantec Encryption Management Server Administration guide now states that if a message is forced into RTF format by Exchange before it is sent, the receiving Symantec Encryption Management Server cannot add annotation. [2735294]
• Resolved the issue so that a large number of emails in the mail queue no longer cause the mail proxy to fail with an out of memory SQL error on the Symantec Encryption Management Server. [2824531]
• Resolved the issue with consumer policy so that Microsoft Outlook users now see only one copy of a sent email in their Sent Items folder. [2824614]
• Resolved an issue so that a user can send emails successfully using Lotus Notes after the private key is updated with new user IDs. [2897066]

PGP Portable

• Resolved an issue so that the PGP Portable Creator screen appears as expected when the hidden pref portableForceRemovableEncryption is used. [2805171]

Symantec Drive Encryption

• Resolved an issue so that the Force maximum CPU usage consumer policy setting in Symantec Drive Encryption is now correctly enabled. [2801492]
• Resolved an issue so that an Administrator from the WDE-Admin Group can add a Symantec Drive Encryption boot bypass on Microsoft Windows XP computers. [2620353]
• Devices no longer appear to have multiple Disk IDs in Symantec Drive Encryption when WDRTs do not replicate completely across a cluster. [2972133]
• Resolved an issue in Symantec Encryption Management Server so that users who are not super users cannot create nor change WDE Administrator passphrases. [2748699]
• Resolved an issue where automatic disk encryption failed after the installation of the Symantec Drive Encryption with embedded policy. [2726532/2590583]
• Resolved the issue so that inserted removable devices are write-protected if the user fails to select an option from the encryption dialog box within 120 seconds or when Symantec Encryption Management Server is not reachable. [2862478]
• Resolved the issue with Symantec Encryption Desktop so that invisible silent enrollment no longer fails if the user and system are in a different Active Directory Forest. [2768517]
• Resolved the issue with Symantec Drive Encryption so that users can no longer pause encryption or decryption when this option is disabled by Symantec Encryption Management Server policy." [2824553] 
• Resolved the issue so that using the registry entry to disable single sign-on for Symantec Drive Encryption now works as expected (this entry is described in the article located at http://www.symantec.com/docs/HOWTO42010). [2817096]
• Resolved the issue that listed the administrator in the logs for all instances when a WDRT is used, and not the actual user who requested it. [2824547]
• You can now sort alphabetically by OS or client tabs in WDE computers, as well as by string fields. [2824551, 2824560]
• Resolved an issue so that the WDE Activity report lists all the users on the machine if there are more than 1000 users/devices/machines. [2963260]

Symantec Encryption Desktop

• The default keyserver value keys.$ADDRESS_Domain no longer causes error messages in the Client log, and the communication between Symantec Encryption Desktop Client and Symantec Encryption Management Server is successful. [2803625]
• Resolved an issue so that the PGP Desktop 10.2 MP2 clients can successfully enroll to the Symantec Encryption Management Server after the server is upgraded to version 3.3. [2617930]
• Resolved the issue so that the Windows domain name is now transmitted with the user’s user name when enrolling. [2824580]

Symantec Encryption PDF Email Protection

• Resolved the issue so that PDF files created by Symantec Encryption PDF Email Protection can now be opened on BlackBerry devices. The encryption algorithm supported is AES-256. [2824639]

Symantec Web Email Protection

• Resolved an issue in PDF Messenger where creating messages containing certain invalid characters failed with an error. [2961947]
• Resolved an issue so that the Symantec Web Email Protection accounts are deleted based on the Inactivity Expiration value specified in Symantec Encryption Management Server. [2883452]
• Resolved an issue so that clicking the Symantec Web Email Protection passphrase recovery mail link now appropriately opens the Create Your Passphrase page. [2820180]
• Resolved an issue so that clicking the Symantec Web Email Protection passphrase recovery link now appropriately opens the Password Reset page. [2815076]
• Resolved an issue so that users no longer see an error message when they click the browser back button after opening a Symantec Web Email Protection email message. [2733490]
• Resolved an issue so that an error message is logged in the mail log when a message template that is not RFC-compliant is used to send an email using Symantec Web Email Protection. [2673600]
• Resolved an issue where the Delete button was not deleting selected Sent items. [2696728]
• Resolved an issue so that external users cannot reset their Symantec Web Email Protection account password if the account is locked. [2687941]
• Resolved an issue so that Symantec Web Email Protection successfully displays RFC-compliant messages with Content-Type as TEXT/PLAIN or text/plain. [2649121]
• The navigation buttons (First, Previous, Next, Last) now work correctly on the Sent mails page in Symantec Web Email Protection. [2745757]
• Resolved the issue where users may have encountered an Error 404 when trying to access the login page if you created simple customizations for Symantec Web Email Protection. [2761139]
• Resolved the issue so that when users click on the link received in a Symantec Web Email Protection notification message, users are now prompted to enter only their passphrase. [2822624]
• Resolved the issue so that when a user sends email containing an attachment using Symantec Web Email Protection, a copy of the sent email now appears under Sent Items. [2824606]
• Resolved the issue so that a Symantec Web Email Protection user who has used more than 2 GB of space (even if that is less that the allotted amount) no longer receives an error message when logging in. [2824616]
• Resolved the issue so that the Symantec “Norton Secured” seal now appears once in the Symantec Web Email Protection browser. [2824655]
• Resolved the issue so that Symantec Web Email Protection message content is intact after replication across a cluster. [2826042]
• Resolved the issue so that the deletion of Symantec Web Email Protection messages properly replicates throughout the cluster. [2826061]
• Resolved the issue that prevented Microsoft Outlook 2010 .isc invitation files from being properly displayed by Symantec Web Email Protection. [2896698]
• Resolved an issue so that executable files that are considered unsafe by Microsoft do not get corrupted when an external user downloads them from Symantec Web Email Protection. [2839421]
• Resolved an issue where the first encrypted PDF with Secure Reply enabled would not arrive if sent to a new external user when “Require Sender Authorization” is set in consumer policy. [2876407]
• Resolved an issue so that inline attachments now display correctly in Symantec Web Email Protection messages sent to external recipients. [2893308]