HOW TO: Re-enroll Symantec Encryption Desktop for Mac OS X Clients

Article:TECH178358  |  Created: 2012-01-05  |  Updated: 2013-12-20  |  Article URL http://www.symantec.com/docs/TECH178358
Article Type
Technical Solution


Issue



This article describes the steps to re-enroll Symantec Encryption Desktop (previously PGP Desktop) for Mac clients.

For instructions on how to re-enroll Symantec Encryption Desktop for Windows clients, please see the following article:

http://www.symantec.com/docs/HOWTO42029

 


Solution



Enrollment is the binding of a computer with Symantec Encryption Desktop client software installed to a Symantec Encryption Management Server (SEMS - previously PGP Universal Server).  After a client is bound it receives feature policy information from the SEMS; for example, encryption keys, email policy, or Symantec Drive Encryption (formerly known as Whole Disk Encryption) administration.

In some circumstances, you may need to re-enroll Symantec Encryption Desktop clients if the client is experiencing connection problems with the SEMS, the client license does not update after renewing the client license on the server, or in rare circumstances the client preference files ( ~Library\Preferences\com.pgp.*) become corrupted.

Use the following steps to re-enroll a Symantec Encryption Desktop for Mac client with SEMS.

  1. Stop the PGP Services by pressing the Option key, click the PGP padlock icon on the menu bar and select Quit.
  2. Browse to the ~/Library/Preferences folder.

    Note: The ~ refers to the user profile (home) directory.
     
  3. Move all the com.pgp.* files to Trash (there will be com.pgp.desktop and other com.pgp plist files that should be moved to Trash).
  4. For Symantec Encryption Desktop 9.x, follow the next steps.  For Symantec Encryption Desktop 10.x and above, simply re-launch PGP.app (Starting with Symantec Encryption Desktop, the "PGP.app" has been renamed to "Encryption Desktop.app").
  5. Open the Terminal application.
  6. Type defaults write com.pgp.pgp configurationString "ovid=example.keyserver.com&mail=*&admin=1"

    Note: Steps (5-6) is only necessary when using PGP Desktop 9.x clients.
     

Launch Symantec Encryption Desktop to start the Symantec Enrollment Assistant.

For Encryption Desktop 10.0.x through 10.3.0, if enrollment does not begin: Check under /Applications/PGP.app/Contents/Resources/policy.txt      ---- This should contain a string similar to this 'ovid=keys.example.com&mail=*&admin=1'. If there is any trouble resolving the hostname found in the string then enrollment will not function as expected.  In Symantec Encryption Desktop 10.3.1 and above, the location is /Applications/Encryption Desktop.app/Contents/Resources/policy.txt.

 

Caution: When Symantec Encryption Desktop clients are enrolled, entries are placed in the Mac OS X Keychain Access Utility.  These entries include "PGP LDAP", "PGP Universal Auth Cookie" and a user entry of Kind, "PGP Passphrase" (Usually the name of this entry is the email address of the user enrolling).  These entries are used for enrollment and for the passphrase that can be used during encryption of a drive.  These entries remain, even after an uninstall of the software.  If re-enrollment is being done, it is also recommended to clear out all these entries before re-enrolling the client so they will be re-created from scratch.  Not clearing these out may result in unexpected results, as outlined in TECH211645.



Legacy ID



1556


Article URL http://www.symantec.com/docs/TECH178358


Terms of use for this information are found in Legal Notices