Unable to enroll/authenticate PGP Desktop clients when using Microsoft Active Directory Domain's Logon Restrictions with a User
| Article:TECH189115 | | | Created: 2012-05-18 | | | Updated: 2012-10-01 | | | Article URL http://www.symantec.com/docs/TECH189115 |
Problem
When restricting Microsoft Active Directory (AD) domain users to specific computers using the Logon Restriction setting per user account, PGP Desktop clients are unable to enroll/authenticate.
Error
The PGP Desktop client will fail with, "Your credentials were not accepted. Please try again."
The PGP Universal Server will show, "CLIENT-XXXXX: ldap operation result 49, Invalid credentials"
The error is misleading, since it's not a bad password problem for the user account.
Cause
Since the LDAP query is being issued from PGP Universal Server and not the from the client's (permitted) computer, the AD LDAP server rejects the connection.
Solution
Switch to Email Enrollment or use a secondary LDAP server specifically for PGP client authentication.
|
|
Article URL http://www.symantec.com/docs/TECH189115
Terms of use for this information are found in Legal Notices
Thank you.