Unable to enroll/authenticate PGP Desktop clients when using Microsoft Active Directory Domain's Logon Restrictions with a User

Article:TECH189115  |  Created: 2012-05-18  |  Updated: 2012-10-01  |  Article URL http://www.symantec.com/docs/TECH189115
Article Type
Technical Solution


Subject

Issue



When restricting Microsoft Active Directory (AD) domain users to specific computers using the Logon Restriction setting per user account, PGP Desktop clients are unable to enroll/authenticate.


Error



The PGP Desktop client will fail with, "Your credentials were not accepted. Please try again."

The PGP Universal Server will show, "CLIENT-XXXXX: ldap operation result 49, Invalid credentials"

The error is misleading, since it's not a bad password problem for the user account.


Cause



Since the LDAP query is being issued from PGP Universal Server and not the from the client's (permitted) computer, the AD LDAP server rejects the connection.


Solution



Switch to Email Enrollment or use a secondary LDAP server specifically for PGP client authentication.




Article URL http://www.symantec.com/docs/TECH189115


Terms of use for this information are found in Legal Notices