Error in Symantec Encryption Management Server Client Log - Duplicate key violates unique constraint "email_idx"

Article:TECH200033  |  Created: 2012-11-22  |  Updated: 2014-04-29  |  Article URL http://www.symantec.com/docs/TECH200033
Article Type
Technical Solution


Subject

Issue



After entering the Active Directory username and password correctly,  a user is continually prompted for the same information and the Symantec Encryption Desktop user is unable to enroll.

 


Error



The SEMS (Symantec Encryption Management Server) Client log contains the error:

Duplicate key violates unique constraint "email_idx"

 


Environment



  • Symantec Encryption Management Server 3.x using LDAP Directory Synchronization with Active Directory.
  • PGP Universal Server 3.x using LDAP Directory Synchronization with Active Directory.

 


Cause



The user trying to enroll has one or more secondary email addresses associated with their Active Directory account.  One of these secondary email addresses may already be in use by a user account on Symantec Encryption Management Server.

This can occur if a user who has an account on SEMS leaves the organization and the account in Active Directory account is disabled or deleted and their primary email address is deleted.  Another Active Directory user is then given the prior user's email address as a secondary address.  However, the prior user's account was not deleted from SEMS which causes the enrollment issue.

 


Solution



Check the Active Directory account of the user who is failing to enroll for secondary email addresses. Search SEMS for each secondary email address.  If users are found with the secondary addresses, check whether these user accounts are still required and if they are not, delete them from SEMS.

This issue can also occur if the Active directory record for the user has a primary email address in the "proxyAddresses" field that does not match the "mail" field.  (The email address in "proxyAddresses" that is listed with SMTP in capital letters is the primary email address.)


Example snippet of an Active Directory record that will not enroll:
===================================================
proxyAddresses: notes:Steven Lastname/Staff/company@company
proxyAddresses: smtp:Slastname2@company.com
proxyAddresses: SMTP:Steven.Lastname@company.com
proxyAddresses: smtp:Steven.Lastname@exchange.company.com
mail: Slastname2@company.com

Note that in this example the “mail” field does not match the “proxyAddresses” entry with SMTP capitalized.


Example snippet of an Active Directory record that will enroll:
===================================================
proxyAddresses: notes:Steven Lastname/Staff/company@company
proxyAddresses: smtp:Steven.Lastname@exchange.company.com
proxyAddresses: SMTP:Steven.Lastname@company.com
proxyAddresses: smtp:Slastname2@company.com
mail: Steven.Lastname@company.com

Note that in this example the “mail” field does match the “proxyAddresses” entry with SMTP capitalized.


Supplemental Materials

SourceETrack
Value2471605


Article URL http://www.symantec.com/docs/TECH200033


Terms of use for this information are found in Legal Notices