Endpoint Encryption

 View Only
  • 1.  Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 13, 2011 01:25 PM

    We are installing PGP on a number of servers, (all Windows Server 2003 Enterprise, SP2) some of which have an internet connection and some don't (security reasons).

    I have been able to authorize one server that's connected to the internet, using the following command, and it works near instantly:

    pgp --license-authorize --license-name "<removed>" --license-organization "<removed>" --license-number "<removed>" --license-email "<removed>"

     

    However, when I try this against a similar server, again with an internet connection, the cmd window just stops and won't close normally. There is a static cursor beneath the command, and it will stay like that until I kill the process via tskmgr (which also stops the service) at which point there is an 'insufficient random bits' message, which I assume is the result of the process being ended prematurely.

    This freezing also happens when I try any command which requires a license. There is nothing in the event viewer. No CPU/load problems. procmon/filemon don't show anything at the exact time of execution.

    Does anybody know what would cause the process to hang completely like this? (it remains like this for several days - I left it over the weekend to see)

     

    Also, I've read conflicting info about whether an internet connection is actually needed for authorizing this version? If it is, and we need to use an authorization text file, does this need to be obtained from Symantec (I found no options within our account), or do we need to use the one at the bottom of this page: http://www.symantec.com/business/support/index?page=content&id=HOWTO42089 ?

     

    Many thanks,

    Richard Penna.



  • 2.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 13, 2011 01:53 PM

    Can you confirm you are running PGP Command Line 10.1 and not 10.2?

    As a possible workaround, try running

    lodctr /r

    on the affected systems.

    As for licensing, you are correct, 10.1 does not need internet access to be licensed.



  • 3.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 14, 2011 05:31 AM

    Hi, I can confirm that it's 10.1.

    I ran 'lodctr /r pgp' and tried licensing again, but it still hung in exactly the same way.



  • 4.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 14, 2011 11:44 AM

     

    Go to %appdata%\PGP Corporation

    Edit PGPprefs.xml , change lines regarding license information if needed:

        <key>CLlicenseName</key>
        <string></string>
        <key>CLlicenseEmail</key>
        <string></string>
        <key>CLlicenseOrganization</key>
        <string></string>
        <key>CLlicenseNumber</key>
        <data></data>
        <key>CLlicenseAuthorization</key>
        <data></data>

    Fill the correct information for each field after  <data>

    Reboot services and check if license has been updated. try to license using the command if necesary.


     



  • 5.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 14, 2011 11:58 AM

    Some more information would be helpful in diagnosing your problem.

    - Are you running 32-bit or 64-bit Windows 2003?  If 64-bit, are you running the 32-bit or 64-bit version of PGP Command Line?

    - Is your hardware identical?  Does PGP Command Line license properly on the same system configuration that fails?

    - Do all systems have the same Windows updates installed?

    - Do you have the same problem if you run in local mode (with the "--local-mode" option)?  (I suspect you will but it would be a good data point to have)

    - We've made a significant change to random number generation (and some associated changes to entropy collection) in 10.2.  Can you try upgrading and see if that resolves your problem?



  • 6.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 15, 2011 01:36 PM

    I've managed to license the problematic servers using the fix in Julian_M's message (thank you! - I'm assuming that the same registration/license details can be used on the multiple servers that we have a license for - 5 I believe).

    The 'hanging' problem is also affecting the '--gen-key' function - it stops at the ''Acquiring entropy from system state...' stage.

    The thing is that on our working system, this takes about 5 seconds and then the command window disappears. On the problematic system, it just stops, and I have yet to see it actually complete.. Is this function meant to take a long time - is there anything specific it's looking for or does this vary from system to system?

    Thanks :)

     

    For reference:

    32-bit Windows 2003.

    Hardware has some differences, Windows updates are unlikely to be identical, perhaps a month apart or so.

    I think I 'accidentally' ran in local mode when I ran it without the service running, and got the same result.

    We don't have the option to download 10.2, or any version apart from 10.1. Does a purchase not give us access to upgrades?



  • 7.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 15, 2011 04:26 PM

    Glad to hear that worked.

    To get 10.2 , you should speak with Customer Care: http://www.symantec.com/business/support/assistance_care.jsp

    so they can allow 10.2 download for you. Upgrading/reinstalling make things work lots of times...

     

    Have you tryied using a different algorithm for creating the key?

    For example:

    pgp --purge-all-caches  (just in case)

    pgp --gen-key "Alice Cameron <alice@example.com>" --key-type dh
    --encryption-bits 2048 --signing-bits 2048 --passphrase
    "cam3r0n" --expiration-date 2012-06-01 --verbose --debug

    --verbose --debug also may help troubleshooting

     

    Also , what happens if you run :

    pgp --speed-test

    Please paste output

     



  • 8.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 15, 2011 04:41 PM

    Have you installed any additional cryptographic service providers on the systems?  If you look in the registry at

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider 

    are there any providers besides the Microsoft providers?


  • 9.  RE: Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

    Posted Dec 15, 2011 06:18 PM

    Have you tried running as a user with Administrator privileges?

    Do a search on your system for the file randseed.rnd.  Where is this file located, and what are its permissions?