Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Authorizing PGP Command Line 10.1 - cmd window freezes/hangs

Created: 13 Dec 2011 | 8 comments

We are installing PGP on a number of servers, (all Windows Server 2003 Enterprise, SP2) some of which have an internet connection and some don't (security reasons).

I have been able to authorize one server that's connected to the internet, using the following command, and it works near instantly:

pgp --license-authorize --license-name "<removed>" --license-organization "<removed>" --license-number "<removed>" --license-email "<removed>"

 

However, when I try this against a similar server, again with an internet connection, the cmd window just stops and won't close normally. There is a static cursor beneath the command, and it will stay like that until I kill the process via tskmgr (which also stops the service) at which point there is an 'insufficient random bits' message, which I assume is the result of the process being ended prematurely.

This freezing also happens when I try any command which requires a license. There is nothing in the event viewer. No CPU/load problems. procmon/filemon don't show anything at the exact time of execution.

Does anybody know what would cause the process to hang completely like this? (it remains like this for several days - I left it over the weekend to see)

 

Also, I've read conflicting info about whether an internet connection is actually needed for authorizing this version? If it is, and we need to use an authorization text file, does this need to be obtained from Symantec (I found no options within our account), or do we need to use the one at the bottom of this page: http://www.symantec.com/business/support/index?pag... ?

 

Many thanks,

Richard Penna.

Comments 8 CommentsJump to latest comment

dfinkelstein's picture

Can you confirm you are running PGP Command Line 10.1 and not 10.2?

As a possible workaround, try running

lodctr /r

on the affected systems.

As for licensing, you are correct, 10.1 does not need internet access to be licensed.

--------

David Finkelstein

Symantec R&D

RichardPenna's picture

Hi, I can confirm that it's 10.1.

I ran 'lodctr /r pgp' and tried licensing again, but it still hung in exactly the same way.

Julian_M's picture

 

Go to %appdata%\PGP Corporation

Edit PGPprefs.xml , change lines regarding license information if needed:

    <key>CLlicenseName</key>
    <string></string>
    <key>CLlicenseEmail</key>
    <string></string>
    <key>CLlicenseOrganization</key>
    <string></string>
    <key>CLlicenseNumber</key>
    <data></data>
    <key>CLlicenseAuthorization</key>
    <data></data>

Fill the correct information for each field after  <data>

Reboot services and check if license has been updated. try to license using the command if necesary.

 

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

dfinkelstein's picture

Some more information would be helpful in diagnosing your problem.

- Are you running 32-bit or 64-bit Windows 2003?  If 64-bit, are you running the 32-bit or 64-bit version of PGP Command Line?

- Is your hardware identical?  Does PGP Command Line license properly on the same system configuration that fails?

- Do all systems have the same Windows updates installed?

- Do you have the same problem if you run in local mode (with the "--local-mode" option)?  (I suspect you will but it would be a good data point to have)

- We've made a significant change to random number generation (and some associated changes to entropy collection) in 10.2.  Can you try upgrading and see if that resolves your problem?

--------

David Finkelstein

Symantec R&D

RichardPenna's picture

I've managed to license the problematic servers using the fix in Julian_M's message (thank you! - I'm assuming that the same registration/license details can be used on the multiple servers that we have a license for - 5 I believe).

The 'hanging' problem is also affecting the '--gen-key' function - it stops at the ''Acquiring entropy from system state...' stage.

The thing is that on our working system, this takes about 5 seconds and then the command window disappears. On the problematic system, it just stops, and I have yet to see it actually complete.. Is this function meant to take a long time - is there anything specific it's looking for or does this vary from system to system?

Thanks :)

 

For reference:

32-bit Windows 2003.

Hardware has some differences, Windows updates are unlikely to be identical, perhaps a month apart or so.

I think I 'accidentally' ran in local mode when I ran it without the service running, and got the same result.

We don't have the option to download 10.2, or any version apart from 10.1. Does a purchase not give us access to upgrades?

Julian_M's picture

Glad to hear that worked.

To get 10.2 , you should speak with Customer Care: http://www.symantec.com/business/support/assistanc...

so they can allow 10.2 download for you. Upgrading/reinstalling make things work lots of times...

 

Have you tryied using a different algorithm for creating the key?

For example:

pgp --purge-all-caches  (just in case)

pgp --gen-key "Alice Cameron <alice@example.com>" --key-type dh
--encryption-bits 2048 --signing-bits 2048 --passphrase
"cam3r0n" --expiration-date 2012-06-01 --verbose --debug

--verbose --debug also may help troubleshooting

 

Also , what happens if you run :

pgp --speed-test

Please paste output

 

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

dfinkelstein's picture

Have you installed any additional cryptographic service providers on the systems?  If you look in the registry at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider 

are there any providers besides the Microsoft providers?

--------

David Finkelstein

Symantec R&D

dfinkelstein's picture

Have you tried running as a user with Administrator privileges?

Do a search on your system for the file randseed.rnd.  Where is this file located, and what are its permissions?

--------

David Finkelstein

Symantec R&D