Thank you, BEN
Symantec support team alway make me suprised by their skills and respond time, so i guess you are one of the best, Cheer!!
Sorry for the lack of info i have posted, i am using Symantec Encryption Management Server - formerly PGP Universal Server and it is running on VMware ESXi 5.0.
I'm using only one domain so i am sure there is no other account with the same name. The LDAP attriblue, UPN and samAccountName and proxyAddress of the user is correct.
This is what i have done:
1.Create account (user1@mydomain.com) -> Logon and enroll that account from client machine -> Perfect.
The PGP Universal Server regconised that user is an internal user and place it on the list
2.Delete user1 from PGP Universal Server (user1 still available on AD then)
Enroll again -> Error -11286
I have tried with 3 different accounts and get the same result.