It looks as though it is defaulting to email enrollment. This usually happens if the user is not able to be matched to a policy that uses silent enrollment. I would check the following first:
- On the web console for the SEMS, log in and go to Consumers>Directory Synchronization.
- Click on LDAP Settings on the bottom of the page. Make sure the box is checked to allow LDAP enrollment. Save settings.
- Click on the LDAP that was set up for Directory Sync. Make sure that you can successfully use the Test Connection button, then the View Sample Records button. When you View Sample Records, if it displays any records at all, it was successful.
- Go to Consumers>Consumer Policy. For each policy, you will want to make sure that you click on Desktop, and on the General tab, check the box to enable Silent Enrollment.
If all of that is set correctly, the user should be getting the correct enrollment type. It should not try to enroll a user at all unless they match the correct managed domain, so that should be ruled out.
If the user still has the issue, there may be some damage prefs or policy data that is not being overwritten properly. Close the wizard, and stop PGP services through the task manager. the main process that you need to stop is PGPTray, but stop any processes that contain PGP.
Navigate to %AppData%\PGP Corporation. Rename the PGP folder to PGP_OLD, or another name of your choice. Then try starting Symantec Encryption Desktop again. When asked if you wish to start all services, select Yes. It should prompt for enrollment again.
If still finding the same issue, go to the web console again, and check the logs (Reporting>Logs). Select the Client Log and look for any entries from that system's IP address.
Let me know how that goes.