Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

get key by keyid failed: Invalid domain name specified

Created: 30 Apr 2012 | 5 comments

Any ideas what may be causing the following errors in the client logs?

CLIENT-20364: client request <GetKeyByKeyID> returning fault -11980 (unknown error)
CLIENT-20364: get key by keyid failed: Invalid domain name specified

Thanks

 

Comments 5 CommentsJump to latest comment

Julian_M's picture

this is while enrolling or encrypting?

what`s the email address in the directory user account?

is directory synch properly configured?

Did you add domain route?

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

plato28's picture

this is while enrolling or encrypting? - No the user has been enrolled and encrypted since last year.  The errors occur during the normal client policy/key sync process.

what`s the email address in the directory user account? - The user's email address is valid when viewing from Consumers - Users.  We are not using Verified Directory User Accounts.  The user's email address matches our managed domain. 

is directory synch properly configured? Yes, it appears to be working just fine

Did you add domain route? - Not that I'm aware of

Thanks

Julian_M's picture

 

You may want to check key mode in server (SKM , GKM ,etc) and compare KEY ID to PGP desktop keys. In PGP desktop options , you can add user`s key to "Masters keys" ..that can help.

Is key healthy?

 

Enable PGP debugging, reproduce the issue, and review logs again. You will have mucho more information now.

http://www.symantec.com/docs/HOWTO64205 or http://www.symantec.com/docs/TECH149847 for XP

 

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

PGP_Ben's picture

Did you ever find a solution to this problem? we have other customers reporting a similar problem. It appears to be an issue with keys in the users keyring that are not managed by the universal server trying to synchronize with an invalid keyserver. There is a bug filed on this issue. An workaround that we found is that you can change the keyserver entry in PGP Desktop under Tools --> Edit Keyservers. Change any entries like: entry keys.$ADDRESS_DOMAIN to the FQDN like: keys.example.com

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

plato28's picture

No.  I've just been ignoring the errors since no one has reported any issues with functionality. I'll take a look at the users' keys and their key server settings and report back.  Thanks.