If I understand you correctly. You are saying that you ONLY have GKM mode enabled under Consumers ---> Consumers --> Default (or other policy if you are not using default) --> Keys --> Management and then you are enabling "Silent Enrollment" under Consumers ---> Consumer Policy ---> Default ---> Desktop where it says "enable silent enrollment".
But with this option enabled it never generates a key for the user? The first issue that you described in the initial comments says that it generates the key, but SKM instead of GKM (which would imply that you may have both options enabled under key modes which is causing that). But your last comment makes it sound like it only GENERATES a key under SKM key mode.
---
I would make sure that SKM key mode is turned off, if you dont want to generate SKM keys. Only have GKM key mode checked. If its failing to generate key after enrolling even with GKM key mode enabled, I would check the PGP Desktop client logs and PGP universal server client logs as well to see if there are any errors indicating what the problem is.