File Share Encryption

 View Only
Expand all | Collapse all

I need help!!!

GoodmanMSK

GoodmanMSKOct 03, 2012 01:05 PM

  • 1.  I need help!!!

    Posted Oct 02, 2012 03:30 PM

     

    Hello Friends ! I'am terrible sorry for my bad english.

    I need your help because I'v got same errors in my PGP Desktop and PGP US.

    My infrastucture are: PGP US 3.2.1 (Build 4940) with update PGP Universal 3.2.1 (Build 4961)  on ESXi 5.0.0 and PGP Desktop 10.2.1 MP4 [Build 4961] on Windows XP SP3 and Lotus Notes 8.5 as a mail client

    SKM - mode, ADK. 

    I've got a problems with new installation of PGP Desktop:  

    I received letter from PGP US then open it then click "Next" and I've got these error messages:

    1) The required ADK is not on your keyring. Contact your Security Administrator.

    2) The required Organization key is not on your Keyring. Contact your Security Administrator.

    I can't start PGP Desktop and  Enrollment assistent start again after reboot. 

    But all other functions are working fine.  All functions of old client are working fine too.

    Any ideas ?



  • 2.  RE: I need help!!!

    Posted Oct 03, 2012 08:16 AM

    Are you getting these errors when you attempt to enroll?  In the old client, do you have the ADK and Organisation key inside your keyring on PGP Desktop?

     



  • 3.  RE: I need help!!!

    Posted Oct 03, 2012 08:19 AM

    Also, what is the older version of PGP Desktop you are using? (the one that works)



  • 4.  RE: I need help!!!

    Posted Oct 03, 2012 10:01 AM

    Yes, I am getting these error after when I finish enroll.

    I think this is a problem of PGP US 

    I am using one version of PGP Desktop on all clients. I made installer with policy from PGP US

    PGP Desktop version is 10.2.1 MP4 [Build 4961]

     I installed my first clients without these errors.



  • 5.  RE: I need help!!!

    Posted Oct 03, 2012 10:33 AM

    Ok, so you are in SKM which stores the private keys on the server, it will still look for your ADK/Organisation Key locally if you configured your server to require them.  

    Do you actually enroll successfully, then get the error? Or will it not even let you enroll? Can you try enrolling as somone else other than yourself (assuming you haven't done that already)  because it sounds like a mis-configuration on your account.

    Can you log onto your PGPUN under your account to see how many managed keys, and their usage you have? It should look like mine below

     



  • 6.  RE: I need help!!!

    Posted Oct 03, 2012 01:04 PM

    Thanks for your time.

    I'got 8-9 users keys now but I must install PGP Desktop to 150 more users.

    Organization key and ADK are present on PGP US

    First two clients are woking fine without any error but all new installation have thease errors.

    I can't start PGP Desktop but all other function is OK and mail with [PGP] subject  send encrypted

     



  • 7.  RE: I need help!!!

    Posted Oct 03, 2012 01:05 PM



  • 8.  RE: I need help!!!

    Posted Oct 04, 2012 04:23 AM

    Do you have any against those keys whose usage is ADK/Organisation key?



  • 9.  RE: I need help!!!

    Posted Oct 06, 2012 01:17 PM

    Yes This is a symantec bug - before new msi-installer generation I add GKM mode -  no any errors found, but users have a opportunity to select SKM or GKM options during PGP Desktop installation.  

     

     

     



  • 10.  RE: I need help!!!

    Posted Oct 06, 2012 04:25 PM

    Hello Friends!

     

    This is a Symantec bug (in my opinion) - if I select only SKM mode and made customize PGP Desktop msi I catch these errors



  • 11.  RE: I need help!!!

    Posted Oct 08, 2012 04:37 AM

    If you then select SKM does it still give the errors?



  • 12.  RE: I need help!!!

    Posted Oct 09, 2012 02:18 PM

    I selected SKM and GKM modes in a policy and made new msi-installer. My users can select SKM or GKM key mode during PGP Desktop installation. I asked them to select SKM and I didn't have any errors.

     

    I don't want that my users can  select GKM-mode at all.



  • 13.  RE: I need help!!!

    Posted Oct 10, 2012 03:41 AM

    Ok if i can just clarify the current situation:

    1. If you create an MSI installer with JUST SKM, when you enroll you get the error about the Keyring
    2. If you create an MSI installer with SKM and GKM policy enabled, when you enroll you don't get the Keyring errors, even if they do select SKM?

     



  • 14.  RE: I need help!!!

    Posted Nov 12, 2012 06:53 AM

    Hi

    If I create an MSI installer with SKM and GKM policy enabled, I don't have any error at all.

    Users can select any of these modes: SKM or GKM - no errors.

    For security reasons I  want to use only SKM mode but this bug doesn't give me this opportunity.



  • 15.  RE: I need help!!!

    Posted Nov 13, 2012 03:49 AM

    Can you see if you can enrol somone who has no keys currently?  i.e. a new user?