Video Screencast Help

I need help!!!

Created: 02 Oct 2012 | 14 comments

 

Hello Friends ! I'am terrible sorry for my bad english.

I need your help because I'v got same errors in my PGP Desktop and PGP US.

My infrastucture are: PGP US 3.2.1 (Build 4940) with update PGP Universal 3.2.1 (Build 4961)  on ESXi 5.0.0 and PGP Desktop 10.2.1 MP4 [Build 4961] on Windows XP SP3 and Lotus Notes 8.5 as a mail client

SKM - mode, ADK. 

I've got a problems with new installation of PGP Desktop:  

I received letter from PGP US then open it then click "Next" and I've got these error messages:

1) The required ADK is not on your keyring. Contact your Security Administrator.

2) The required Organization key is not on your Keyring. Contact your Security Administrator.

I can't start PGP Desktop and  Enrollment assistent start again after reboot. 

But all other functions are working fine.  All functions of old client are working fine too.

Any ideas ?

Comments 14 CommentsJump to latest comment

Alex_CST's picture

Are you getting these errors when you attempt to enroll?  In the old client, do you have the ADK and Organisation key inside your keyring on PGP Desktop?

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Alex_CST's picture

Also, what is the older version of PGP Desktop you are using? (the one that works)

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

GoodmanMSK's picture

Yes, I am getting these error after when I finish enroll.

I think this is a problem of PGP US 

I am using one version of PGP Desktop on all clients. I made installer with policy from PGP US

PGP Desktop version is 10.2.1 MP4 [Build 4961]

 I installed my first clients without these errors.

Alex_CST's picture

Ok, so you are in SKM which stores the private keys on the server, it will still look for your ADK/Organisation Key locally if you configured your server to require them.  

Do you actually enroll successfully, then get the error? Or will it not even let you enroll? Can you try enrolling as somone else other than yourself (assuming you haven't done that already)  because it sounds like a mis-configuration on your account.

Can you log onto your PGPUN under your account to see how many managed keys, and their usage you have? It should look like mine below

 

example.png
Please mark posts as solutions if they solve your problem!

http://www.cstl.com

GoodmanMSK's picture

Thanks for your time.

I'got 8-9 users keys now but I must install PGP Desktop to 150 more users.

Organization key and ADK are present on PGP US

First two clients are woking fine without any error but all new installation have thease errors.

I can't start PGP Desktop but all other function is OK and mail with [PGP] subject  send encrypted

 

Alex_CST's picture

Do you have any against those keys whose usage is ADK/Organisation key?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

GoodmanMSK's picture

Hello Friends!

 

This is a Symantec bug (in my opinion) - if I select only SKM mode and made customize PGP Desktop msi I catch these errors

GoodmanMSK's picture

Yes This is a symantec bug - before new msi-installer generation I add GKM mode -  no any errors found, but users have a opportunity to select SKM or GKM options during PGP Desktop installation.  

 

 

 

Alex_CST's picture

If you then select SKM does it still give the errors?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

GoodmanMSK's picture

I selected SKM and GKM modes in a policy and made new msi-installer. My users can select SKM or GKM key mode during PGP Desktop installation. I asked them to select SKM and I didn't have any errors.

 

I don't want that my users can  select GKM-mode at all.

Alex_CST's picture

Ok if i can just clarify the current situation:

  1. If you create an MSI installer with JUST SKM, when you enroll you get the error about the Keyring
  2. If you create an MSI installer with SKM and GKM policy enabled, when you enroll you don't get the Keyring errors, even if they do select SKM?

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

GoodmanMSK's picture

Hi

If I create an MSI installer with SKM and GKM policy enabled, I don't have any error at all.

Users can select any of these modes: SKM or GKM - no errors.

For security reasons I  want to use only SKM mode but this bug doesn't give me this opportunity.

Alex_CST's picture

Can you see if you can enrol somone who has no keys currently?  i.e. a new user?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com