Video Screencast Help

Passphrase not updating on specific laptop

Created: 24 Dec 2012 | 9 comments

Have 2 laptops and 1 user.

On laptop A the user logins with their windows password via PGP at boot with the single signon.

When they reset their password on the laptop A and even manually sync the keys to the PGP Universal Server and rebooted, PGP still is using the old password.

If the users does the same on laptop B, when they change the password and sync the key, on reboot, PGP is using the new password.

 

I've looked at laptop A and cache appears to be off (was on before).  I've used the re-register tool to re-register them with the PGP server, makes no difference.  Removed all the PGP key files on the laptop associated with that users manually, makes no difference.  Removed the user from the PGP server and from the laptop and even removed them from the User Access section.  Then re-added them, makes no difference.

Any ideas why it's not syncing the new password?

Discussion Filed Under:

Comments 9 CommentsJump to latest comment

stevenuk's picture

Looking at the logs on both laptops it says

"Completed synch with configuration server OUR SERVER NAME"

I've also now noticed if laptop A syncs to the server and I go back to laptop B, laptop A has force laptop B to start using the old Windows password as well for the PGP login.  Obviously then failing to login when gets to Windows as it's not the current domain password.

stevenuk's picture

I'm changing the password via AD due to the annoying group policy being set that a users can't change their password if changed it within 15 days or already being changed.

So once do that I login to Windows and do a sync.  All works fine on laptop B, but refuses to update on laptop A with PGP still insisting on using the old passphase.

Tom Mc's picture

Please see http://www.symantec.com/docs/TECH149367

I suspect you know to use Ctrl-Alt-Del to change SSO passphrases. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

stevenuk's picture

For PGP to pick up the new one?  No.  Does PGP detect the ctrl-alt-del password change then?  What happens when their password expires at login and they're asked to change it, does PGP also pick that up?

On are other laptops, when I've changed the password via AD and they've logged in.  Later when they reboot (as I've set the server to check in every 30mins for password changes) it all seems to sync fine and when they reboot PGP is using the new windows password as it's passphase.

On the one on laptop A, I'm unable to do a ctrl-alt-del password change because of our group policy, stopping users from changing their passwords multiple times per day.  It's kicked in, so isn't allowing me to change the password for another 15 days, hence I'm having to do it via AD.

Tom Mc's picture

I don't manage a PGP Universal Server, so am not aware of all the options in such setting.  However, the general recommendation is to use Ctrl-Alt-Delete to change the SSO passphrase.  If you don't, you will need to use the old passphrase on the next reboot, and then be able to use the new passphrase on subsequent boots.  Even on my Symantec computer that is PGP Universal managed, Ctrl-Alt-Delete is used, followed by logging out and then logging back in with the new passphrase.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

stevenuk's picture

But that doesn't explain why I can change the password in AD on laptop B, login, force a key sync, reboot and then PGP is using the new passphase.  Yet on laptop A it won't.  And never does.  Even after several reboots it still insists on using the passphase that specific user was setup with and enrolled with.

ybe's picture

What version of PGP desktop do you use?

I seen this problem with 10.1

 

 

 

stevenuk's picture

10.2.  Only appears to be for this one user as well.

ybe's picture

Try to change the order of PGPpwflt in Network provider