Endpoint Encryption

 View Only

  • 1.  PGP adds existing email account every time PC starts up

    Posted Oct 22, 2014 05:35 AM

    I've PGP WDE 10.2.1 on a number of PC's in the office all running Windows 7 Pro for more than a couple of years now without any major issue arrising.

    Now in the last month or so, every time a PC starts up and PGP desktop starts up, it sees the users existing Outlook 2010 email account as a new account that it hasn't seen before. The user then has to click through the boxes to accept the account, assign their existing key and the finish the "new account".

    I see this error in the PGP log for every user:-

    09:25:02 Email     Warning    Private key not previously specified; invoking wizard

    This can happen at various times during the day and sometimes not even on PC startup, it appears randomly.

    The PGP Private key for the user is stored in the default directory.

    Does any one have any ideas why this has suddenly started?

    TIA,

    Don

     



  • 2.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 22, 2014 06:01 AM

    If you use PGP Desktop for WDE then the messaging portion shouldn't even be activated.  Disable it in the options.

     

    Go to Tools > Options > Messaging and untick "Secure Email"



  • 3.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 22, 2014 06:38 AM

    Hi Alex, Thanks for prompt reply. We do use PGP to encrypt our emails, however I have noticed in that section a tick box "Discover new accounts", so I've unticked this and I'll see what happens tomorrow. It's still strange that this has suddenly started when we've been using the PGP WDE and email encryption for years now with no issue.

    Regards, Don
     



  • 4.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 22, 2014 02:26 PM

    Has anything changed in the mail environment?  New or different Exchange servers?  Possibly cloud-hosted Exchange?

    Is it adding a new service each time?

    Have you tried setting a service with wild-card characters for the incoming and outgoing mail servers (*)?

    If these are standalone clients, and anything has changed in the mail environment (especially in the case of a hosted Exchange, where the actual physical server may be different every time mail is sent) it will cause email encryption to try creating a new service.  Each service then needs a private key assigned to it.

    If you set up a service using * for incoming and * for outgoing, it may help resolve the issue, as it will use the same service for any server that it connects to.



  • 5.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 23, 2014 05:47 AM

    Hi Mike,

    We've been using Outlook to interface to Gmail for a year now and every time Gmail move their mail server we always used to get a new server discovered by PGP. So I expect this is causing us some problem, although I've not experienced this particular problem before.

    However, to answer your points:-

    Yes - lots of different mail servers

    Yes - it does add a new service every time

    I've added the service as you suggest with the wildcard - seems to have stopped the problem, time will tell.

    Thanks for your help, I'll give it week and see how it goes.

    Regards, Don



  • 6.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 23, 2014 05:48 AM

    Hi Alex,

    Just an update from me, un-ticking the "Discover new accounts" box didn't work, I had to re-tick it for mail to start working again.

    I'm trying Mike's suggestion now.

    Thanks for the help though.

    Regards, Don



  • 7.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 23, 2014 12:31 PM

    It looks like in July Google started rolling out some new security features for Gmail.  I'm not sure specifically how this might affect anything, but I would imagine that any changes they make on their servers could cause the PGP service to see it as a new server.  When updates to the servers that might normally service your requests are updated, you most likely would be shifted to a different set of servers, and therefore a different set of services would have to be created.

    On top of that, Google will not publish any information on just how many servers are in use for Gmail, but the company as a whole has over 1 million servers in their infrastructure.  As the Encryption Desktop gets more services set up, it can make it harder for the system to recognize existing services as well, so it may start prompting for the Wizard even on existing services.

    Hopefully the */* approach will eliminate that, and help everything run smoothly for you.



  • 8.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 29, 2014 05:48 AM

    Hi Mike,

    Well so far, so good. The */* fix seems to have worked. I altered my PGP last week and since then, no more problem. I altered some of my users PGP in the same way, early yesterday morning, so far - no complaints :-)

    until Gmail/Microsoft change something else :-(

    Thanks for your help and patience, you do seem to have found the answer.

    Regards, Don



  • 9.  RE: PGP adds existing email account every time PC starts up

    Posted Oct 29, 2014 12:37 PM

    With the */*, it should accept any server, so even if changes are made, it should still be able to apply the same rules without trying to add a new service or prompting a user to associate a key with a new service.

    If you run into anything else just let us know!