Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

PGP Universal Server 3.2.1 MP3 <-> PGP Desktop Clients issue

Created: 10 Sep 2012 | 8 comments

Hi all,

We have a PGP Universal Server 3.2.1 MP3 (upgraded today), but have an issue with clients on PGP Desktop.

The Server have 3 policies:

one with full cpu throttle,

one with normal speed and access to the tray icon,

and the last with no access to the tray icon.

The Server is configured to search in our Active Directory for consumers (on three AD groups which identifies what policy serve to the client), the lookup is fine, and the Server shows the matched consumers on the groups.

Here is the problem:

When Install a fresh client or change an user from AD group to another, the client don't take policy from server and mantain the checkboxes clear on PGP WDE (First box to full cpu throttle, the other for power failure feature).

When check the logs of the clients after refresh policy manually, they appear normal, and shows that the policy updated fine.

This happens on Windows 7 (32 & 64).

Thanking you,

Regards,

Osvaldo S.

 

Comments 8 CommentsJump to latest comment

Alex_CST's picture

How long are you waiting between making the changes in AD and checking the PGP clients?  The policy refresh intervals are 24 hours by default, so you might want to either change that interval if you want, you can even get the clients to update every 1 minute whilst you make changes then change it back to a longer interval when everything has settled down.

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

pgp.autopista's picture

The changes between AD and Universal Server, replicates almost immediately,

The update frequency betweeen the clients and the PGP Server is 1 day aproximately

I've tried with the "update every 1 minute" conf. But the behaviour is the same.

 

Regards.

pgp.autopista's picture

I apply the same consumer policy to the new computers, when they finish encrypt, change to another policy.

When i encrypt a Windows XP clients, take the consumer policy smoothly.

 

But if the client is Windows 7 (32 & 64), have more trouble applying the consumer policy.

I've checked the PGPPolicy.xml and PGPPrefs.xml and differ from the configured ones, this happens only on W7 clients.

 

Regards,

Alex_CST's picture

Hmm, so when you do a manual policy refresh it finds the new policy. 

Can you disable the firewall on a windows 7 machine and see if it can find the new policy by itself ?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

pgp.autopista's picture

The Windows FW is disabled by an AD Domain Group Policy.

Yes, manual update works, no errors but the .xml files that i mentioned before, don't change (This happens only on W7 Clients).

I manually deleted the xml, and did a manual update, so the files are created again, but the PGP Desktop don't show the policy changes (the checkboxes are clean).

Regards,

Alex_CST's picture

Do you get any errors in the logs for the pgp desktop?  If not, can you enable debug, then force restart the pgptray.exe and attach the verbose log (+ debug) into here so I can have a look at it.

For information on how to enable debug logging, go to http://www.symantec.com/docs/TECH149847 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

pgp.autopista's picture

I've enabled debug logging.

The log output is attached.

As you see in the 2nd image , the PGP desktop still don't take the policy and encrypts very slow.

The machine is a HP Probook 4440s Core i5 processor + 4GB RAM + 500 GB Hard Disk.

Regards.

pgp-desk-log.png pgp1.png
pgp.autopista's picture

Here is another log i found in C:\Users\<user>\AppData\Roaming\PGP Corporation

 

IP 14:04:44 Beginning synchronization with configuration server pgp-server
IP 14:04:45 Completed synchronization with configuration server pgp-server
DN 14:04:45 Policy update skipped
DN 14:04:48 Policy update skipped
IP 14:06:43 Beginning synchronization with configuration server pgp-server
IP 14:06:45 Completed synchronization with configuration server pgp-server
VN 14:06:47 Policy update initiated
VN 14:06:47 Custom location-based Blacklist: no items
VN 14:06:47 Location-based Whitelist: no items
VN 14:06:47 Custom app-based Blacklist: no items
VN 14:06:47 App-based Whitelist: no items
DN 14:06:48 Policy update skipped
IP 14:08:43 Beginning synchronization with configuration server pgp-server
IP 14:08:45 Completed synchronization with configuration server pgp-server
DN 14:08:45 Policy update skipped
DN 14:08:45 Policy update skipped
DN 14:08:49 Policy update skipped
DN 14:09:36 Policy update skipped
DN 14:09:36 Policy update skipped
DN 14:09:39 Policy update skipped

Regards.

Osvaldo S.