File Share Encryption

Hi Experts,

I have an issue here in my test environment.

I've done Directory Synchronization, I have a admin credentials to access the AD, I've also enabled directory synch

I've tested the connected between my PGP server and AD Server, its connection is good. I've also place Base DN

But when I install my PGP Desktop, It doesn't detect the user and it doesn't enroll in my PGP Server.

Does the policy affect this issue? even if i manually add the user in the PGP server, it doesn't detect the user.

Thanks

Hello,

When you go to Directory Sync on the PGP server. 

Did you click on the settings tab and check the box to enroll client's using Directory Sync?

When setting up the Diectory Sync, was the Bind DN assigned?

Thanks

Anthony

Hi Sir, thanks for your reply, I've checked the items you've said, yes I've checked the box to enroll client's using Directory Sync, Also I've set the Bind DN.. That account is the one with access in AD Server

Hello,

Does your server have a DNS record, forward and reverse? 

When the Bind DN was assigned, was the connection tested? 

Disable your Anti-virus and try the install for PGP to enroll with the server.

Do you get any pop up errors after installing PGP?

Thanks

Anthony

So to clarify, do you get the enrollment prompt, and then the user fails to enroll, or is no prompt coming up to enroll the user?  Does it instead ask if you would like PGP enabled from this account, then ask you to license the product?  When you download the client fom the Groups page on the server, be sure to check the box to customize the installer, and match users automatically.

When testing your Bind DN, make sure to click on View Sample Records in the bottom left.  Any results at all mean that your connection and AD sync sould be good.

Does your end user account have an email address in AD, that is also in the managed domain for the server?  That can cause a user to fail to enroll.

Descibe exactly what happens on the client system when you log the user on.

I've tested the connection between the PGP Server and AD Server, it seems that the connection is good coz my PGP Server recognizes the contents in my AD Server.

During the installation of PGP on the test client, the enrollemt prompt doesn't appear after the reboot. As I click the View Sample Records, It appears that my PGP Server detects what's in the AD Server. I didn't set an email address on my user in AD.

I don't have any AV installed in my test client

No errors during PGP installation

This screenshot always appear during my 1st installation in my PGP Test client

It says that "A locally embedded administrator preferences file has been integrated into your user preferences. Although you will not be enrolled on the network server"

Hi Symantec Man,

As per information:

"A locally embedded administrator preferences file has been integrated into your user preferences. Although you will not be enrolled on the network server"

please check what type of the SED package customization you have deployed (most probably you have used Preset Policy Group / Embed policy and license information to force disconnected clients - SEMS > Consumers > Download Client ).

Please change to Customize / Auto-detect Policy 

What is the Embed Policy Option for PGP Desktop Configured Installations?

HTH

When you downloaded the client, you must have checked the box for embedded policy.  You should download a new client without preset or embedded policy for future testing.

You can remove the embedded policy by following the instructions here:
http://www.symantec.com/docs/TECH149637

That should get the system(s) back to enrolling users properly.

Hi Mike

I've tried what's in the tech149637, seems that same thing always happens to my test client.

I've already select customize -> preset policy group (selected my group) -> uncheck embedded , I think that my PGP Server can't detect the username and PC name eventhough its already sync in my AD Server that's why im still having the issue above with screenshot

Hello,

You'll have to uninstall your PGP and run this clean out script to clean PGP out of the Windows OS.  I'll attached the PGP clean all to this thread.

Download a new client package and install.  Make sure for your Directory Sync under the settings tab that the box is checked for clients to enroll with Directory sync.  Consumers, Directory Sync, Settings

Ldap can be setup but if the box is not checked for clients to use Directory Sync then you'll not get the ldap enrollment window.

When you download the client package, make sure to use the Auto detect policy option.  Preset policy is used if you're never going to move users to a different group.

If you want to have pre-defined groups and have users put into those groups after enrollment then setting up Match consumers is the best option with security groups in Active Directory.

Thanks

Anthony

Attachment(s)

pgp_cleanall-1.1_0.zip   946 B 1 version

Hello

Sorry for a late reply, I finally solved the problem incidentally, I re-synchronize the active directory, and try to restart the PGP Universal Server.

After I've installed my PGP Desktop on my test client, it already enrolled.

Thanks All