File Share Encryption

 View Only
  • 1.  Single user issue with multiple machines

    Posted Mar 27, 2015 10:40 AM

    We have a single end user who is prompted for a passphrase to sign our organizations key.  After logging in successfully with his network credentials on the initial PGP Enrollment screen, on any new device, this one user is getting the prompt "In order to sign your organizations key, pgp needs your passphrase".  If he cancels it it continues and allows him to choose his security questions/answers, but every reboot he's again asked for the passphrase.  We are kind of at a loss.  It's happened with a either Windows 7 or Windows 8.1, we haven't tried any others, but it happens on any device he tries.

     

    Nobody else that I'm aware of has ever seen this prompt in our company.



  • 2.  RE: Single user issue with multiple machines

    Posted Mar 27, 2015 10:47 AM

    What key mode are you using, or what key modes are allowed?

    Are you using silent enrollment?

    Errors like this are usually seen when a GKM key is allowed, and silent enrollment is used.  Every time the user logs on to a new system he will be prompted for the key passphrase.  If using Silent Enrollment, we recommend using SKM mode only.  Otherwise, a GKM key will be created, using their current Windows passphrase when they first enroll, but the passphrase on that key will not change, so after several Windows passphrase changes, the user will likely not remember the GKM key passphrase.

    Are you using consumer matching for grouping users automatically?  If so, is this user maybe getting matched incorrectly, or getting matched to a different group than expected?