Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Windows 8.1 / Encryption Desktop 10.3.1

Created: 28 Jan 2014 • Updated: 04 Feb 2014 | 9 comments
This issue has been solved. See solution.

Hi all,

Apologies if someone has asked this question recently but I have not found a solution, which is both annoying and is stopping me from purchasing Symantec Encryption Desktop!

I'm using Windows 8.1 Enterprise Edition, Outlook 2013 and Symantec Encryption Desktop 10.3.1 and I can't get it to integrate (I have deployed on several older versions of Windows, Outlook and PGP in the past), it just refuses to do its job of allowing me to send and receive encrypted e-mail.  I have a gash workaround using GPG4win but its less than ideal.

Can anyone comment whether 10.3.1 supports my combination of software, and if so how to get it to work??

Thanks,

Dave

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Symantec Encryption Desktop Support on Windows 8.1

http://www.symantec.com/docs/AL1513

Have you placed a call to support?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Symantec Encryption Desktop versions 10.3.1 and 10.3.1 MP1 are compatible with Microsoft Windows 8.1. For more information on which additional operating systems Symantec Encryption Desktop for Windows can be installed on, see the following Release Notes article.

Prior to upgrading your Windows operating system, you must first decrypt your encrypted disk. For information on how to upgrade your operating system, refer to the following article

Symantec Encryption Desktop is now compatible with Microsoft Windows 8.1

 

Article:AL1513 | Created: 2013-12-09 | Updated: 2013-12-10 | Article URL http://www.symantec.com/docs/AL1513

Upgrading Windows 8 to Windows 8.1 with Symantec Encryption Desktop (encrypted or unencrypted drives)

 

Article:HOWTO94521 | Created: 2013-12-10 | Updated: 2013-12-10 | Article URL http://www.symantec.com/docs/HOWTO94521

 

Sue H's picture

Hi. Windows 8.1 compatibility was added with the Encryption Desktop 10.3.2 release. Which was just released yesterday. For more information, see the announcement at https://www-secure.symantec.com/connect/forums/release-announcement-encryption-products-1032332.

Hope this helps!

...sue

DavePKI's picture

Thanks for all the answers guys and gals, very useful!  I didn't mention in my original post which I should of, but I'm using Office 365 as well.  The only reason I've held off purchasing a copy is because I wanted to prove the integration first.

Because I'm running the trial version I don't have a serial number so can't download 10.3.2.  But if purchasing a copy would give me a access to an integration guide or support, I'll just buy a copy anyway and then call you if I have any trouble!

Also I'm only using the e-mail encryption piece (legacy PGP), not the full disk encryption as I have a Surface Pro 2 and I don't think PGP supports the Surface keyboard for pre-boot passphrase authentication?  So I'm using BitLocker with AES-256 in its TDE mode.  If PGP does support the Surface' keyboard for pre-boot auth I'll definitely use that though too!

Sue H's picture

Hi DavePKI. Actually, the Surface Pro 2 *is* supported in the new release. You do need to "activate" the keyboard first, but this is clearly documented in the release notes. (Search for "Surface Pro 2" in the 10.3.2 release notes and you'll see the exact steps you need to follow.)

Just be sure you are using an email client that is a desktop client (such as Outlook) and not a web-based client. You can verify the email clients that are supported in the release notes, also.

Hope that helps, too! I think I definitely unblocked your concerns with the Surface Pro 2, anyways.
...sue

SOLUTION
DavePKI's picture

Just an update on this thread, I installed PGP 10.3.2 and it worked like a charm, literally just worked perfectly with Outlook 2013 and Office 365 on Windows 8.1 without any pain or stress.  Great effort by Symantec to keep their products on the cutting edge.  I will definitely be buying a copy from a UK reseller!

I do have one minor issue though, after turning on Whole Disk it won't boot unless I disable Secure Boot Control in my Surface BIOS.  If I do that I get a slightly scary red screen on boot for a few seconds, it goes away then allows me to enter my passphrase using the Surface keyboard.

I would RTFM but I can't find the manual!  Sue et al, do you have a remedy for the red screen?  I can reset the Secure Boot Control keys using the BIOS, but I want to make sure its safe before I pull the trigger on that.

The steps for that are described here: http://myitforum.com/myitforumwp/2013/04/14/fixing-the-red-screen-after-update-issue-with-the-microsoft-surface/

Cheers,

Dave

Sue H's picture

Hi Dave! I'm glad to hear that 10.3.2 worked like a charm for you for your email!

Secure Boot is actually not supported. You wouldn't need to RTFM, this is documented as a known issue in the release notes:

  • Incompatibility with Microsoft Surface Pro laptops when Secure Boot is enabled on Microsoft Windows 8/8.1 UEFI systems. Symantec Drive Encryption is incompatible with Microsoft Surface Pro laptops when Secure Boot is enabled (a boot failure occurs when restarting your system after encrypting it). To temporarily work around this issue, disable Secure Boot in your system UEFI settings. For more information, refer to the instructions that came with your system. Note that this is an issue with the Microsoft Surface Pro laptop and could be resolved by Microsoft in the future. [3319192]

I know you have a Surface Pro 2 but it's the same issue.

Note that we did not encounter the "slightly scary red screen" when we were working on the issue. I'll let others jump in (including our fine, fine Support folks) on recovering.

Once you have, I would suggest disabling Secure Boot as we know that there is an issue with Surface Pro/2 and Encryption Desktop 10.3.2.

Hope that helped a wee bit!
...sue

DavePKI's picture
Hi Sue,
 
Thanks for your reponse.  I am experiencing two other issues, one an annoyance but possibly a bug, and the other I'm not sure what the problem it is.  The first issue is sometimes when I boot my Surface the keyboard is completely unresponsive and I can't type my WDE passphrase.  The only method of getting the Surface keyboard (Type Cover 2) to respond is by going into the TPM/Secure Boot BIOS by holding the up rocker, then going out of it again.  Then the keyboard seems to magically come back to life and I can type the passphrase.
 
The other issue is that in Outlook 2013 when trying to read an e-mail signed by someone I'm getting the following error in blocks of four in the log, as well as: * PGP Signed by an unknown key, Decrypted
 
03:31:08 Email Error MAPI Proxy: CSrvComm::GetPublicKeyByKeyID failed with error server search failed.
03:31:09 Email Error MAPI Proxy: CSrvComm::GetPublicKeyByKeyID failed with error server search failed.
03:31:10 Email Error MAPI Proxy: CSrvComm::GetPublicKeyByKeyID failed with error server search failed.
03:31:11 Email Error MAPI Proxy: CSrvComm::GetPublicKeyByKeyID failed with error server search failed.
 
I have imported their Public Key into my keyring and signed their key so it is verified, but the error still appears coupled with some lag and the above error messages.  Once I have purchased a full copy of Symantec Encryption Desktop Corporate, I will open a support ticket on the matter and work with your Engineering team to try and resolve the issue(s), unless you already know about it and have a resolution?  
Have any of these errors been encountered by Symantec in the QA cycle prior to the 10.3.2 release?
 
Let me know if I can be of any further help here, otherwise I'll formally engage Support once I have purchased a license.
 
Thanks,
 
Dave
Sue H's picture

Hi Dave.

For the Surface Pro 2, you need to "activate" the cover (whether it's a Touch or Type cover). The instructions are in the release notes as a known issue:

  • Authenticating with a Microsoft Surface Pro 2 System. In order to authenticate with the keyboard on a Microsoft Surface Pro 2 system, whether you have a Touch cover or a Type cover, you need to "activate" the keyboard first. To do this, from a powered off state, press the Power button and the volume down button at the same time. Once the Symantec Encryption Desktop authentication screen appears, authenticate as usual. [3373863]

That should take care of the keyboard responsiveness issue.

As for the error, you're running this in standalone, yes? (You're not running connected to an Encryption Management Server, right?) This could be due to a couple of reasons. One reason could be that you have a multiple messaging services. See if the info at http://www.symantec.com/docs/TECH179420 helps any (it's more about sending than receiving). If not, you may need to file a Support ticket.

 

...sue