Network issues or error messages referencing PGPlsp.dll on machines running PGP Encryption Desktop (Symantec Encryption Desktop)
search cancel

Network issues or error messages referencing PGPlsp.dll on machines running PGP Encryption Desktop (Symantec Encryption Desktop)

book

Article ID: 153275

calendar_today

Updated On:

Products

Desktop Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

Internet or network connectivity may be lost or error messages that reference PGPlsp.dll occur on machines running PGP Encryption Desktop.

For example, you may see this error message in Windows Remote Assistance after you have generated the invitation file and before the password has been generated:

Note: For information on why this issue happened, see article 191174. This issue has been resolved in Symantec Encryption Desktop 10.5 MP1.

Environment

Windows 10 and Encryption Desktop release 10.4.2 through 10.5.0. However; if vendors do not modify their filter logic, the network issues may continue, or the 3rd party software may still be broken.

 

 

Cause

PGP Desktop Email Encryption supports the use of SMTP, POP3 and IMAP to send and receive email.

In order to do this, PGP Encryption Desktop utilizes a level of the operating system that deals with Internet/network connectivity called the network stack or LSP (Layered Service Provider). Subsequently, it uses the LSP to proxy the network connection for email.

Many third party applications use the network stack in order to perform network functions and conflicts may arise.

Resolution

This issue has been resolved in Symantec Encryption Desktop 10.5 MP1. However; if vendors do not modify their filter logic, the network issues may continue, or the 3rd party software may still be broken.

This workaround is provided as-is.  Following these steps should be done only if proper backups have been taken of the system in case unexpected behavior occurs.

If you do not use SMTP, POP3 or IMAP to send and receive email or do not wish to encrypt or decrypt mail sent and received using these protocols, you can avoid potential problems by disabling LSP when you install or upgrade Encryption Desktop.

If Outlook uses Exchange (MAPI) for email then LSP is not required.

For full details about msiexec switches, please see article 171110 but to disable LSP on a 64-bit system run this:

msiexec /i PGPDesktop64_en-US.msi PGP_INSTALL_LSP=0

 

To reverse this change you will need to upgrade Encryption Desktop with this switch:

msiexec /i PGPDesktop64_en-US.msi PGP_INSTALL_LSP=1

 

If it is not practicable to upgrade, you can disable LSP by running the registry file PGPlspRollback.reg. This file is part of every installation of Encryption Desktop.

Either double-click on the file from Windows File Explorer or open a command prompt and run this command on a 64-bit system:

C:\Windows\SysWOW64\PGPlspRollback.reg

or this on a 32-bit system:

C:\Windows\system32\PGPlspRollback.reg


Note that you will need local administrator rights. Please reboot after making this change.  Also note that this workaround is not guaranteed to work as multiple variables may exist with the 3rd-party software that is failing. 

 

If running PGPlspRollback.reg  does not solve the issue, you can use a more aggressive approach by using the netsh (Network Shell) utility to modify the network configuration:

Important Note: This command is provided without warranty and may cause further issues with your system.  Test this thoroughly before deploying to production systems.

1. Open a command prompt with local administrator rights.

2. Run this command to to list descriptions and Catalog Entry IDs:
netsh winsock show catalog |findstr "Layered Description Catalog"

3. There should be an entry in the output for PGPlsp like this:
Entry Type:                         Layered Service Provider
Description:                        PGPlsp
Catalog Entry ID:                   1017

4. Run this command to remove the entry with the Catalog Entry ID for PGPlsp.dll:
netsh winsock remove provider 1017

 

Note that the Catalog Entry ID may not be the same on every machine so if you are applying this change in bulk, you can consider using the following PowerShell script which should remove the correct Catalog Entry ID but please be sure to test it in your environment before rolling it out:
$catalogentry=$( netsh winsock show catalog |Select-String -Pattern 'PGPlsp.dll' -Context 3, 1 |Out-String -Stream |Select-String -Pattern 'Layered Service Provider' -Context 0, 4 |Out-String -Stream |Select-String -Pattern 'Catalog Entry ID:' |Select -First 1 |% { $_.Line } |% { $_.Substring(40)} )
netsh winsock remove provider $catalogentry

The netsh command displays this when it removes the entry for PGPlsp.dll:
Succeeded in removing LSP

To reverse any of these changes you will need to upgrade PGP Encryption Desktop with the PGP_INSTALL_LSP=1 (this installs with the previously disabled component and is then enabled.  Or you can uninstall and do a new install)