Restoring PGP Encryption Server Backups larger than 2GB (Symantec Encryption Management Server)
search cancel

Restoring PGP Encryption Server Backups larger than 2GB (Symantec Encryption Management Server)


Article ID: 153318


Updated On:


Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP SDK PGP Key Mgmt Client Access and CLI API PGP Key Management Server PGP Command Line PGP Encryption Suite Mobile Encryption for iOS


Due to a limitation of Apache, it is not possible to restore backups over 2 GB using the PGP Encryption Server (Symantec Encryption Management Server) administrative web interface. 

To restore backups larger than 2 GB requires accessing the server from the command-line interface.


Accessing the PGP Encryption Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc.) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to the server via the command line must be:

  • Authorized in writing by Symantec Support.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Encryption Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases.

If you would like to upload backups to the Web portal larger than 2GBs, reach out to Symantec Encryption Support (EPG-35317) Symantec Technical Support for further guidance or troubleshooting.


To restore a backup larger than 2 GB, please do the following:

  1. Copy the most current backup file of the PGP Encryption Server to a network drive or other location.
  2. Export the Organization Key of the server from the admin console by navigating to Keys / Organization Keys, clicking on Organization Key and then clicking on the Export button. From the Export Key page, choose Export Keypair and provide a passphrase. Note that it is vital that you export the Keypair and not the default of the Public Key.
  3. Install the PGP Encryption Server from the .iso image. A new Organization Key will be created automatically as part of the installation process.
  4. Import the original Organization Key by navigating to Keys / Organization Keys and clicking on the Import button. You will be warned that the existing Organization Key will be deleted. Click on Choose File and browse to the original Organization Key that you saved. Enter the passphrase of the saved Organization key and click the Import button. This will replace the Organization Key that was created automatically as part of the installation process with the original Organization Key.
  5. Import your SSH key to the server.
  6. Connect to the server with WinSCP and upload the backup file to the /var/lib/ovid/backups/ directory on the server. Note that by default, backups are encrypted to the Organization Key. Such backup files will have a .pgp filename extension.
  7. Access the server via SSH. For more information on accessing the server via SSH, see the following article:

    153592 - Access the PGP Encryption Server by using SSH (Symantec Encryption Management Server)

  8. Run this command where backupfile is the filename of the backup file:
    pgpbackup --restore backupfile --done
  9. When the restore operation has completed, the Login page should be displayed. Login and check, for example, that under Consumers / Groups the Everyone group contains the expected number of members. Navigate to Consumers / Users and check that the number of Internal Users and External Users is correct. Navigate to System / Network and check that the Assigned Certificate is correct for each Interface.
  10. Reboot the server.

Additional Information