PGP Encryption Desktop Failed to import License Number, error -11933 during enrollment
search cancel

PGP Encryption Desktop Failed to import License Number, error -11933 during enrollment

book

Article ID: 153405

calendar_today

Updated On:

Products

PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

When attempting to enroll a PGP Encryption Desktop client with the PGP Encryption Server (Symantec Encryption Management Server) you receive the following error:

Unable to enroll with an error of invalid License number error code 11993

This issue can occur when using LDAP Directory Synchronization for enrollment and the user LDAP attributes do not match the LDAP attributes for a custom policy.

When the user's attributes do not meet the custom policy attributes, the user is placed in the Internal Users: Default policy group or Excluded Users if the option is set to Exclude non-matching users by default on the Internal Users: Default policy Directory Services tab.

The error then occurs if the Internal User:Default policy does not have a license for PGP Desktop.

Resolution

Here are some areas to investigate to troubleshoot the issue:

Check the license

  1. Log in to the PGP Encryption Server then click System tab. Verify that users have not exceeded the limit.
  2. Go to Consumers Policy and then select the policy that applies to the user. Click Client Licensing. Check if license is ok, users have not exceeded the limit.
  3. Download customized PGP client from the PGP Encryption Server's, matching userĀ“s policy. Install and try enrollment.

 

  1. Confirm other users enroll successfully and are placed in the correct internal user policy group. This will tell you if the LDAP settings for the policy are correct.
  2. Check see if other users in the LDAP group are enrolling correctly. This confirms if the policy group is set up correctly.
  3. If the LDAP settings appear correct, check the user settings on the PC to confirm the user displays the correct information from the LDAP server. To check the user's profile, open a command prompt and type gpresult then press Enter. This command displays user settings, domain policy, group membership, and computer settings.
  4. If the user's domain information is not current, type gpupdate to update the user's Group Policy information.
  5. Delete the PGP Corporation folder for the user and for All Users on the system in the following directory:

    C:\Users\user1\AppData\Roaming

    (Type %appdata% in your Windows file explorer address bar)
     
  6. Attempt to re-enroll the client by starting PGP Desktop. This causes the PGP Enrollment Assistant to start.
  7. If the client is still unable to enroll with the server, try deleting the user from the LDAP group on the directory server then re-add the user to the group. Reboot the system and use the directions in steps 5 and 6 to re-enroll the client.