This can occur when the WDE-ADMIN group of multiple domains is not a member of a Universal Group. The WDE-ADMIN group must be Universal Group to login to multiple domains in a forest. For more information on Active Directory Groups and their scope, click here
for a Microsoft TechNet article.
Creating an WDE-ADMIN group account allows you to:
- Log in remotely to perform PGP WDE maintenance tasks (using the pgpwde command line).
- Use SMS or other tools to perform PGP WDE maintenance.
- Use pgpwde to perform Active Directory authentication to ensure only authorized administrators can access users' systems. (Note that the system must be connected to the network and Active Directory must be running.)