You can verify that you are using an SSO user account for authentication by checking the registry where the MSI options supplied at installation. Information on this topic can be reviewed in the following article:

171110 - Disabling PGP Encryption Desktop functionality using msiexec switches

When validating the registry options make sure that the PGP_INSTALL_SSO option is set to 1 indicating that the driver is installed.

See the following example:

You will notice the user in the Drive Encryption user list under PGP Disk > Encrypt a disk or partition after selecting the boot drive.

The Single Sign-On (SSO) feature allows you to use your existing Windows passphrase for authentication to your Symantec Encrypted drive and automatically log you into Windows.

The Single Sign-On feature utilizes one of the methods Microsoft Windows provides for customizing the Windows login experience. Drive Encryption uses your configured authentication information to dynamically create specific registry entries when you attempt to log in.

Use the following steps to troubleshoot Single Sign-On:

Validate that the user is a SSO user using the pgpwde command line tool.

1. Open up a Windows Command Prompt.
2. Change to the correct Program Files directory for the operating system.
   
   For 32-bit Operating Systems:
   
   Type in cd C:\Program Files\PGP Corporation\PGP Desktop\
   
   For 64-bit Operating Systems:
   
   Type in cd C:\Program Files \PGP Corporation\PGP Desktop\
    
3. Verify the user by using the pgpwde --list-users command:
   

   pgpwde --list-users --disk 0

    
4. You should see something similar to this.
    

Solution 1: SyncSSO.exe

If you are using Windows 11 24H2, or if you are using a method of changing the password outside of CTRL+ALT+DEL, it is recommended to upgrade to PGP Encryption Desktop 11.0.1 HF1. 

Due to the new methodology with how Windows passwords are changed, the PGP Encryption Desktop client will now include a SyncSSO.exe application build in.

After changing the password, the SyncSSO.exe utility should be run.  This will prompt the current password, and then the user can enter the new password.

For more information on this SyncSSO.exe utility, see the following article:

396186 - Changing Your Windows Password with PGP Encryption Desktop Single Sign-On (PGP)

Solution 2: Major Windows Upgrades

If systems installed with Symantec Drive Encryption have recently performed a major upgrade of Windows, the password filter can sometimes get unregistered causing passphrase synchronization to fail. 
Although this is rare, to avoid this issue, a post upgrade script can be used so that after Windows has successfully been upgraded, the password filter can be re-registered. 
The following articles can help with Automatic Windows Upgrades:

179262 - How to automatically upgrade Windows 10/11 systems encrypted with Symantec Encryption Desktop 10 (PGP Desktop)

179265 - How to automatically upgrade Windows 10/11 systems encrypted with Symantec Endpoint Encryption 11.x (SEE)

If you are updating windows with the automatic Windows Update feature, usually these steps are not needed. 

We recommend testing this process and reach out to Symantec Encryption Support for further guidance. 

Solution 3: Confirm Network Provider List Order for PGP Password Filter

In some cases, other third party Network provider connections may interfere with the Single Sign-On feature. 

Try moving the PGP Network Provider connection above other third-party connections in the Network Provider Order. Use the steps below for your operating system.

1. Click Start > Network.
2. Select Network and Sharing Center.
3. From the Tasks panel, click Manage network connections.
4. Highlight your Local Area Connection.
5. Click Advanced > Advanced Settings. (If the Advanced menu is not displayed, press ALT and the Advanced menu bar appears. Windows Vista may prompt you for your permission to continue.)
6. Select the Provider Order tab.
7. Click the entry PGPpwflt.
8. Click the up arrow to move PGP above any other third-party connections.
9. Click OK to apply the settings.

An alternative method is to check the values contained in the ProviderOrder key in these registry locations:

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder
2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order

A typical value for ProviderOrder on a freshly installed machine is as follows. If there are additional entries made by third party applications, it may be worthwhile moving PGPwflt so it is listed before such third party entries:

RDPNP,LanmanWorkstation,webclient,PGPpwflt

TIP: Starting with Windows 10, you can now copy/paste a registry location in the address so you do not have to click your way down to the registry keys.

Network Connections

1. At the Run field (Windows + R), type: "control netconnections" without the quotes.
2. Once Network Connections appears, press the Alt key to display the drop-down menu.
3. Click the Advanced menu and then select Advanced Settings.
4. Click the Provider Order tab.
5. Under Network Providers, select the PGPpwflt entry, and click the Up arrow to move the PGP connection above any other third-party connections in the list.
6. Click OK to apply the changes.
    

Note: The Provider Order can also be updated on multiple computers by creating a script which updates a PGP Windows Registry value. To use a script to update the value, modify the PGP_SET_HWORDER value from 0 to 1. The PGP_SET_HWORDER value is located in HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP folder (32-bit systems) and KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP folder (64-bit systems).

Solution 4: Group Policy for Windows Logon Setting

The PGP WDE Single Sign-On feature can be affected by a Logon setting within a group policy for the computer. Check if enabling the Always wait for the network at computer startup and logon setting in the Logon folder of the Group Policy corrects any SSO issues.

Interactive logon: Do not require CTRL+ALT+DEL
Check if any security settings requiring the user to press CTRL+ALT+DEL before logging on to the system affect the Single Sign-On feature.

Solution 5: Intel PROSet/Wireless Software

In some cases, the Single Sign-On password may not synchronize properly due to an incompatibility with certain versions of the Intel PROSet/Wireless software. For Dell computers using version 11.5 of the Intel PROSet/Wireless software, this issue is solved by upgrading the software to version 12 or higher or by uninstalling the software.

Solution 6: USB disk or SD card

If a USB thumb drive or SD card is inserted, a conflict may occur if the USB or SD disk is detected as Disk 0 on the system. Confirm the Windows system disk is Disk 0 in Disk Management. If the USB or SD disk displays as Disk 0, remove the disk, reboot the computer, and then change the Windows password.

Solution 7: Check PGPWDE01 file permissions (only valid with versions 10.1.1 and older)

If the SSO feature fails after changing your Windows password, check the permissions for the PGPWDE01 file located in the root of the C: drive. The Authenticated Users group needs to have Modify permissions for the PGPWDE01 file. If necessary, modify the permissions for the file, logging off and logging back on to Windows will cause the PGP Tray to update the PGPWDE01 file. This may not be possible to view certain permission from the file properties window on more recent versions of the product. File compression on these files could also cause similar issues where we are unable to write back to the file due to known driver limitations.

To check the PGPWDE01 permissions

1. Open Windows Explorer by pressing Windows + E.
   
   Note: For Windows Vista & Windows 7, if the Advanced menu is not displayed in Windows Explorer, press ALT to display the Advanced menu. Windows Vista/Windows 7 may prompt you for your permission to continue.
    
2. Click Tools then select Folder Options.
3. Click the View tab.
4. Scroll down and remove the checkmark next to Hide protected operating system files (Recommended).
5. Click Yes when prompted with the warning then click OK to apply the change.
6. Browse to the C: drive and locate the PGPWDE01 file.
7. Right-click the PGPWDE01 file and select Properties.
8. Click the Security tab and add Authenticated Users with Modify permissions if needed.

Solution 8: Troubleshooting Microsoft Accounts

For more information on troubleshooting Single Sign-On when Microsoft Accounts are in use, see the following article:

159199 - Microsoft Online accounts do not sync password changes with Symantec Drive Encryption Single-Sign-On (SSO) passphrase