If there is unusual behavior with PGP Encryption Desktop (Symantec Encryption Desktop) or the software is not working correctly, sometimes the easiest solution is to re-enroll the client to PGP Encryption Server (Symantec Encryption Management Server).
Issues that re-enrollment can address:
The enrollment is the process of registering the PGP client with (Symantec Encryption Management Server).
After a PGP client is registered with the PGP server, it receives policy updates from the server, updates logs to the server, and can lookup PGP keys on the server.
This article covers Windows clients. For Windows clients, see Re-enrolling Encryption Desktop for Windows clients.
Enrollment is the binding of a computer with PGP Encryption Desktop client software installed to a PGP Encryption Server. After a client is bound it receives feature policy information from the SEMS; for example, encryption keys, email policy, or PGP Drive Encryption (formerly known as Whole Disk Encryption) administration.
In some circumstances, you may need to re-enroll PGP Encryption Desktop clients if the client is experiencing connection problems with the SEMS, the client license does not update after renewing the client license on the server, or in rare circumstances the client preference files ( ~Library\Preferences\com.pgp.*) become corrupted.
Use the following steps to re-enroll a PGP Encryption Desktop for Mac client with the PGP Encryption Server.
For Encryption Desktop 10.0.x through 10.3.0, if enrollment does not begin: Check under /Applications/PGP.app/Contents/Resources/policy.txt ---- This should contain a string similar to this 'ovid=keys.example.com&mail=*&admin=1'. If there is any trouble resolving the hostname found in the string then enrollment will not function as expected. In Symantec Encryption Desktop 10.3.1 and above, the location is /Applications/Encryption Desktop.app/Contents/Resources/policy.txt.
Caution: When Symantec Encryption Desktop clients are enrolled, entries are placed in the Mac OS X Keychain Access Utility. These entries include "PGP LDAP", "PGP Universal Auth Cookie" and a user entry of Kind, "PGP Passphrase" (Usually the name of this entry is the email address of the user enrolling). These entries are used for enrollment and for the passphrase that can be used during encryption of a drive. These entries remain, even after an uninstall of the software.
If re-enrollment is being done, it is also recommended to clear out all these entries before re-enrolling the client so they will be re-created from scratch. Not clearing these out may have unexpected results.