Unable to enroll/authenticate PGP Desktop clients when using Microsoft Active Directory Domain's Logon Restrictions with a User


Article ID: 156468


Updated On:


Symantec Products


When restricting Microsoft Active Directory (AD) domain users to specific computers using the Logon Restriction setting per user account, PGP Desktop clients are unable to enroll/authenticate.

The PGP Desktop client will fail with, "Your credentials were not accepted. Please try again."

The PGP Universal Server will show, "CLIENT-XXXXX: ldap operation result 49, Invalid credentials"

The error is misleading, since it's not a bad password problem for the user account.


Since the LDAP query is being issued from PGP Universal Server and not the from the client's (permitted) computer, the AD LDAP server rejects the connection.


Switch to Email Enrollment or use a secondary LDAP server specifically for PGP client authentication.