Enrollment Fails with "The required Organization Key is not on your Keyring"

book

Article ID: 157163

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When enrolling a Symantec Encryption Desktop\PGP Desktop client or attempting to re-enroll, enrollment fails due to the following error:

 

"The required Organization Key is not on your Keyring"

Cause

This can be caused if your profile, user-directory, or account name contain a special character e.g. Ä,Ö,ü,ß,â, ê, î, ç, œ and then Symantec Encryption Desktop\PGP Desktop and Symantec Encryption Management Server\PGP Universal Server may either be unable to read the character or simply change the character when doing a lookup with Active Directory or other LDAP directory.  For example the German character 'ä' may be translated to 'ae' by the server and therefore cannot be found in the LDAP directory.

Generally it is advised not to use special characters for various reasons of interoperability.

 

Resolution

This issue is resolved by renaming the affected profile or user directory in C:\Users\<name> or on older Windows systems C:\Documents and Settings\<name> so they do not contain any special characters e.g. ç->c, ä->ae, ê->e.

Note: Make sure the affected profile's data is still reachable for that account after renaming.  Make sure to import or copy any email data, "My Documents", and update the paths of programs that refer to the affected user-directory.

Then re-enroll the Symantec Encryption Desktop\PGP Desktop client when finished.  When prompted for your PGP keyrings, check the path to the keyrings does not contain any special characters.