Enrollment Fails with "The required Organization Key is not on your Keyring"


Article ID: 157163


Updated On:


Symantec Products


When enrolling a Symantec Encryption Desktop\PGP Desktop client or attempting to re-enroll, enrollment fails due to the following error:


"The required Organization Key is not on your Keyring"


This can be caused if your profile, user-directory, or account name contain a special character e.g. Ä,Ö,ü,ß,â, ê, î, ç, œ and then Symantec Encryption Desktop\PGP Desktop and Symantec Encryption Management Server\PGP Universal Server may either be unable to read the character or simply change the character when doing a lookup with Active Directory or other LDAP directory.  For example the German character 'ä' may be translated to 'ae' by the server and therefore cannot be found in the LDAP directory.

Generally it is advised not to use special characters for various reasons of interoperability.



This issue is resolved by renaming the affected profile or user directory in C:\Users\<name> or on older Windows systems C:\Documents and Settings\<name> so they do not contain any special characters e.g. ç->c, ä->ae, ê->e.

Note: Make sure the affected profile's data is still reachable for that account after renaming.  Make sure to import or copy any email data, "My Documents", and update the paths of programs that refer to the affected user-directory.

Then re-enroll the Symantec Encryption Desktop\PGP Desktop client when finished.  When prompted for your PGP keyrings, check the path to the keyrings does not contain any special characters.